SSL Certificates can't be read by nginx

Houbsi · February 1, 2022, 7:04pm

Hi there,

regarding the SSL Problem.
Currently on just one of our servers we have a problem with the following error message:

PM2][WARN] Current process list is not synchronized with saved list. Type 'pm2 save' to synchronize. [PM2] Saving current process list... [PM2] Successfully saved in /opt/pm2/dump.pm2 * Testing nginx configuration ...fail! [Tue 01 Feb 2022 06:39:22 PM UTC] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory [Tue 01 Feb 2022 06:39:22 PM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory [Tue 01 Feb 2022 06:39:22 PM UTC] Creating domain key [Tue 01 Feb 2022 06:39:22 PM UTC] The domain key is here: /root/.acme.sh/api.ako.stage.cza.pippis.zone/api.ako.stage.cza.pippis.zone.key [Tue 01 Feb 2022 06:39:22 PM UTC] Single domain='api.ako.stage.cza.pippis.zone' [Tue 01 Feb 2022 06:39:23 PM UTC] Getting domain auth token for each domain [Tue 01 Feb 2022 06:39:24 PM UTC] Getting webroot for domain='api.ako.stage.cza.pippis.zone' [Tue 01 Feb 2022 06:39:24 PM UTC] Verifying: api.ako.stage.cza.pippis.zone [Tue 01 Feb 2022 06:39:25 PM UTC] Pending, The CA is processing your order, please just wait. (1/30) [Tue 01 Feb 2022 06:39:27 PM UTC] Pending, The CA is processing your order, please just wait. (2/30) [Tue 01 Feb 2022 06:39:30 PM UTC] api.ako.stage.cza.pippis.zone:Verify error:Invalid response from https://admin.admin-desk.stage.ces.pippis.zone/.well-known/acme-challenge/VF5V19V_uU-nYhFI5qe0ogBbb3lBvV7X33_Mwy2Ccr4 [162.55.61.15]: [Tue 01 Feb 2022 06:39:30 PM UTC] Please add '--debug' or '--log' to check more details. [Tue 01 Feb 2022 06:39:30 PM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

The error moves when i remove SSL from a website.
The old Websites work fine, but the new one can not get a SSL Certificate

Houbsi · February 1, 2022, 7:11pm

Update:

The new site gives only “error”
One Site gives for the new SSL Certificate “queued”
While the third site give a success Message and the SSL works without any issues.

Weird…

amiedema · February 2, 2022, 4:42pm

There may be some timing or limit issues with LetsEncrypt. Hard to say, I’d expect to see limit issues in the error returned from LetsEncrypt if that was the cause.

If sites error on create and SSL was enabled, I’d recommend adding the site with SSL disabled and then see if that creates the site successfully. SSL can always be added after the site is created from the sites > SSL section.

Houbsi · February 2, 2022, 6:06pm

Hi there,
without SSL it works fine.
I will try to enable it now. But I already removed it and tried to read it after.

Houbsi · February 2, 2022, 11:07pm

I just wanted to reissue 2 Certificates i revoked.
the first one reissued without issues.
The 2nd one is queued. I have never seen an SSL Certificate changed status from “queued”

fyi: there on the same server. - maybe a note if you queue them after another request from the same IP? because there are no logs or informations available atm. And it’s on our “complicated” server (Talks in DM’s)