testing wildcard let´s encrypt but get "cannot excute your request"

Awd

Verified User
Joined
Aug 9, 2015
Messages
316
Hi,

Just installed latest skin with DA pre release binaries and tested wildcard.
https://www.directadmin.com/features.php?id=2122

I get this message:

Code:
Getting challenge for *.mydomain.com from acme-server...
new-authz error: HTTP/1.1 100 Continue\r
Expires: Wed, 09 May 2018 20:08:46 GMT\r
Cache-Control: max-age=0, no-cache, no-store\r
Pragma: no-cache\r
\r
HTTP/1.1 400 Bad Request\r
Server: nginx\r
Content-Type: application/problem+json\r
Content-Length: 129\r
Boulder-Requester: 10407514\r
Replay-Nonce: KLIuC64iHQ5fDLqAip_V72Son8Cfrqq9s-VeLTnzj00\r
Expires: Wed, 09 May 2018 20:08:46 GMT\r
Cache-Control: max-age=0, no-cache, no-store\r
Pragma: no-cache\r
Date: Wed, 09 May 2018 20:08:46 GMT\r
Connection: close\r
\r
{
  "type": "urn:acme:error:malformed",
  "detail": "Error creating new authz :: Wildcard names not supported",
  "status": 400
}. Exiting...

Anyone have suggestions?
 
Please make sure your let's encrypt script version is at least 1.1.0 (it comes with pre-release binaries).
 
Hi,

Thanks, indeed I was running "old" version. Installed latest and now it works.

One general question, the TEXT record for verification, is that temporary and deleted automatically by DA, as I do not see that record in the DNS?
And if the dns server is external, can I add there the TXT record (temporary)? And what if it is automatically renewed?
 
It's deleted automatically after verification. External DNS server can be ran, if you have hooks to deploy DNS there automatically. Otherwise, if you add the DNS record there manually, it would fail with renewal after 60 days.
 
Thank you for explanation. Have a great day!
 
It's deleted automatically after verification. External DNS server can be ran, if you have hooks to deploy DNS there automatically. Otherwise, if you add the DNS record there manually, it would fail with renewal after 60 days.
I understand the reason behind this, but what if you have NS/DNS at CloudFlare etc (with no API).....
 
Now get a new error

Code:
Requesting new certificate order...
Processing authorization for domain.nl...
Challenge is valid.
Processing authorization for [url]www.domain.nl[/url]...
Waiting for domain verification...
Trying again...
1..2..3..4..5..
Challenge error: HTTP/1.1 100 Continue\r
Expires: Thu, 10 May 2018 16:16:15 GMT\r
Cache-Control: max-age=0, no-cache, no-store\r
Pragma: no-cache\r
\r
HTTP/1.1 400 Bad Request\r
Server: nginx\r
Content-Type: application/problem+json\r
Content-Length: 144\r
Boulder-Requester: 34689302\r
Replay-Nonce: uMqRbzEziBQZ6zFh2rkIEh0GlOTICr6tp0wUAm2JaBk\r
Expires: Thu, 10 May 2018 16:16:15 GMT\r
Cache-Control: max-age=0, no-cache, no-store\r
Pragma: no-cache\r
Date: Thu, 10 May 2018 16:16:15 GMT\r
Connection: close\r
\r
{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: The challenge is not pending.",
  "status": 400
}. Exiting...
 
May you run it from terminal using "bash -x ./letsencrypt.sh request domain.nl 4096" and attaching the output somewhere (you can PM it to me as well)?
 
Back
Top