Everynight since January 4th, I get this error email:
[email protected] [email protected]
I have already checked:
I have run the command /usr/local/hestia/bin/v-update-letsencrypt-ssl
It tries to get let’s encrypt certificates for 137 domains.
Some of them fail but I don’t know which of them
the exit status if the command is 0
Questions:
Where does the script store the log?
How can I get to know which domain is failing otherwise?
I am concerned about the certificate for the machine’s name itself. How can I make sure it is not failing to renew?
Feature request:
Configure error to show which domains / subdomains are failing and why.
eris
January 7, 2021, 6:00pm
#2
/var/log/hestia/
And there is an file created
Thank you very much @eris for your time.
/usr/local/hestia/bin/v-add-letsencrypt-domain admin c02.mydomain.com
Fails: Exit code 15
AND[email protected] :/usr/local/hestia/bin# ./v-list-dns-domains admin
I get an empty response . No domains under admin ???
Disabling completely SSL Support for the website in subdomain: c02.mydomain.com and enabling it back again renewed the certificate.
To test if it is solved I manually executed the commandc02.mydomain.com
eris
January 8, 2021, 12:29pm
#5
Disableing SSL and renewing is no real option. For one domain it is maybe fine but 100 takes way to long…
In case it helps you debug the problem.
The problem is on a MAIL + DNS server and only the name of the machine fails for now .
I kept the output of bash -x /usr/local/hestia/bin/v-add-letsencrypt-domain admin c02.mydomain.com
+ echo -e '\n==[Step 5]==\n- status: 400\n- nonce: 0104hu_OuKU0fL9d-JgyVh4pUPZWrSVr5wYto0aAC02XQ3Y\n- validation: \n- details: Unable to update challenge :: authorization must be pending\n- answer: HTTP/2 400
server: nginx
date: Fri, 08 Jan 2021 10:50:31 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 101121629
cache-control: public, max-age=0, no-cache
link: [<https://acme-v02.api.letsencrypt.org/directory>](https://acme-v02.api.letsencrypt.org/directory);rel="index"
replay-nonce: 0104hu_OuKU0fL9d-JgyVh4pUPZWrSVr5wYto0aAC02XQ3Y
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Unable to update challenge :: authorization must be pending",
"status": 400
}\n'
+ [[ 400 -ne 200 ]]
+ '[' '!' -z bind9 ']'
++ **/** **usr/local/hestia/bin/v-list-dns-domains admin**
++ grep **c02.mydomain.com**
++ cut '-d ' -f1
+ **dns_domain=**
++ **/usr/local/hestia/bin/v-list-dns-records admin c02.mydomain.com**
++ grep -i letsencrypt
++ cut '-d ' -f1
+ caa_record=
+ '[' '' = c02.mydomain.com ']'
+ debug_log 'Abort Step 5' '=> Wrong status'
+ echo -e '\n==[Abort Step 5]==\n=> Wrong status\n'
+ check_result 15 'Let'\''s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending'
+ '[' 15 -ne 0 ']'
+ echo 'Error: Let'\''s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending'
Error: Let's Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending
+ '[' '!' -z '' ']'
+ log_event 15 ' '\''admin'\'' '\''c02.mydomain.com'\'''
+ '[' -z '' ']'
++ date '+%F %T'
++ basename /usr/local/hestia/bin/v-add-letsencrypt-domain
+ LOG_TIME='2021-01-08 11:50:32 v-add-letsencrypt-domain'
+ '[' 15 -eq 0 ']'
+ echo '2021-01-08 11:50:32 v-add-letsencrypt-domain '\''admin'\'' '\''c02.mydomain.com'\'' [Error 15]'
+ exit 15
I think it can’t work because it is looking for DNS zones for the admin user.
The admin user doesn’t have any DNS zones. Only the ownership of the website of the subdomain with the name of the machine: c02.mydomain.com
ivanpos
January 11, 2021, 4:08pm
#8
My errors have been to do with the panel> domain> force ssl setting and when I uncheck this the domains then renew SSL cert/.s
The script mentioned here is very useful for finding affected error domains.
Ok, so I’ve been troubleshooting this one for a while. I set up a server around three months ago, so this is the first time the SSL certs were renewing. I’ve been getting emails like this from one server
Subject: Cron [email protected]
