Lets encrypt error

D

damador

Verified User
Joined
Nov 9, 2017
Messages
19
damador said:
no - site is over cloudflare and current SSL come form their cert
Click to expand...
Please do some searchs and dosc/ help / wiki

While with cloudflare ( while for now your domain is pointing to something from cloudflare ofcourse then error if asking cert itself i think) you have to do some things / settings / config, i don't know but ...
 
I have had problems with CloudFlare and Letsencrypt, found I needed to add a Rule like this on CloudFlare to make it work properly to issue local certificates for domains:

*yourdomain.com/.well-known/acme-challenge/*
Cache Level: Bypass, Automatic HTTPS Rewrites: Off, Disable Performance
 
I used to do that till I added a rule to CF to allow the acme-challenge through without caching it, and haven't had any issues for almost two years.

Yours would look like this in CF control panel, the asterisks are required.

*radzikow.ski/.well-known/acme-challenge/*

Cache Level: Bypass
Automatic HTTPS Rewrites: Off
Disable Performance
 
https://prnt.sc/1rliokw i have these rules set - still erorr - also on facebook group that i run there was 2 reports on DA users (not on my VPS) with exactly the same error - none of them use Cloudflare
 
damador said:
https://prnt.sc/1rliokw i have these rules set - still erorr - also on facebook group that i run there was 2 reports on DA users (not on my VPS) with exactly the same error - none of them use Cloudflare
Click to expand...
Can't help you but PICs you should upload here in Forum itself!

FOR SAFETY SECURITY reasons very important, not having such external links where klick. if a scam then.... :(

I "never" klick on extra external pics urls / short urls.. for example
 
Do you possibly have something in your .htaccess file that is redirecting? Maybe add something like this as your first rewrite rule before your other rules if you are.

RewriteRule "^.well-known/acme-challenge" - [L]

Have you checked the web server logs for the domain?
 
and another DA error - this time DA from hosting company seohost.pl ( dont know exact DA version there - its shared account not VPS) DirectAdmin Panel administracyjny © 2012-2018 JBMC Software



Found wildcard domain name and http challenge type, switching to dns-01 validation.
2021/09/09 14:57:23 [INFO] [*.sklep.raczkujemy.pl, sklep.raczkujemy.pl] acme: Obtaining SAN certificate
2021/09/09 14:57:25 [INFO] [*.sklep.raczkujemy.pl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/29398695000
2021/09/09 14:57:25 [INFO] [sklep.raczkujemy.pl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/29398695010
2021/09/09 14:57:25 [INFO] [*.sklep.raczkujemy.pl] acme: use dns-01 solver
2021/09/09 14:57:25 [INFO] [sklep.raczkujemy.pl] acme: Could not find solver for: tls-alpn-01
2021/09/09 14:57:25 [INFO] [sklep.raczkujemy.pl] acme: Could not find solver for: http-01
2021/09/09 14:57:25 [INFO] [sklep.raczkujemy.pl] acme: use dns-01 solver
2021/09/09 14:57:25 [INFO] [*.sklep.raczkujemy.pl] acme: Preparing to solve DNS-01
2021/09/09 14:57:31 [INFO] [*.sklep.raczkujemy.pl] acme: Trying to solve DNS-01
2021/09/09 14:57:31 [INFO] [*.sklep.raczkujemy.pl] acme: Checking DNS record propagation using [8.8.8.8:53]
2021/09/09 15:02:31 [INFO] Wait for propagation [timeout: 15m0s, interval: 5m0s]
2021/09/09 15:02:31 [INFO] [*.sklep.raczkujemy.pl] acme: Waiting for DNS record propagation.
2021/09/09 15:07:31 [INFO] [*.sklep.raczkujemy.pl] acme: Waiting for DNS record propagation.
2021/09/09 15:12:31 [INFO] [*.sklep.raczkujemy.pl] acme: Waiting for DNS record propagation.
2021/09/09 15:17:31 [INFO] [*.sklep.raczkujemy.pl] acme: Cleaning DNS-01 challenge
2021/09/09 15:17:34 [INFO] [sklep.raczkujemy.pl] acme: Preparing to solve DNS-01
2021/09/09 15:17:42 [INFO] [sklep.raczkujemy.pl] acme: Trying to solve DNS-01
2021/09/09 15:17:42 [INFO] [sklep.raczkujemy.pl] acme: Checking DNS record propagation using [8.8.8.8:53]
2021/09/09 15:22:42 [INFO] Wait for propagation [timeout: 15m0s, interval: 5m0s]
2021/09/09 15:22:42 [INFO] [sklep.raczkujemy.pl] acme: Waiting for DNS record propagation.
2021/09/09 15:27:42 [INFO] [sklep.raczkujemy.pl] acme: Waiting for DNS record propagation.
2021/09/09 15:32:42 [INFO] [sklep.raczkujemy.pl] acme: Waiting for DNS record propagation.
2021/09/09 15:37:42 [INFO] [sklep.raczkujemy.pl] acme: Cleaning DNS-01 challenge
2021/09/09 15:37:45 [INFO] retry due to: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/authz-v3/29398695000 :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "0102E0utLTzD6z9XwIkiggUkIiXvatB3cxsqgx47WYbbdOw", url:
2021/09/09 15:37:46 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/29398695000
2021/09/09 15:37:46 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/29398695010
2021/09/09 15:37:47 Could not obtain certificates:
error: one or more domains had a problem:
[*.sklep.raczkujemy.pl] time limit exceeded: last error: NS gene.ns.cloudflare.com. returned NXDOMAIN for _acme-challenge.sklep.raczkujemy.pl.
[sklep.raczkujemy.pl] time limit exceeded: last error: NS gene.ns.cloudflare.com. returned NXDOMAIN for _acme-challenge.sklep.raczkujemy.pl.
Certificate generation failed.


no dns changes sine 2-3 years :)

seems that
 
cjd said:
Do you possibly have something in your .htaccess file that is redirecting? Maybe add something like this as your first rewrite rule before your other rules if you are.

RewriteRule "^.well-known/acme-challenge" - [L]

Have you checked the web server logs for the domain?
Click to expand...
logs

[Thu Sep 09 14:56:39.223474 2021] [autoindex:error] [pid 761092:tid 140386156599040] [client 44.197.198.204:0] AH01276: Cannot serve directory /var/www/html/.well-known/acme-challenge/: No matching DirectoryIndex (index.html,index.htm,index.shtml,index.php,index.phtml) found, and server-generated directory index forbidden by Options directive
 
Go to your admin panel > CustomBuild 2.0 > Customize Versions > letsencrypt_sh > Version 2.0.16 & delete the MD5 hash.
 
TomB1 said:
Go to your admin panel > CustomBuild 2.0 > Customize Versions > letsencrypt_sh > Version 2.0.16 & delete the MD5 hash.
Click to expand...
.16 version

Challenge pre-checks for http://radzikow.ski/.well-known/acme-challenge/letsencrypt_1632608066_cb6f1d034d84c99f failed... Command:
/usr/local/bin/curl --connect-timeout 40 -k --silent --resolve radzikow.ski:80:2606:4700:3030::ac43:8866 --resolve radzikow.ski:443:2606:4700:3030::ac43:8866 -I -L -X GET http://radzikow.ski/.well-known/acme-challenge/letsencrypt_1632608066_cb6f1d034d84c99f
Exiting.

.22

radzikow.ski was skipped due to unreachable http://radzikow.ski/.well-known/acme-challenge/ file.
www.radzikow.ski was skipped due to unreachable http://www.radzikow.ski/.well-known/acme-challenge/ file.
No domains pointing to this server to generate the certificate for.
 
damador said:
.16 version

Challenge pre-checks for http://radzikow.ski/.well-known/acme-challenge/letsencrypt_1632608066_cb6f1d034d84c99f failed... Command:
/usr/local/bin/curl --connect-timeout 40 -k --silent --resolve radzikow.ski:80:2606:4700:3030::ac43:8866 --resolve radzikow.ski:443:2606:4700:3030::ac43:8866 -I -L -X GET http://radzikow.ski/.well-known/acme-challenge/letsencrypt_1632608066_cb6f1d034d84c99f
Exiting.

.22

radzikow.ski was skipped due to unreachable http://radzikow.ski/.well-known/acme-challenge/ file.
www.radzikow.ski was skipped due to unreachable http://www.radzikow.ski/.well-known/acme-challenge/ file.
No domains pointing to this server to generate the certificate for.
Click to expand...

Please check/disable cloudflare. Time-out to your domain.
 
You must log in or register to reply here.
Back
Top