Error with SSL Certificates / Let's Encrypt

T

TechChime

New member
Joined
May 23, 2021
Messages
4
First time using DA and I thought I try it out and so I did a fresh ubuntu 20.04 Install and DA. Added 2 sites at the user level (domain) used my admin to login, etc. They were cake to get up running. No special things I did at all.

So i thought maybe I should add a SSL to the site. Well I get the following Error:

Code: 
mycensoredsite.com was skipped due to unreachable http://mycensoredsite.com/.well-known/acme-challenge/ file.
www.mycensoredsite.com was skipped due to unreachable http://www.mycensoredsite.com/.well-known/acme-challenge/ file.
No domains pointing to this server to generate the certificate for.

I rather not mess with things and thought I ask :)
 
Be sure you're using the latest Letsencrypt script which is 2.0.18.
If you go via SSH to your custombuild directory and run the ./build versions command you can see which one is in use.
Also make sure your domain is already synchronised in DNS worldwide and Letsencrypt is installed the correct way (also with SNI and all).

This might also be helpful:

or maybe the old doc is easier to read for you:
 
Richard G said:
Be sure you're using the latest Letsencrypt script which is 2.0.18.
If you go via SSH to your custombuild directory and run the ./build versions command you can see which one is in use.
Also make sure your domain is already synchronised in DNS worldwide and Letsencrypt is installed the correct way (also with SNI and all).

This might also be helpful:

or maybe the old doc is easier to read for you:
Click to expand...
Thanks I'm on that version it seems. I think the problem might actually because I'm using cloudflare potentially. I think it can even make its own so maybe I will look into that.

Thanks.
 
TechChime said:
Thanks I'm on that version it seems. I think the problem might actually because I'm using cloudflare potentially. I think it can even make its own so maybe I will look into that.

Thanks.
Click to expand...
I use Cloudflare for some of my domains: I find that the cloudflare certs work ok. Also for servers we may turn the cloudflare proxy option off for specific doman names. E.g. myserver.greatdomain.com. could be set to not proxied, and in this case lets encrypt certs can work.
Cheers
Neil
 
Had the same issue... been busy all morning... what worked for me was deleting the ipv6 AAAA record from my dns. once I did that, it worked like a charm...
 
demandela said:
Had the same issue... been busy all morning... what worked for me was deleting the ipv6 AAAA record from my dns. once I did that, it worked like a charm...
Click to expand...
While that may work right now, that is off course not an permanent solution. This points at a wrongly configured IPv6 setup, because Let’s Encrypt is fully compatible with IPv6.
 
Erulezz said:
While that may work right now, that is off course not an permanent solution. This points at a wrongly configured IPv6 setup, because Let’s Encrypt is fully compatible with IPv6.
Click to expand...
You are totally right there…

but know I can focus on getting ipv6 right. The problem wasn’t on let’s encrypt or direct admin. So I can cross that of the list :)
 
I have the same issue here, however don't know how to fix my ipv6 problem.
Any first line support and suggestions.
 
What is the problem ? IPV6 or LE certificate issue ?
Check your DNS settings for AAAA record and be sure that your server is reachable by ipv6 address : https://ipv6-test.com/
 
Server should be reachable by ipv6 with the test. Records should be fine in DNS have both a and aaa records pointing.
I'm using a comodo ssl certificate problem with lets encrypt was like mentioned in first post above.

At this stage the website is like below:
1639002107165.png
 
tom1983 said:
I'm using a comodo ssl certificate problem with lets encrypt
Click to expand...
Makes no sense, comodo certificate has nothing to do with LE certificate!
Because we don't know anything about your site it's difficult to say something, maybe you want share the domain name ?
 
Sorry for not being clear.

I've had issues with LE and switched to comodo. because of error like above.
It still didn't work.

Domain is: bibliotrek.be

Now it's working, but from time to time not.
When I ping the domain and i get a ipv4 address site is working, when I get ipv6 its not working.

Sorry for my rookieness

IPv6 is blocked by below:
1639004014417.png
 
Your site is loading fine with ipv4 , but your certificate issuer is Sectigo as far I can see.
When i look at your website with ipv6 I see "Apache is functioning normally" that means that your server is not set up properly.
This could means that your DNS setting regarding this website are not correct.

Checked your certificate also and it didnt pass : https://www.digicert.com/help/
The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.
 
Any suggestions on how to fix this? dns setting are setup correctly as far i know.

Both A and AAA are set, or do you mean on server site and not on rcp site?
All suggestions or help would be welcome because I'm in the dark here.
 
Thanks Acitve8 much appreciate your help, I'll read and go over this.

In the meantime Cert passed, need to add the intermediate cert within Root CA.
I've added IPv6 address in DA > IP management and linked it.

Still need to figure out MX record for AAAA, don't know if I need MX and SPF since we're not emailing from DA.
 
tom1983 said:
Still need to figure out MX record for AAAA, don't know if I need MX and SPF since we're not emailing from DA.
Click to expand...
I see you are using outlook/office365 , I assume there is no need then.
 
You must log in or register to reply here.
Back
Top