Jump to content
Froxlor Forum
  • 0

SSL private key mismatch when renewing Letsecnrypt certificate


Question

Hi,

Yesterday I got an error when renewing two domains (they are subdomains, the parent domain is not managed or hosted by me)

[information] apache::createVirtualHosts: creating vhost container for domain 17, customer xxxxx
[error] Given SSL private key for xxxxx.xxxxx.com does not seem to match the certificate. Cannot create ssl-directives

[information] apache::createVirtualHosts: creating vhost container for domain 18, customer xxxxx
[error] Given SSL private key for xxxxx.xxxxx.com does not seem to match the certificate. Cannot create ssl-directives

It's just worth to mention that I don't manage those subdomains, the company who has the maindmoain.com just created those two subdomains and pointed the DNS to my server IP. Then I just created a the maindomain.com on my froxlor installation and then the subdomains which are the ones with a SSL certificate, those certificates were generated by Froxlor without any problem.

The maindomain.com points to another IP on another server and hosts a different website.

I tried to force the renewal with:

/usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug

and I get those errors from above and the renewal doesn't happen making the website unavailable.. well it points my server's domain (the main domain where froxlor is installed).

Any idea of what could I do?

Thanks,

 

EDIT:

I just manually ran:

/root/.acme.sh/acme.sh --renew -d subdomain1.maindomain.com
/root/.acme.sh/acme.sh --renew -d subdomain2.maindomain.com

and it worked perfectly.!.. it's really strange..

[Sat 18 Jul 2020 11:21:58 AM CEST] Renew: 'subdomain1.maindomain.com'
[Sat 18 Jul 2020 11:21:59 AM CEST] Creating domain key
[Sat 18 Jul 2020 11:21:59 AM CEST] The domain key is here: /root/.acme.sh/subdomain1.maindomain.com/subdomain1.maindomain.com.key
[Sat 18 Jul 2020 11:21:59 AM CEST] Single domain='subdomain1.maindomain.com'
[Sat 18 Jul 2020 11:21:59 AM CEST] Getting domain auth token for each domain
[Sat 18 Jul 2020 11:22:01 AM CEST] Getting webroot for domain='subdomain1.maindomain.com'
[Sat 18 Jul 2020 11:22:01 AM CEST] Verifying: subdomain1.maindomain.com
[Sat 18 Jul 2020 11:22:06 AM CEST] Success
[Sat 18 Jul 2020 11:22:06 AM CEST] Verify finished, start to sign.
[Sat 18 Jul 2020 11:22:06 AM CEST] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/70093857/4260200176
[Sat 18 Jul 2020 11:22:07 AM CEST] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/asfh923846frgt1cd480a3aefd0344e8409
[Sat 18 Jul 2020 11:22:08 AM CEST] Cert success.
-----BEGIN CERTIFICATE-----
MIIGbzCCBVegAwIBAgISA72VfHOSIHHNSAo679A0ToQJMA0GCSqGSIb3xxxxxxxxxxxxxxxx

I would like to find out whether it was my fault (although I didn't do anything it was the cronjob that failed yesterday I get emails when something goes wrong) or it is a bug..

 

Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0

Well renew itself is totally on acme.sh's side. Froxlor only synchronizes the files stored by acme.sh with its own database. That's why a forced cronjob will not really force a renew of the certificate itself. are you on the latest froxlor version 0.10.19?

Link to post
Share on other sites
  • 0

Hi,

I forgot to attached the log I when the cron job failed:

[Sat 18 Jul 2020 12:04:02 AM CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Sat 18 Jul 2020 12:04:02 AM CEST] Can not init api.
[Sat 18 Jul 2020 12:04:03 AM CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Sat 18 Jul 2020 12:04:03 AM CEST] Can not init api.
[Sat 18 Jul 2020 12:04:03 AM CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Sat 18 Jul 2020 12:04:45 AM CEST] Can not get domain new authz.
[Sat 18 Jul 2020 12:04:45 AM CEST] Please add '--debug' or '--log' to check more details.
[Sat 18 Jul 2020 12:04:45 AM CEST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sat 18 Jul 2020 12:04:45 AM CEST] Error renew subdomain.maindomain.com.

According to the documentation error code 6 is "Couldn't resolve host. The given remote host was not resolved.", so it might well be a one-time problem. I have other domains and another server with Froxlor with the latest 0.10.19 and I haven't had any problems, all domains have been renewed eventually with no issues.

I also saw this other post, I don't know if it could be related.

Thanks anyway!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...