Results 1 to 9 of 9

Thread: testing wildcard letīs encrypt but get "cannot excute your request"

  1. #1
    Join Date
    Aug 2015
    Posts
    312

    testing wildcard letīs encrypt but get "cannot excute your request"

    Hi,

    Just installed latest skin with DA pre release binaries and tested wildcard.
    https://www.directadmin.com/features.php?id=2122

    I get this message:

    Code:
    Getting challenge for *.mydomain.com from acme-server...
    new-authz error: HTTP/1.1 100 Continue\r
    Expires: Wed, 09 May 2018 20:08:46 GMT\r
    Cache-Control: max-age=0, no-cache, no-store\r
    Pragma: no-cache\r
    \r
    HTTP/1.1 400 Bad Request\r
    Server: nginx\r
    Content-Type: application/problem+json\r
    Content-Length: 129\r
    Boulder-Requester: 10407514\r
    Replay-Nonce: KLIuC64iHQ5fDLqAip_V72Son8Cfrqq9s-VeLTnzj00\r
    Expires: Wed, 09 May 2018 20:08:46 GMT\r
    Cache-Control: max-age=0, no-cache, no-store\r
    Pragma: no-cache\r
    Date: Wed, 09 May 2018 20:08:46 GMT\r
    Connection: close\r
    \r
    {
      "type": "urn:acme:error:malformed",
      "detail": "Error creating new authz :: Wildcard names not supported",
      "status": 400
    }. Exiting...
    Anyone have suggestions?
    Kind regards, Fred

    Alentejo Webdesign
    Webdesign with Passion is what we do
    Web development, Hosting, Speed Optimizing & More......

  2. #2
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,150
    Please make sure your let's encrypt script version is at least 1.1.0 (it comes with pre-release binaries).
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  3. #3
    Join Date
    Aug 2015
    Posts
    312
    Hi,

    Thanks, indeed I was running "old" version. Installed latest and now it works.

    One general question, the TEXT record for verification, is that temporary and deleted automatically by DA, as I do not see that record in the DNS?
    And if the dns server is external, can I add there the TXT record (temporary)? And what if it is automatically renewed?
    Kind regards, Fred

    Alentejo Webdesign
    Webdesign with Passion is what we do
    Web development, Hosting, Speed Optimizing & More......

  4. #4
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,150
    It's deleted automatically after verification. External DNS server can be ran, if you have hooks to deploy DNS there automatically. Otherwise, if you add the DNS record there manually, it would fail with renewal after 60 days.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  5. #5
    Join Date
    Aug 2015
    Posts
    312
    Thank you for explanation. Have a great day!
    Kind regards, Fred

    Alentejo Webdesign
    Webdesign with Passion is what we do
    Web development, Hosting, Speed Optimizing & More......

  6. #6
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,639
    Quote Originally Posted by smtalk View Post
    It's deleted automatically after verification. External DNS server can be ran, if you have hooks to deploy DNS there automatically. Otherwise, if you add the DNS record there manually, it would fail with renewal after 60 days.
    I understand the reason behind this, but what if you have NS/DNS at CloudFlare etc (with no API).....

  7. #7
    Join Date
    Aug 2015
    Posts
    312
    Now get a new error

    Code:
    Requesting new certificate order...
    Processing authorization for domain.nl...
    Challenge is valid.
    Processing authorization for www.domain.nl...
    Waiting for domain verification...
    Trying again...
    1..2..3..4..5..
    Challenge error: HTTP/1.1 100 Continue\r
    Expires: Thu, 10 May 2018 16:16:15 GMT\r
    Cache-Control: max-age=0, no-cache, no-store\r
    Pragma: no-cache\r
    \r
    HTTP/1.1 400 Bad Request\r
    Server: nginx\r
    Content-Type: application/problem+json\r
    Content-Length: 144\r
    Boulder-Requester: 34689302\r
    Replay-Nonce: uMqRbzEziBQZ6zFh2rkIEh0GlOTICr6tp0wUAm2JaBk\r
    Expires: Thu, 10 May 2018 16:16:15 GMT\r
    Cache-Control: max-age=0, no-cache, no-store\r
    Pragma: no-cache\r
    Date: Thu, 10 May 2018 16:16:15 GMT\r
    Connection: close\r
    \r
    {
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: The challenge is not pending.",
      "status": 400
    }. Exiting...
    Kind regards, Fred

    Alentejo Webdesign
    Webdesign with Passion is what we do
    Web development, Hosting, Speed Optimizing & More......

  8. #8
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,150
    May you run it from terminal using "bash -x ./letsencrypt.sh request domain.nl 4096" and attaching the output somewhere (you can PM it to me as well)?
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  9. #9
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,273
    Quote Originally Posted by Peter Laws View Post
    I understand the reason behind this, but what if you have NS/DNS at CloudFlare etc (with no API).....
    Then no wildcard can be used/installed/renewed...

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •