Can't renew the lets encrypt certificates

X

xvilo

Verified User
Joined
Jun 7, 2015
Messages
17
Hi,

When trying to create a new lets encrypt SSL cert i get the following error:
Code: 
 sudo ./letsencrypt.sh request thor.thisisd3.com 4096
Getting challenge for thor.thisisd3.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.thor.thisisd3.com from acme-server...
Error: http://www.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1472979722 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.

For some reason, when i go to the provided URL I see one file with the name `mLPmJE8-gOQcCsusUSW5W0sAvRgYsGrUHpJ8la8pb7k ` so I think there is something wrong with the script in naming the files...

I hope somebody can help me out :D
 
Last edited:
So I kind of fixed it myself right now, I have changed:
Code: 
if [ ${CHALLENGE_TEST} -eq 1 ]; then
                echo "Error: http://${single_domain}/.well-known/acme-challenge/letsencrypt_${TIMESTAMP} is not reachable. Aborting$
                if [ ${LETSENCRYPT_OPTION} -eq 1 ]; then
                        echo "Please make sure /.well-known alias is setup in WWW server."
                else
                        echo "Please make sure .htaccess or WWW server is not preventing access to /.well-known folder."
                fi
                exit 1
        fi

to

Code: 
if [ ${CHALLENGE_TEST} -eq 1 ]; then
                echo "Error: http://${single_domain}/.well-known/acme-challenge/letsencrypt_${TIMESTAMP} is not reachable. Aborting$
                if [ ${LETSENCRYPT_OPTION} -eq 1 ]; then
                        echo "Please make sure /.well-known alias is setup in WWW server."
                else
                        echo "Please make sure .htaccess or WWW server is not preventing access to /.well-known folder."
                fi
                #exit 1
        fi

And got this as output
Code: 
 ./letsencrypt.sh request thor.thisisd3.com 4096
Setting up certificate for a hostname: thor.thisisd3.com
Getting challenge for thor.thisisd3.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.thor.thisisd3.com from acme-server...
Error: http://www.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027223 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
[root@thor scripts]# nano /usr/local/directadmin/scripts/letsencrypt.sh
[root@thor scripts]# ./letsencrypt.sh request thor.thisisd3.com 4096
Setting up certificate for a hostname: thor.thisisd3.com
Getting challenge for thor.thisisd3.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.thor.thisisd3.com from acme-server...
Error: http://www.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027279 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Waiting for domain verification...
Challenge is valid.
Getting challenge for mail.thor.thisisd3.com from acme-server...
Error: http://mail.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027279 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Waiting for domain verification...
Challenge is valid.
Getting challenge for ftp.thor.thisisd3.com from acme-server...
Error: http://ftp.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027279 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Waiting for domain verification...
Challenge is valid.
Getting challenge for pop.thor.thisisd3.com from acme-server...
Error: http://pop.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027279 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Waiting for domain verification...
Challenge is valid.
Getting challenge for smtp.thor.thisisd3.com from acme-server...
Error: http://smtp.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027279 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Waiting for domain verification...
Challenge is valid.
Generating 4096 bit RSA key for thor.thisisd3.com...
openssl genrsa 4096 > "/usr/local/directadmin/conf/cakey.pem.new"
Generating RSA private key, 4096 bit long modulus
...................................................................................................................................................................................................................................................++
.................++
e is 65537 (0x10001)
DirectAdmin certificate has been setup.
Setting up cert for Exim...
Setting up cert for WWW server...
Setting up cert for FTP server...
The services will be restarted in about 1 minute via the dataskq.
Certificate for thor.thisisd3.com has been created successfully!

Still not sure what is causing this....
 
Thanks man, this fixed my problem. Why hasnt this script been fixed?
 
xvilo said:
So I kind of fixed it myself right now, I have changed:
Code: 
if [ ${CHALLENGE_TEST} -eq 1 ]; then
                echo "Error: http://${single_domain}/.well-known/acme-challenge/letsencrypt_${TIMESTAMP} is not reachable. Aborting$
                if [ ${LETSENCRYPT_OPTION} -eq 1 ]; then
                        echo "Please make sure /.well-known alias is setup in WWW server."
                else
                        echo "Please make sure .htaccess or WWW server is not preventing access to /.well-known folder."
                fi
                exit 1
        fi

to

Code: 
if [ ${CHALLENGE_TEST} -eq 1 ]; then
                echo "Error: http://${single_domain}/.well-known/acme-challenge/letsencrypt_${TIMESTAMP} is not reachable. Aborting$
                if [ ${LETSENCRYPT_OPTION} -eq 1 ]; then
                        echo "Please make sure /.well-known alias is setup in WWW server."
                else
                        echo "Please make sure .htaccess or WWW server is not preventing access to /.well-known folder."
                fi
                #exit 1
        fi

And got this as output
Code: 
 ./letsencrypt.sh request thor.thisisd3.com 4096
Setting up certificate for a hostname: thor.thisisd3.com
Getting challenge for thor.thisisd3.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.thor.thisisd3.com from acme-server...
Error: http://www.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027223 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
[root@thor scripts]# nano /usr/local/directadmin/scripts/letsencrypt.sh
[root@thor scripts]# ./letsencrypt.sh request thor.thisisd3.com 4096
Setting up certificate for a hostname: thor.thisisd3.com
Getting challenge for thor.thisisd3.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.thor.thisisd3.com from acme-server...
Error: http://www.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027279 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Waiting for domain verification...
Challenge is valid.
Getting challenge for mail.thor.thisisd3.com from acme-server...
Error: http://mail.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027279 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Waiting for domain verification...
Challenge is valid.
Getting challenge for ftp.thor.thisisd3.com from acme-server...
Error: http://ftp.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027279 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Waiting for domain verification...
Challenge is valid.
Getting challenge for pop.thor.thisisd3.com from acme-server...
Error: http://pop.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027279 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Waiting for domain verification...
Challenge is valid.
Getting challenge for smtp.thor.thisisd3.com from acme-server...
Error: http://smtp.thor.thisisd3.com/.well-known/acme-challenge/letsencrypt_1473027279 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Waiting for domain verification...
Challenge is valid.
Generating 4096 bit RSA key for thor.thisisd3.com...
openssl genrsa 4096 > "/usr/local/directadmin/conf/cakey.pem.new"
Generating RSA private key, 4096 bit long modulus
...................................................................................................................................................................................................................................................++
.................++
e is 65537 (0x10001)
DirectAdmin certificate has been setup.
Setting up cert for Exim...
Setting up cert for WWW server...
Setting up cert for FTP server...
The services will be restarted in about 1 minute via the dataskq.
Certificate for thor.thisisd3.com has been created successfully!

Still not sure what is causing this....
Click to expand...

Your thor.thisisd3.com domain DNS A record was not pointing to your own server. Please check:
Code: 
dig thor.thisisd3.com +short

It's likely related to wrong resolvers set in /etc/resolv.conf.
 
Same problem has started to appear again. acme-challenge folder contains encrypted strings and not something which looks like letsencrypt_${TIMESTAMP}
 
You must log in or register to reply here.
Back
Top