Solved Free Let's Encrypt certificates error: domain was skipped due to unreachable

[euroG]

AlmaLinux Server Release 8.9, DirectAdmin 1.700, OpenLiteSpeed

We have a problem renewing free Let's Encrypt certificates for at least 3 domains:

domain.it was skipped due to unreachable http://domain.it/.well-known/acme-challenge/letsencrypt_2c33e1e015043ea836ed19cbea6c84bd file.
www.domain.it was skipped due to unreachable http://www.domain.it/.well-known/acme-challenge/letsencrypt_73c6041f5c23cccf9cc9318198529632 file.
No domains pointing to this server to generate the certificate for.

The domains have been around for a long time, they are visible and point to the server, they already have free Let's Encrypt certificates, they have not made any changes in the applications in recent months.

---

The .htaccess file doesn't block the display of folders/files if I create them manually in the webroot:

---

/.well-known/acme-challenge/letsencrypt_73c6041f5c23cccf9cc9318198529632.txt

---

the file is visible correctly.

Two out of three domains do not have the IPV6 record in the zone.
I did dozens of tests to see if there were any communication problems between my server and let's encrypt or something else but everything came back negative.

I regenerated the server certificate, on the domain that supports the server without errors but I can't renew/regenerate the certificates of the individual hosts.

Thank you
Gabriella

 

[zEitEr]

Hello,

No domains pointing to this server to generate the certificate for.

That's the error you should address

 

[euroG]

Hello,



That's the error you should address

Thanks for the reply.
As I mentioned, all 3 domains point to the server correctly, are visible, and already have a Let's Encrypt certificate created in February.

All domains have external nameserves from 3 different providers (Aruba, Register.it and Cloudflare)

We also tried disabling the firewall

 

[zEitEr]

If directadmin reports the error, then domains are not accessible over public DNS resolvers (unless your ISP or government blocks Google's and/or CloudFlare's DNS resolvers). If you need any further assistance you will need to show your real domain names either publicly or privately.

 

[zEitEr]

All domains have external nameserves from 3 different providers (Aruba, Register.it and Cloudflare)

CloudFlare blocks Let's Encrypt bots. That's a known issue.

 

[euroG]

CloudFlare blocks Let's Encrypt bots. That's a known issue.

I assumed so but only 1 domain has cloudflare... I sent the names privately. Thanks

 

[zEitEr]

May you create the file:

- /var/www/html/.well-known/acme-challenge/test.html

with content:

Hi

 

[Ohm J]

Is that full SSL or Flexible ?

I have the site working well with cloudflare full strict SSL using let's encrypt.

 

[altayevrim]

If you're on CF it's best to use CF's Origin Certificate SSL/TLS ->Origin Server under the Origin Certificates section, hit "Create Certificate" it will give you a certificate valid for 15 years. Then add this certificate to that domain from DirectAdmin. These certificates are wildcard so valid for subdomains as well.

CleanShot 2026-05-05 at 14.35.45

Screenshot uploaded to CleanShot Cloud

share.evrimaltay.com.tr

Then you can even set Strict SSL since CF accepts its own certificates

 

[euroG]

May you create the file:

- /var/www/html/.well-known/acme-challenge/test.html

with content:

Hi

Done and it is visible from main server domain

 

[euroG]

Is that full SSL or Flexible ?

I have the site working well with cloudflare full strict SSL using let's encrypt.

thanks but only one domain on this server has cloudflare ns, the other domain have differente ns and provider

 

[euroG]

We found the problem!
Our client had created some customization rules in the Openlitespeed vhost file with some LiteSpeed-related security policies that did not allow for proper alias handling!
Obviously he didn't tell anything to us!

Thanks a lot to everyone!