Author Topic: AutoSSL not renewing  (Read 6537 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
AutoSSL not renewing
« on: November 13, 2019, 12:57:45 PM »
Hi, we've been using CWP with the build in Let's Encrypt certificates for some time now and it renewed the certificates automatically.
But it stoped renewing, I saw today that we had 2 expired certs!

So I got to CWP6pro.admin panel > WebServer Settings > SSL Certificates > and Renew Now for one of the expired domains and got the message:
Successfully...! Renewal carried out successfully.
I visited the site and realized that the certificate was not renewed!

I decided to delete the certificate and create again, but now gives error, displays the message:
An error occurred, the certificate can not be installed

What's going on?
Can anyone point me in a direction?
Which log can I check for errors?


Offline
*
Re: AutoSSL not renewing
« Reply #1 on: December 13, 2019, 11:04:40 AM »
the log can be viewed at /root/.acme.sh/acme.sh.log
If you see: Verify error: Invalid response from http://you.domain/.well-known/acme-challenge/....
Also useful would be a file /root/.acme.sh/http.header
Possible reasons:
1. There is no symbolic link in the root directory of your site. The symbolic link (.well-known) should point to /usr/local/apache/autossl_tmp/.well-known
2. If you do not use IPv6, make sure there are no AAAA entries for your DNS zone.

Offline
*
Re: AutoSSL not renewing
« Reply #2 on: February 20, 2020, 11:15:12 AM »
Thank you for the information!
But I still have problems... Needed to renew manualy again...

Got this erro:
Code: [Select]
AutoSSL Issue Failed![Wed Feb 19 08:26:50 -03 2020] Creating domain key
[Wed Feb 19 08:26:50 -03 2020] The domain key is here: /root/.acme.sh/cwp_certs/mydomain.com/mydomain.com.key
[Wed Feb 19 08:26:50 -03 2020] Single domain='mydomain.com'
[Wed Feb 19 08:26:50 -03 2020] Getting domain auth token for each domain
[Wed Feb 19 08:26:50 -03 2020] Getting webroot for domain='mydomain.com'
[Wed Feb 19 08:26:50 -03 2020] Getting new-authz for domain='mydomain.com'
[Wed Feb 19 08:26:52 -03 2020] The new-authz request is ok.
[Wed Feb 19 08:26:52 -03 2020] new-authz error: {"type":"urn:acme:error:badNonce","detail":"JWS has no anti-replay nonce","status": 400}
[Wed Feb 19 08:26:52 -03 2020] Please check log file for more details: /root/.acme.sh/acme.sh.log
« Last Edit: February 20, 2020, 11:26:44 AM by joaolm »