Let's Encrypt / LetsEncrypt SSL For Subdomain

1024kb

Verified User
Joined
Jun 25, 2014
Messages
44
Hello,

I have successfully set up SSL certificates on domains without issue, however I'm running into a problem when attempting to install an SSL certificate for subdomains.

For example, I have a DirectAdmin account with a domain like 'test.domain.com'. (Meaning, I DON'T have an account 'domain.com' and have a subdomain set up within that account as 'test.domain.com')

When I attempt to use the built-in DirectAdmin Let's Encrypt SSL install, I get this error:

Code:
Cannot Execute Your Request

Details

Getting challenge for test.domain.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.test.domain.com from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: DNS problem: NXDOMAIN looking up A for www.test.domain.com. Exiting...
The problem looks like is that it can't resolve the A record of www.test.domain.com, which is correct, that would not resolve. However test.domain.com resolves fine to an IP address.

When filling out the information for the SSL certificate, I've tried both www.test.domain.com and test.domain.com in the Common Name, but I get errors with either I try.

Any suggestions as to what I can do or what may be causing the problem?
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
335
Hello,

I have successfully set up SSL certificates on domains without issue, however I'm running into a problem when attempting to install an SSL certificate for subdomains.

For example, I have a DirectAdmin account with a domain like 'test.domain.com'. (Meaning, I DON'T have an account 'domain.com' and have a subdomain set up within that account as 'test.domain.com')

When I attempt to use the built-in DirectAdmin Let's Encrypt SSL install, I get this error:

Code:
Cannot Execute Your Request

Details

Getting challenge for test.domain.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.test.domain.com from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: DNS problem: NXDOMAIN looking up A for www.test.domain.com. Exiting...
The problem looks like is that it can't resolve the A record of www.test.domain.com, which is correct, that would not resolve. However test.domain.com resolves fine to an IP address.

When filling out the information for the SSL certificate, I've tried both www.test.domain.com and test.domain.com in the Common Name, but I get errors with either I try.

Any suggestions as to what I can do or what may be causing the problem?
You made a A record for www.test in your DNS? because this is discussed before and the reason is that the script cant find a A record for it and it exits
 

1024kb

Verified User
Joined
Jun 25, 2014
Messages
44
You made a A record for www.test in your DNS? because this is discussed before and the reason is that the script cant find a A record for it and it exits
Thanks for this, I should have noticed it myself. I added a www.test record in the DNS which is resolving correctly now.

However I'm now experiencing a new problem during execution:

Code:
Getting challenge for test.domain.com from acme-server...
/usr/local/directadmin/scripts/letsencrypt.sh: line 319: /var/www/html/.well-known/acme-challenge/: Is a directory
/usr/local/directadmin/scripts/letsencrypt.sh: line 322: [: -ne: unary operator expected
Waiting for domain verification...
rm: cannot remove `/var/www/html/.well-known/acme-challenge/': Is a directory
Challenge is . Details: . Exiting...
Would just removing the acme-challenge directory fix this issue, and if so is that directory safe to remove without breaking my pre-existing LetsEncrypt SSL installations?

Edit: I went ahead and just renamed the acme-challenge directory to something else, but I still got the same error message.
 
Last edited:

Neograph734

Verified User
Joined
Sep 17, 2014
Messages
18
Same error

Thanks for this, I should have noticed it myself. I added a www.test record in the DNS which is resolving correctly now.

However I'm now experiencing a new problem during execution:

Code:
Getting challenge for test.domain.com from acme-server...
/usr/local/directadmin/scripts/letsencrypt.sh: line 319: /var/www/html/.well-known/acme-challenge/: Is a directory
/usr/local/directadmin/scripts/letsencrypt.sh: line 322: [: -ne: unary operator expected
Waiting for domain verification...
rm: cannot remove `/var/www/html/.well-known/acme-challenge/': Is a directory
Challenge is . Details: . Exiting...
Would just removing the acme-challenge directory fix this issue, and if so is that directory safe to remove without breaking my pre-existing LetsEncrypt SSL installations?

Edit: I went ahead and just renamed the acme-challenge directory to something else, but I still got the same error message.
I am getting the same error, an automated renewal failed yesterday. I however feel this is not specifically related to subdomains. Almost like the script just doesn't work anymore...
 
Top