Can't open "/tmp/tmp.bpkskeddmF/subdomain.web.com.csr"

T4B · March 30, 2025, 5:59am

i got this email anyone know the reason ?

Terminated
Can’t open “/tmp/tmp.bpkskeddmF/subdomain.web.com.csr” for reading, No such file or directory
804B89E8AB7F0000:error:80000002:system library:BIO_new_file:No such file or directory:…/crypto/bio/bss_file.c:67:calling fopen(/tmp/tmp.bpkskeddmF/subdomain.web.com.csr, r)
804B89E8AB7F0000:error:10000080:BIO routines:BIO_new_file:no such file:…/crypto/bio/bss_file.c:75:
Unable to load X509 request
Error: Let’s Encrypt finalize bad status 403 (subdomain.web.com)
Error: Let’s Encrypt SSL creation failed

avi · March 30, 2025, 4:03pm

It seems you tried to activate Let’s Encrypt (SSL) on the sample domain (assuming you don’t own web.com). Also, it directs to the temporary folder (/tmp), so anything in there may have been deleted automatically in the meantime.

Bits_And_Dragons · March 31, 2025, 9:15pm

it’s like @avi said.
Let’s encrypt only validate public domains pointed to the server.

If you want to see a private web* site, you can make a SSL Cert. with hestiacp.

Just go to the account
edit domain
Enable SSL for this domain
DON’T check Use Let’s Encrypt to obtain SSL certificate and Check and click in Generate Self-Signed SSL Certificate

In the new windows complete the fields and click in Generate

Copy the first content and paste in the previus page in the first textarea
Copy the second content and paste in the previus page in the second textarea

Save the domain and you have a SSL with that domain. It’s functional for work with that domain under SSL (HTTPS)

T4B · April 1, 2025, 1:13am

i got this error for my panel installed domain. i just changed the real domain name to web.com when i post the error…

Bits_And_Dragons · April 1, 2025, 1:15am

ok, check if you can access to your real domain in a public network (like 5G/4G in your smartphone).

T4B · April 1, 2025, 1:16am

domain works without any issue. and i can login to the panel. i checked the logs this error came when panel crontab runs (only once). should i ignore this error ?

Bits_And_Dragons · April 1, 2025, 1:32am

first, check if the file exist /tmp/tmp.bpkskeddmF/subdomain.web.com.csr

second, check if letsencrypt can access to CAA record with:
dig caa +short subdomain.web.com

the third step I will check, can be verify if I can access with this
curl http://subdomain.web.com/.well-known/acme-challenge/testfile

linkp · April 2, 2025, 2:49pm

No need to confuse people by posting a real domain that is not yours. It is why example.com is reserved for such use.