williampeterpaul
commented
4 months ago Initially it looks like the issue started from the lua_shared_dict being too small, as per the logs:
2024/03/02 16:13:23 [error] 2006421#2006421: 154079 [lua] ssl_certificate.lua:33: convert_to_der_and_cache(): auto-ssl: 'lua_shared_dict auto_ssl' might be too small - consider increasing its configured size (old entries were removed while adding private key for example.com), context: ssl_certificate_by_lua, client: 213.230.127.224, server: 0.0.0.0:443
I've subsequently increased the size of the shared dict, but now any domains that requested certs in this period are now getting the invalid cert response described above. I thought perhaps purging the lua_shared_dict might be the solution, although I've tried ngx.shared.auto_ssl:flush_all() and this isn't having an effect.
Perhaps more related to Nginx/openresty?
I've set up a server to auto generate certificates using Let's Encrypt and lua-resty-auto-ssl. It's working as expected for all but one domain, for which I am getting a privacy error in browser:
In the past when I've had a similar error, for example due to an expired certificate I've been able to fix the problem by removing the certificate from the storage folder
/etc/resty-auto-ssl/storage/fileand restarting the openresty service withsudo service openresty restartto regenerate upon next visit.In this case the above fix isn't working. I can't see any certificate for the domain under
/etc/resty-auto-ssl/letsencrypt/certsand restarting the entire server hasn't worked, either.It seems like the invalid certificate response has been cached and is being served, regardless of my attempts to remove it. Would anyone be able to point me in the right direction for why this might be occurring and how to resolve?
Can share my nginx.conf if needed.