Welcome to Centmin Mod Community
Become a Member

Le_OrderFinalize not found

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Jon Snow, Jul 20, 2021.

  1. Jon Snow

    Jon Snow Active Member

    618
    114
    43
    Jun 30, 2017
    Ratings:
    +173
    Local Time:
    2:05 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    Is anyone else getting this error when they try to renew their Let's Encrypt SSL certificate? I noticed that my SSL certificate expires in some days, which means the auto renew isn't working.


    I've used this guide - Using Centmin Mod acmetool.sh addon for Nginx HTTP/2 based HTTPS with free Letsencrypt SSL certificates
    And this command:
    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"


    Code (Text):
    Create new order error. Le_OrderFinalize not found. <html>
    <head><title>405 Not Allowed</title></head>
    <body>
    <center><h1>405 Not Allowed</h1></center>
    <hr><center>nginx</center>
    </body>
    </html>
     
  2. Dnyan

    Dnyan Member

    106
    24
    18
    Sep 16, 2017
    Ratings:
    +36
    Local Time:
    10:35 AM
    1.17.8
    10.3.22
    for re-issue i used following command

    Code:
    /root/.acme.sh/acme.sh --force --issue --days 60 -d domain.com -d www.domain.com -w /home/nginx/domains/domain.com/public -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-domain.com.log --log-level 2
    replace domain.com with your domain.
     
  3. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:05 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    First try running your intended SSL certificate domain through the letsdebug.net online testing tool to check for potential errors with HTTP-01 validation. If you created Centmin Mod 123.09beta01 or higher Nginx site with Letsencrypt via centmin.sh menu option 2, 22 or nv command line, you now also have an automatic letsdebug.net API check log saved at /root/centminlogs/letsdebug-yourdomain.com-${DT}.log where yourdomain.com is domain specified during nginx vhost creation and DT is date/timestamp. Inspecting the /root/centminlogs/letsdebug-yourdomain.com-${DT}.log log will also give you clues as to why letsencrypt SSL certificate issuance failed.

    How was the initial letsencrypt ssl certificate obtained ? Which method ?
    • Was the domain nginx vhost alreadying created prior or new domain nginx vhost site setup for first time ?
    • Via centmin.sh menu option 2, 22, /usr/bin/nv ?
    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
      Code (Text):
      -------------------------------------------------------------
      Setup full Nginx vhost + Wordpress + WP Plugins
      -------------------------------------------------------------
      
      Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
      
      Create a self-signed SSL certificate Nginx vhost? [y/n]: n
      Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
      
      You have 4 options:
      1. issue staging test cert with HTTP + HTTPS
      2. issue staging test cert with HTTPS default
      3. issue live cert with HTTP + HTTPS
      4. issue live cert with HTTPS default
      Enter option number 1-4: 1
      
    • Via addons/acmetool.sh ? which specific command ? examples
      Code (Text):
      ./acmetool.sh issue acme.domain.com
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com live
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com d
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com lived
      
    • What was order of steps you did ? Did you run centmin.sh menu option 2 first with letsencrypt ? Then did you run addons/acmetool.sh afterwards ?

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    If acme.sh auto renewals didn't happen, check output for the following commands
    Code (Text):
    grep acme /var/log/cron* | sed -e "s|$(hostname -s)|host|g"
    

    Code (Text):
    echo y | /usr/local/src/centminmod/addons/acmetool.sh checkdates
    

    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
    

    Code (Text):
    echo | openssl s_client -connect yourdomain.com:443
    

    Without the answers to above questions and logs, there is nothing to help troubleshoot.
     
  4. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:05 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    That should work too to force letsencrypt SSL certificate issuance for an existing Nginx vhost site.