acme tries to renew certificate for removed domain alias

Discussion in 'Installation/Configuration' started by dan-v, May 20, 2026.

Tags:
  1. dan-v

    dan-v Member

    I get a daily error from acme.sh, which tries to renew a certificate when the correspondig site alias has been removed using ISPConfig 3.

    Specifically, after site alias new.mydomain.com has been deleted, the error messages (anonymized) are :
    Code:
    [mer. 20 mai 2026 05:16:15 CEST] new.mydomain.com: Invalid status. Verification error details: DNS problem: NXDOMAIN looking up A for new.mydomain.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for new.mydomain.com - check that a DNS record exists for this domain
[mer. 20 mai 2026 05:16:15 CEST] Please check log file for more details: /var/log/ispconfig/acme.log
[mer. 20 mai 2026 05:16:15 CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[mer. 20 mai 2026 05:16:16 CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[mer. 20 mai 2026 05:16:17 CEST] Error renewing mydomain.com.
    The logs show basically the same information. The problem is trying to renew a certificate for a domain alias that no longer exists. Apparently, there exists somewhere a lingering pointer for acme.sh to this alias, but I cannot find where it is.
    Any ideas ?
     
    dan-v, May 20, 2026
    #1
  2. pyte

    pyte Well-Known Member HowtoForge Supporter

    I would search through the acme folder and see where the domain in question is configured. The path is /root/.acme.sh/
     
    pyte, May 20, 2026
    #2
  3. remkoh

    remkoh Well-Known Member HowtoForge Supporter

    Uncheck, save and re-check Let's Encrypt in the website config of which the domain was an alias.
    That should rewrite the main domain's acme config and thus remove the alias.
     
    remkoh, May 20, 2026
    #3
  4. dan-v

    dan-v Member

    I have already looked there, and I couldn't find anything
     
    dan-v, May 20, 2026
    #4
  5. pyte

    pyte Well-Known Member HowtoForge Supporter

    Code:
    cd /root/.acme.sh/
grep -r "new.mydomain.com"
    That does not come up with any results?
     
    pyte, May 20, 2026
    #5
  6. dan-v

    dan-v Member

    Ah ! Yes it does. It is in the .conf and .csr.conf file of mydomain.com
    Is it safe to just remove it from these 2 files ?
     
    dan-v, May 20, 2026
    #6
  7. pyte

    pyte Well-Known Member HowtoForge Supporter

    Try what @remkoh suggested and disable the SSL/LE Configuration for that webspace once and then reenable and see if it removes it then.
     
    pyte, May 20, 2026
    #7
    till likes this.
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Have you tried if #3 helps?
     
    till, May 20, 2026
    #8
  9. dan-v

    dan-v Member

    No, unfortunately. I have tried it and it does not work. The offending alias is still in there
     
    dan-v, May 20, 2026
    #9
  10. dan-v

    dan-v Member

    Unfortunately, it does not
     
    dan-v, May 20, 2026
    #10
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Then you can try editing it manually. But maybe you have this alias in ISPConfig, and that's why it's still there?
     
    till, May 20, 2026
    #11
  12. dan-v

    dan-v Member

    The alias in ISPConfig was deleted first thing. The problem survived that (actually, the deletion triggered it). I will try the manual edit and report before/after. 48h cycle
     
    dan-v, May 20, 2026
    #12
  13. dan-v

    dan-v Member

    Manually editing out references to the subdomain from files .conf and .csr.conf of the top level domain solved the problem.
     
    dan-v, May 22, 2026
    #13
    pyte likes this.

Share This Page