Do you regularly ask yourself – ‘What could possibly go wrong?‘ and “Should I share this Baby Yoda meme on my Facebook timeline?” then you are at the right place at the right time, brother!
If you get one of the errors: “Could not connect to server. Please refresh this page.” via the CyberPanel dashboard while generating or renewing an Let’s Encrypt certificate or the “It seems the CA server is busy now, let’s wait and retry. Sleeping 1 seconds.” then you must upgrade your acme.sh to the latest version.
Tha’ts it folks, if you want to read some more about this then you are free to go below.
In order to debug this and confirm that there might be some kind of an issue then you can just see if the process is stuck by searching for ‘acme’ or ‘cert’:
ps aux | grep acme
Then you will get similar result:
The easiest way to debug this is to re-run the task and checkout the output:
/usr/bin/bash /root/.acme.sh/acme.sh --issue -d sugoi.sugoiblyat.com --cert-file /etc/letsencrypt/live/sugoiblyat.com/cert.pem --key-file /etc/letsencrypt/live/sugoiblyat.--fullchain-file /etc/letsencrypt/live/sugoiblyat.com/fullchain.pem -w /home/sugoiblyat.com/public_html --force
But at that moment you realize, and ask yourself a very familiar question “What could possibly go wrong if I kill all processes containing the acme string while adding a new website to my CyberPanel?“
Well friend, I have great news!
If you are adding a new site(installed WordPress, just waiting to generate the SSL) and killing all acme processes:
kill $(pgrep acme)
You will get a 50/50 prize – Be sucessfull and happy in your life or loose all website content and start all over again!
That’s right you become successfully in your life and win a free re-migration of a deleted website!
Obviously this was tested on a production machine as it wasnt planned to fail but it did because we asked The Question.
Once you let the script to run you will eventually get the:
It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
Then with few quick searches you will find that the best solution would be to upgrade the acme.sh –upgrade and check out the results:
[[email protected] sugoiblyat.com]# /usr/bin/bash /root/.acme.sh/acme.sh --issue -d sugoiblyat.com -d www.sugoiblyat.com --etsencrypt/live/sugoiblyat.com/cert.pem --key-file /etc/letsencrypt/live/sugoiblyat.com/privkey.pem --fullchain-file /live/sugoiblyat.com/fullchain.pem -w /home/sugoiblyat.com/public_html --force [Mon Dec 2 18:04:56 UTC 2019] Multi domain='DNS:sugoiblyat.com,DNS:www.sugoiblyat.com' [Mon Dec 2 18:04:57 UTC 2019] Getting domain auth token for each domain [Mon Dec 2 18:04:59 UTC 2019] Getting webroot for domain='sugoiblyat.com' [Mon Dec 2 18:04:59 UTC 2019] Getting webroot for domain='www.sugoiblyat.com' [Mon Dec 2 18:04:59 UTC 2019] sugoiblyat.com is already verified, skip http-01. [Mon Dec 2 18:04:59 UTC 2019] www.sugoiblyat.com is already verified, skip http-01. [Mon Dec 2 18:04:59 UTC 2019] Verify finished, start to sign. [Mon Dec 2 18:04:59 UTC 2019] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/fi1655402911 [Mon Dec 2 18:05:00 UTC 2019] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/037bc28398d7f94db062 [Mon Dec 2 18:05:01 UTC 2019] Cert success. -----BEGIN CERTIFICATE----- TOP SECRET INFO HERE -----END CERTIFICATE----- [Mon Dec 2 18:05:01 UTC 2019] Your cert is in /root/.acme.sh/sugoiblyat.com/sugoiblyat.com.cer [Mon Dec 2 18:05:01 UTC 2019] Your cert key is in /root/.acme.sh/sugoiblyat.com/sugoiblyat.com.key [Mon Dec 2 18:05:01 UTC 2019] The intermediate CA cert is in /root/.acme.sh/sugoiblyat.com/ca.cer [Mon Dec 2 18:05:01 UTC 2019] And the full chain certs is there: /root/.acme.sh/sugoiblyat.com/fullchain.cer [Mon Dec 2 18:05:01 UTC 2019] Installing cert to:/etc/letsencrypt/live/sugoiblyat.com/cert.pem [Mon Dec 2 18:05:01 UTC 2019] Installing key to:/etc/letsencrypt/live/sugoiblyat.com/privkey.pem [Mon Dec 2 18:05:01 UTC 2019] Installing full chain to:/etc/letsencrypt/live/sugoiblyat.com/fullchain.pem
Disclaimer: I am okay with sharing the data in the output above as the domain is mine, the original case is something that I will not share.
Note: In the specific case the acme.sh version v2.8.3 didn’t seem to work but the v2.8.4 worked out just fine.
Thanks for reading!