/ Register

Welcome to Centmin Mod Community
Become a Member

Error code 525

Discussion in 'Install & Upgrades or Pre-Install Questions' started by MRY, Mar 4, 2025.

Previous Thread Next Thread
Loading...
  1. Mar 4, 2025 #1
    MRY

    MRY New Member

    7
    1
    3
    Sep 23, 2020
    Ratings:
    +2
    Local Time:
    6:56 AM
    AlmaLinux Version: AlmaLinux 9.5
    Centmin Mod Version Installed: 140.00beta01
    Nginx Version Installed: 1.27.4
    PHP Version Installed: 8.3.17
    MariaDB MySQL Version Installed: 10.6.21
    When was last time updated Centmin Mod code base ? : Today
    Persistent Config:
    Code (Text):
    cat /etc/centminmod/custom_config.inc

DEVTOOLSETTHIRTEEN='y'
OPENSSL_SYSTEM_USE='n'
AWS_LC_SWITCH='y'
PHP_PGO='y'
NGINX_DEVTOOLSETGCC='y'
NGXDYNAMIC_BROTLI='y'
NGINX_LIBBROTLI='y'
CLOUDFLARE_ZLIBPHP='y'
CLOUDFLARE_ZLIB='y'
NGINX_DYNAMICTLS='y'
PHPIONCUBE='y'
MARIADB_INSTALLTENSIX='y'
MEMCACHED_TLS='y'
STRIPPHP='y'
PHP_BROTLI='y'
PHP_LZFOUR='y'
PHP_LZF='y'
PHP_ZSTD='y'
PHP_ARGON='y'
LETSENCRYPT_DETECT='y'
SSL_PROTOCOL_MODERN='y'
CLOUDFLARE_ZLIB_DYNAMIC='y'
AUTOTUNE_CLIENTMAXBODY='y'
AUTOHARDTUNE_NGINXBACKLOG='y'
NGINXCPU_AUTOTUNE_NEW='y'
NGINX_NJS='y'
NGXDYNAMIC_NJS='y'
NGINX_HPACK='y'
SET_DEFAULT_MYSQLCHARSET='utf8mb4'
SELFSIGNEDSSL_ECDSA='y'
PHPFINFO='y'
MARCH_TARGETNATIVE='n'
ZSTD_LOGROTATE_NGINX='y'
ZSTD_LOGROTATE_PHPFPM='y'
PHP_TUNING='y'
PHP_HUGEPAGES='y'
PHP_SNAPPY='y'
PHP_JIT='y'
PHP_JIT_BUFFER='1024'
SWITCH_PHPFPM_SYSTEMD='y'
AUTODETECPHP_OVERRIDE='y'
CLANG='n'
DEVTOOLSET_PHP='y'
CRYPTO_DEVTOOLSETGCC='y'
DUALCERTS='y'
MEMCACHED_JEMALLOCUSE='y'
NGINX_JEMALLOC='y'
NGINX_MALLOC='jemalloc'
NGINX_VHOSTSTATS='n'
PYTHON_INSTALL_ALTERNATIVES='y'
NGINX_PCRE_TWO='y'SET_DEFAULT_MYSQLCHARSET='utf8mb4'
SELFSIGNEDSSL_ECDSA='y'
PHPFINFO='y'
PHP_OVERWRITECONF='n'
PYTHON_INSTALL_ALTERNATIVES='y'

    CloudFlare: SSL handshake failed Error code 525 & Server Error code 525

    Full or Flexible did not change the error.

    All sites on my new server give the same error. When I refresh the page, it continues to work fine, after 3-5 minutes I get the same error, then it continues to work fine again. I can't find the source of the problem, I think it might be CSf... I would appreciate your help. thanks.

    CPU: 2xIntel XEON E5-2699v4
    RAM: 768 GB DDR4 ECC
    Disk: 2x2TB NVMe

    nginx -V
    Code (Text):
    nginx version: nginx/1.27.4 (010325-051100-almalinux9-4106d5d-br-a71f931)
built by gcc 13.3.1 20240611 (Red Hat 13.3.1-2) (GCC)
built with OpenSSL 1.1.1 (compatible; AWS-LC 1.45.0) (running with AWS-LC 1.45.0)
TLS SNI support enabled
configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/zlib-cf/lib -L/opt/aws-lc-install/lib64 -lcrypto -lssl -L/usr/local/nginx-dep/lib -lrt -ljemalloc -Wl,-z,relro,-z,now -Wl,-rpath,/usr/local/zlib-cf/lib:/opt/aws-lc-install/lib64:/usr/local/nginx-dep/lib -pie -B/opt/rh/gcc-toolset-13/root/usr/libexec/gcc/x86_64-redhat-linux/13/ld.gold -ffat-lto-objects -Wl,-Bsymbolic-functions -Wl,--as-needed' --with-cc-opt='-I/opt/aws-lc-install/include -I/usr/local/zlib-cf/include -I/usr/local/nginx-dep/include -m64 -march=x86-64-v3 -mavx -mavx2 -mpclmul -msse4 -msse4.1 -msse4.2 -fPIC -g -O3 -Wno-strict-aliasing -fstack-protector-strong -B/opt/rh/gcc-toolset-13/root/usr/libexec/gcc/x86_64-redhat-linux/13/ld.gold -ffat-lto-objects --param=ssp-buffer-size=4 -Wformat -Wno-pointer-sign -Wimplicit-fallthrough=0 -Wno-implicit-function-declaration -Wno-cast-align -Wno-builtin-declaration-mismatch -Wno-deprecated-declarations -Wno-int-conversion -Wno-unused-result -Wno-vla-parameter -Wno-maybe-uninitialized -Wno-return-local-addr -Wno-array-parameter -Wno-alloc-size-larger-than -Wno-address -Wno-array-bounds -Wno-discarded-qualifiers -Wno-stringop-overread -Wno-stringop-truncation -Wno-missing-field-initializers -Wno-unused-variable -Wno-format -Wno-error=unused-result -Wno-missing-profile -Wno-stringop-overflow -Wno-free-nonheap-object -Wno-discarded-qualifiers -Wno-bad-function-cast -Wno-dangling-pointer -Wno-array-parameter -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wp,-D_FORTIFY_SOURCE=2' --prefix=/usr/local/nginx --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=010325-051100-almalinux9-4106d5d-br-a71f931 --with-compat --without-pcre2 --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --add-dynamic-module=../njs/nginx --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.5.2 --add-module=../ngx_cache_purge-2.5.3 --add-dynamic-module=../ngx_devel_kit-0.3.2 --add-dynamic-module=../set-misc-nginx-module-0.33 --add-dynamic-module=../echo-nginx-module-0.63 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.4.0-cmm --add-module=../memc-nginx-module-0.20 --add-module=../srcache-nginx-module-0.33 --add-dynamic-module=../headers-more-nginx-module-0.37 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.3 --with-zlib-opt=-fPIC --with-http_ssl_module --with-http_v2_module --with-http_v3_module

    ls -lArt /root/centminlogs
    Code (Text):
    -rw-r--r-- 1 root root       19 Mar  1 05:05 getcmtime_installtime_010325-045840.log
-rw-r--r-- 1 root root      948 Mar  1 05:05 iconv_fix_20250301-050524.log
-rw-r--r-- 1 root root    12351 Mar  1 05:06 centminmod_140.00beta01.b206_010325-050518_yuminstall_centos9.log
-rw-r--r-- 1 root root    34812 Mar  1 05:06 centminmod_yumtimes_010325-050518.log
-rw-r--r-- 1 root root       37 Mar  1 05:06 centminmod_profiletimes_010325-050518.log
-rw-r--r-- 1 root root     2542 Mar  1 05:07 cmm-login-git-checks_010325-050710.log
-rw-r--r-- 1 root root    69255 Mar  1 05:07 centminmod_downloadtimes_010325-050518.log
-rw-r--r-- 1 root root      325 Mar  1 05:07 securedtmp.log
-rw-r--r-- 1 root root     3833 Mar  1 05:07 nginx_pcre_download_010325-050518.log
-rw-r--r-- 1 root root     2689 Mar  1 05:07 gcc_crypto_native.log
-rw-r--r-- 1 root root       47 Mar  1 05:09 centminmod_aws_lc_installtime_010325-050518.log
-rw-r--r-- 1 root root    54134 Mar  1 05:09 nginx-install-zlib_010325-050518.log
-rw-r--r-- 1 root root     1173 Mar  1 05:09 patch_patchnginx_010325-050518.log
-rw-r--r-- 1 root root    29800 Mar  1 05:10 centminmod_140.00beta01.b206_010325-050518_pcre-nginx_install.log
-rw-r--r-- 1 root root     6289 Mar  1 05:10 centminmod_140.00beta01.b206_010325-050518_nginx_brotli.log
-rw-r--r-- 1 root root      151 Mar  1 05:10 centminmod_140.00beta01.b206_010325-050518_nginx_zstd.log
-rw-r--r-- 1 root root     2123 Mar  1 05:11 gcc_native.log
-rw-r--r-- 1 root root     2122 Mar  1 05:11 gcc_x86-64.log
-rw-r--r-- 1 root root      275 Mar  1 05:11 gcc_diff_native-vs-x86-64.log
-rw-r--r-- 1 root root     2121 Mar  1 05:11 gcc_x86-64-non-native.log
-rw-r--r-- 1 root root    10277 Mar  1 05:11 nginx-configure-010325-050518.log
-rw-r--r-- 1 root root   999154 Mar  1 05:12 centminmod_ngxinstalltime_010325-050518.log
-rw-r--r-- 1 root root       56 Mar  1 05:12 setmycnf_140.00beta01.b206_010325-050518.log
-rw-r--r-- 1 root root     7983 Mar  1 05:13 setio_innodbstatus-before-010325-051344.log
-rw-r--r-- 1 root root      786 Mar  1 05:13 centminmod_setio_010325-051344.log
-rw-r--r-- 1 root root     7958 Mar  1 05:13 setio_innodbstatus-after-010325-051344.log
-rw-r--r-- 1 root root      785 Mar  1 05:13 mariadb10.4-or-above-check-users-before.log
-rw-r--r-- 1 root root        0 Mar  1 05:13 mariadb10.4-or-above-check-users-after.log
-rw-r--r-- 1 root root      390 Mar  1 05:13 set-dot-my.cnf.log
-rw-r--r-- 1 root root       75 Mar  1 05:13 patch_php_010325-050518.log
-rw-r--r-- 1 root root     2816 Mar  1 05:14 etc-centminmod-custom-config-settings_010325-050518.log
-rw-r--r-- 1 root root     1883 Mar  1 05:14 gcc_php_native.log
-rw-r--r-- 1 root root     1882 Mar  1 05:14 gcc_php_x86-64.log
-rw-r--r-- 1 root root      275 Mar  1 05:14 gcc_php_diff_native-vs-x86-64.log
-rw-r--r-- 1 root root     1881 Mar  1 05:14 gcc_php_x86-64-non-native.log
-rw-r--r-- 1 root root    85398 Mar  1 05:22 php-compile-config-010325-050518.log.gz
-rw-r--r-- 1 root root       58 Mar  1 05:22 centminmod_phpinstalltime_010325-050518.log
-rw-r--r-- 1 root root      482 Mar  1 05:22 zendopcache_passfile.txt
-rw-r--r-- 1 root root     2712 Mar  1 05:27 redis-server-install_010325-050518.log
-rw-r--r-- 1 root root     1883 Mar  1 05:28 gcc_general_native.log
-rw-r--r-- 1 root root     1882 Mar  1 05:28 gcc_general_x86-64.log
-rw-r--r-- 1 root root      275 Mar  1 05:28 gcc_general_diff_native-vs-x86-64.log
-rw-r--r-- 1 root root     1881 Mar  1 05:28 gcc_general_x86-64-non-native.log
-rw-r--r-- 1 root root        1 Mar  1 05:29 centminmod_140.00beta01.b206_010325-050518_yum-log.log
-rw-r--r-- 1 root root 19197565 Mar  1 05:29 centminmod_140.00beta01.b206_010325-050518_install.log
-rw-r--r-- 1 root root 19313499 Mar  1 05:29 installer_cmm_010325-045840.log
-rw-r--r-- 1 root root       56 Mar  1 05:29 firstyum_installtime_010325-045840.log
-rw-r--r-- 1 root root     1190 Mar  1 05:29 install_time_stats_010325-045840.log
-rw-r--r-- 1 root root 19625380 Mar  1 05:29 installer_010325-045840.log
-rw-r--r-- 1 root root 15736338 Mar  1 05:29 installer_010325-045840_minimal.log
-rw-r--r-- 1 root root     3790 Mar  1 05:29 sar-u-installstats.log
-rw-r--r-- 1 root root     3430 Mar  1 05:29 sar-q-installstats.log
-rw-r--r-- 1 root root     5680 Mar  1 05:29 sar-r-installstats.log
-rw-r--r-- 1 root root    13552 Mar  1 05:29 sar-d-installstats.log
-rw-r--r-- 1 root root     3880 Mar  1 05:29 sar-b-installstats.log
-rw-r--r-- 1 root root      564 Mar  1 05:29 installer_summary_links.log
-rw-r--r-- 1 root root        7 Mar  1 05:52 cmm-login-nginxver-check-debug_010325-055219.log
-rw-r--r-- 1 root root     2594 Mar  1 05:52 cmm-login-git-checks_010325-055219.log
-rw-r--r-- 1 root root        7 Mar  1 05:57 cmm-login-nginxver-check-debug_010325-055736.log
-rw-r--r-- 1 root root     2594 Mar  1 05:57 cmm-login-git-checks_010325-055736.log
-rw-r--r-- 1 root root     7691 Mar  1 06:33 centminmod_initial_csf_blocks_010325-063301.log
-rw-r--r-- 1 root root      201 Mar  1 08:33 centminmod_initial_csf_blocks_010325-083302.log
-rw-r--r-- 1 root root      201 Mar  1 10:33 centminmod_initial_csf_blocks_010325-103301.log
-rw-r--r-- 1 root root      201 Mar  1 12:33 centminmod_initial_csf_blocks_010325-123301.log
-rw-r--r-- 1 root root      201 Mar  1 14:33 centminmod_initial_csf_blocks_010325-143301.log
-rw-r--r-- 1 root root      201 Mar  1 16:33 centminmod_initial_csf_blocks_010325-163302.log
-rw-r--r-- 1 root root      201 Mar  1 18:33 centminmod_initial_csf_blocks_010325-183301.log
-rw-r--r-- 1 root root      201 Mar  1 20:33 centminmod_initial_csf_blocks_010325-203302.log
-rw-r--r-- 1 root root      201 Mar  1 22:33 centminmod_initial_csf_blocks_010325-223302.log
-rw-r--r-- 1 root root      201 Mar  2 00:33 centminmod_initial_csf_blocks_020325-003302.log
-rw-r--r-- 1 root root      201 Mar  2 02:33 centminmod_initial_csf_blocks_020325-023302.log
-rw-r--r-- 1 root root      201 Mar  2 04:33 centminmod_initial_csf_blocks_020325-043301.log
-rw-r--r-- 1 root root      201 Mar  2 06:33 centminmod_initial_csf_blocks_020325-063302.log
-rw-r--r-- 1 root root      201 Mar  2 08:33 centminmod_initial_csf_blocks_020325-083301.log
-rw-r--r-- 1 root root      201 Mar  2 10:33 centminmod_initial_csf_blocks_020325-103302.log
-rw-r--r-- 1 root root      201 Mar  2 12:33 centminmod_initial_csf_blocks_020325-123301.log
-rw-r--r-- 1 root root      201 Mar  2 14:33 centminmod_initial_csf_blocks_020325-143302.log
-rw-r--r-- 1 root root      201 Mar  2 16:33 centminmod_initial_csf_blocks_020325-163301.log
-rw-r--r-- 1 root root      201 Mar  2 18:33 centminmod_initial_csf_blocks_020325-183302.log
-rw-r--r-- 1 root root      201 Mar  2 20:33 centminmod_initial_csf_blocks_020325-203301.log
-rw-r--r-- 1 root root      201 Mar  2 22:33 centminmod_initial_csf_blocks_020325-223302.log
-rw-r--r-- 1 root root      201 Mar  3 00:33 centminmod_initial_csf_blocks_030325-003302.log
-rw-r--r-- 1 root root      201 Mar  3 02:33 centminmod_initial_csf_blocks_030325-023302.log
-rw-r--r-- 1 root root      201 Mar  3 04:33 centminmod_initial_csf_blocks_030325-043301.log
-rw-r--r-- 1 root root      201 Mar  3 06:33 centminmod_initial_csf_blocks_030325-063301.log
-rw-r--r-- 1 root root      201 Mar  3 08:33 centminmod_initial_csf_blocks_030325-083301.log
-rw-r--r-- 1 root root      201 Mar  3 10:33 centminmod_initial_csf_blocks_030325-103302.log
-rw-r--r-- 1 root root      201 Mar  3 12:33 centminmod_initial_csf_blocks_030325-123301.log
-rw-r--r-- 1 root root      201 Mar  3 14:33 centminmod_initial_csf_blocks_030325-143301.log
-rw-r--r-- 1 root root      201 Mar  3 16:33 centminmod_initial_csf_blocks_030325-163302.log
-rw-r--r-- 1 root root      201 Mar  3 18:33 centminmod_initial_csf_blocks_030325-183301.log
-rw-r--r-- 1 root root        7 Mar  3 20:17 cmm-login-nginxver-check-debug_030325-201720.log
-rw-r--r-- 1 root root     2595 Mar  3 20:17 cmm-login-git-checks_030325-201720.log
-rw-r--r-- 1 root root       62 Mar  3 20:19 fix-csf-ftp-ports-030325-201930.log
-rw-r--r-- 1 root root     2816 Mar  3 20:19 etc-centminmod-custom-config-settings_030325-201909.log
-rw-r--r-- 1 root root     9707 Mar  3 20:20 centminmod_140.00beta01.b206_030325-202034_nginx_addvhost.log
-rw-r--r-- 1 root root     1310 Mar  3 20:20 centminmod_140.00beta01.b206_030325-201909_nginx_addvhost-remove-cmds-bahsegeltr.com.log
-rw-r--r-- 1 root root    10024 Mar  3 20:21 centminmod_140.00beta01.b206_030325-202103_nginx_addvhost.log
-rw-r--r-- 1 root root     1323 Mar  3 20:21 centminmod_140.00beta01.b206_030325-201909_nginx_addvhost-remove-cmds-bet.dinamoo.com.log
-rw-r--r-- 1 root root     1446 Mar  3 20:21 centminmod_140.00beta01.b206_030325-201909_nginx_addvhost.log
-rw-r--r-- 1 root root     2593 Mar  3 20:21 cmm-login-git-checks_030325-202152.log
-rw-r--r-- 1 root root       62 Mar  3 20:22 fix-csf-ftp-ports-030325-202228.log
-rw-r--r-- 1 root root     2816 Mar  3 20:22 etc-centminmod-custom-config-settings_030325-202214.log
-rw-r--r-- 1 root root    10753 Mar  3 20:23 centminmod_140.00beta01.b206_030325-202632_nginx_addvhost.log
-rw-r--r-- 1 root root     1408 Mar  3 20:23 centminmod_140.00beta01.b206_030325-202214_nginx_addvhost-remove-cmds-cdn11amp.dinamoo.com.log
-rw-r--r-- 1 root root     1460 Mar  3 20:27 centminmod_140.00beta01.b206_030325-202214_nginx_addvhost-remove-cmds-cdn11amp.bahsegeltr.com.log
-rw-r--r-- 1 root root    11360 Mar  3 20:27 centminmod_140.00beta01.b206_030325-202214_nginx_addvhost.log
-rw-r--r-- 1 root root      293 Mar  3 20:31 centminmod_140.00beta01.b206_030325-203108_git_updatecur_branch.log
-rw-r--r-- 1 root root      201 Mar  3 20:33 centminmod_initial_csf_blocks_030325-203301.log
     
  2. Mar 12, 2025 #2
    eva2000

    eva2000 Administrator Staff Member

    54,945
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,812
    Local Time:
    1:56 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Still having issues or resolved?

    What Cloudflare Plan are you on? Free, Pro, Business ?

    Using Full non-strict or Full Strict?

    How did you create Nginx vhost domains on server? via centmin.sh menu option 2, 22 or nv command line Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS, AlmaLinux, Rocky Linux ?

    How did you configure/select Letsencrypt SSL certs, I see you didn't use recommended Cloudflare DNS API for domain validation as outlined at Letsencrypt Free SSL Certificates Integration For Centmin Mod LEMP Stack

    I'd double check if you're Nginx HTTPS sites have proper Letsencrypt SSL certificates issued and installed.

    First try running your intended SSL certificate domain through the letsdebug.net online testing tool to check for potential errors with HTTP-01 validation. If you created Centmin Mod 123.09beta01 or higher Nginx site with Letsencrypt via centmin.sh menu option 2, 22 or nv command line, you now also have an automatic letsdebug.net API check log saved at /root/centminlogs/letsdebug-yourdomain.com-${DT}.log where yourdomain.com is domain specified during nginx vhost creation and DT is date/timestamp. Inspecting the /root/centminlogs/letsdebug-yourdomain.com-${DT}.log log will also give you clues as to why letsencrypt SSL certificate issuance failed.

    How was the initial letsencrypt ssl certificate obtained ? Which method ?
    • Was the domain nginx vhost alreadying created prior or new domain nginx vhost site setup for first time ?
    • Via centmin.sh menu option 2, 22, /usr/bin/nv ?
    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
      Code (Text):
      -------------------------------------------------------------
Setup full Nginx vhost + Wordpress + WP Plugins
-------------------------------------------------------------

Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com

Create a self-signed SSL certificate Nginx vhost? [y/n]: n
Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y

You have 4 options:
1. issue staging test cert with HTTP + HTTPS
2. issue staging test cert with HTTPS default
3. issue live cert with HTTP + HTTPS
4. issue live cert with HTTPS default
Enter option number 1-4: 1
    • Via addons/acmetool.sh ? which specific command ? examples
      Code (Text):
      ./acmetool.sh issue acme.domain.com
      Code (Text):
      ./acmetool.sh issue acme.domain.com live
      Code (Text):
      ./acmetool.sh issue acme.domain.com d
      Code (Text):
      ./acmetool.sh issue acme.domain.com lived
    • What was order of steps you did ? Did you run centmin.sh menu option 2 first with letsencrypt ? Then did you run addons/acmetool.sh afterwards ?

    Centmin Mod Self-Signed SSL Fallback



    If you're seeing a Centmin Mod's self-signed ssl certificate instead of letsencrypt ssl certificate, then that's acmetool.sh and centminmod's fallback if letsencrypt verification fails to obtain letsencrypt ssl cert, it falls back to centmin mod self-signed ssl certificate on https port 443 side so to preserve the https nginx vhost

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • You can also do a quick grep filter on all previous and current acmetool.sh runs of the underlying acme.sh client for errors listed in errordetails field of each log using the command below:
      Code (Text):
      find /root/centminlogs/ -type f -name 'acme*.log' -printf '%TY-%Tm-%Td %TH:%TM:%TS %p\n' | sort | awk '{print $3}' | xargs -d '\n' grep -i 'errordetail'
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    If acme.sh auto renewals didn't happen, check output for the following commands
    Code (Text):
    grep acme /var/log/cron* | sed -e "s|$(hostname -s)|host|g"

    Code (Text):
    echo y | /usr/local/src/centminmod/addons/acmetool.sh checkdates

    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"

    Code (Text):
    echo | openssl s_client -connect yourdomain.com:443

    Without the answers to above questions and logs, there is nothing to help troubleshoot.

    SSLLabs Test



    Also run your HTTPS domain site through SSLLabs tester at SSL Server Test (Powered by Qualys SSL Labs) if it says untrusted SSL cert and prompts to continue the test, continue the test.

    Cloudflare



    If you use Cloudflare, instead of the default Letsencrypt web root validation, you can use Cloudflare's DNS API for Letsencrypt DNS validation for your domain. See the outline at bottom of page at Letsencrypt Free SSL Certificates
     
Previous Thread Next Thread
Loading...

.