LetsEncrypt Issue

glio

Verified User
Joined
Jan 8, 2008
Messages
64
Thank you so much, I just downgrade to 1.1.25 and it work again, Thank you so much
 

glio

Verified User
Joined
Jan 8, 2008
Messages
64
Thanks, Richard G, I just try 1.1.32 but still same, so I downgrade back to 1.1.25, I will use it until they fix this problem, Thanks
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,565
This is not releated to the problems some users has in this thread, but I would like to point out that it is a good idea to monitor Let's Encrypt status page at https://letsencrypt.status.io - currently there is a active issue from October 3 wich is still not resolved, wich could give timeouts. Look under the heading "Timeouts Accessing Some API Endpoints"
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,535
Location
Maastricht
@Ditto: Thank you, good tip! This explains some timeouts I was having on other domains. I didn't care because they worked a day later. But it's always good to have a place to check things.

@glio: You might consider sending in a ticket about that issue.
 

glio

Verified User
Joined
Jan 8, 2008
Messages
64
Maybe could they just add option for us? 2 option :1. the old way just like before 1.1.25 2.the new way, add "pre_check"
so we can choice which one we are working to use and everyone will be happy.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,535
Location
Maastricht
Only @Smtalk can answer that I guess. I presume there is a good reason for changing the way this works, maybe the old way will be deprecated in the future or it's done to prevent running in to limits or other error notices? I don't know.
If it could be done it would be nice indeed.
 

glio

Verified User
Joined
Jan 8, 2008
Messages
64
I want to report I just try Let's Encrypt 1.1.33, but still same problem, I think I better to keep 1.1.25 for using
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
714
Location
Netherlands Germany
Last edited:

crenet

Verified User
Joined
Sep 23, 2019
Messages
114
Hi,

This is my first default/basic DA server setup, using the default setup and getting a lot of issues to make things working.

I am troubleshooting in the last 7 days, already post in other forum categories and I did not get any help.

Some time ago I use DA and DirectAdmin forum was very active and helpful.

I really hope that somebody could help me with this DA issue with Let's Encrypt wildcard limitation.

I tried to install Let's Encrypt wildcard but I get an error because DA script do not allow me to add the LE activation record on my external DNS.

This seem to be a DA limitation because PLESK allow users to set the LE activation record for wildcard on external DNS server.

Plesk guide
https://docs.plesk.com/en-US/obsidia...encrypt.79603/

"Whether the Let’s Encrypt extension adds the DNS record automatically or you do it manually, it can take some time before it propagates. We recommend that you check that the DNS record was added before going to the next step. Here is how you can do it:"

So how can DA users know which TXT record should we add for complete certificate validation ?

This feature exist so when will it be fixed to allow users to add the record in the external DNS server ?

Thanks
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,911
Location
LT, EU
Let's Encrypt certificates auto-renew themselves. Are you going to re-add these DNS records manually every 60 days? I wouldn't call this auto-renewal though, as it'd require manual action :)
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
114
Let's Encrypt certificates auto-renew themselves. Are you going to re-add these DNS records manually every 60 days? I wouldn't call this auto-renewal though, as it'd require manual action :)
Hi Martynas,

Plesk is doing why DirectAdmin do not allow Lets Encrypt wildcard certificates when using external DNS servers ?

This seems not good because the way DA is doing it I can not get LE wildcard certificates into DirectAdmin.

It should be available, just change the script and allow the user to see the activation record that he need to add in external DNS with a confirmation button to continue the script.

Do not seem very complicated and will allow to work with both local DNS and external DNS.

Seems logical, I did not expect to see this limitation on DirectAdmin because DA is very active in implementing new features.

Doing this way will limit the use of LE wildcard certificates for local DNS that is a no sense because awe all now that its better to get a external DNS service.

Thanks
 

glio

Verified User
Joined
Jan 8, 2008
Messages
64
Hi,

This is my first default/basic DA server setup, using the default setup and getting a lot of issues to make things working.

I am troubleshooting in the last 7 days, already post in other forum categories and I did not get any help.

Some time ago I use DA and DirectAdmin forum was very active and helpful.

I really hope that somebody could help me with this DA issue with Let's Encrypt wildcard limitation.

I tried to install Let's Encrypt wildcard but I get an error because DA script do not allow me to add the LE activation record on my external DNS.

This seem to be a DA limitation because PLESK allow users to set the LE activation record for wildcard on external DNS server.

Plesk guide
https://docs.plesk.com/en-US/obsidia...encrypt.79603/

"Whether the Let’s Encrypt extension adds the DNS record automatically or you do it manually, it can take some time before it propagates. We recommend that you check that the DNS record was added before going to the next step. Here is how you can do it:"

So how can DA users know which TXT record should we add for complete certificate validation ?

This feature exist so when will it be fixed to allow users to add the record in the external DNS server ?

Thanks
Thanks, but your link is not working...

P.S: Let's Encrypt 1.1.25 is not work anymore(I think something changed and it not work anymore =_=!) , even 1.1.38
 
Last edited:

glio

Verified User
Joined
Jan 8, 2008
Messages
64
Hi Martynas,

Plesk is doing why DirectAdmin do not allow Lets Encrypt wildcard certificates when using external DNS servers ?

This seems not good because the way DA is doing it I can not get LE wildcard certificates into DirectAdmin.

It should be available, just change the script and allow the user to see the activation record that he need to add in external DNS with a confirmation button to continue the script.

Do not seem very complicated and will allow to work with both local DNS and external DNS.

Seems logical, I did not expect to see this limitation on DirectAdmin because DA is very active in implementing new features.

Doing this way will limit the use of LE wildcard certificates for local DNS that is a no sense because awe all now that its better to get a external DNS service.

Thanks
I think so, my domain have some MX, A type and CNAME 's and value to external ip(out of my server, like google suite's server), so I think that is the problem why we can't finish and get ssl cert

Could DA don't limit external DNS anymore or add selection to us disable or enable it? Thanks
 
Last edited:

glio

Verified User
Joined
Jan 8, 2008
Messages
64
Finally, I find a stupid way to let new version(1.1.38) of Lets Encrypt to work, hope this can help the guys like me or dev to find a way may it more user friend: Go to dns control, and delete all external DNS(MX, CNAME, A...) and you can finish your cert request.

Please, we need DA to support external DNS and make it more user friendly
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
114
Thanks, but your link is not working...

P.S: Let's Encrypt 1.1.25 is not work anymore(I think something changed and it not work anymore =_=!) , even 1.1.38

The link was fine and some how it stop working.

This is what we can read in Plesk doc about Let's Encrypt certificates, DA urgently need to add this feature in Directadmin for users that are using external DNS services. I think this a basic feature for who want to optimize DNS.
I just can not believe that DA is not able to do it.
To forum administrator this is not a promotion link this is just a prove that it´s possible to allow DA users to add LE wildcard certificates into DirectAdmin, you must use this feature as soon as possible.
 

_rik_

Verified User
Joined
Sep 25, 2019
Messages
27
Location
England
@glio
Are you sure it's not only a matter of deleting the _acme-challenge record? Because I had the same problem in some previous versions.

@crenet
This thread was initiated by my ISP and virtually marked as solved by me because some versions ago DA actually started to works with LE wildcard on external DNS. Read some pages back on this thread.
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
114
@glio
Are you sure it's not only a matter of deleting the _acme-challenge record? Because I had the same problem in some previous versions.

@crenet
This thread was initiated by my ISP and virtually marked as solved by me because some versions ago DA actually started to works with LE wildcard on external DNS. Read some pages back on this thread.
Will you please informe me where is the post that fix it because I am on DA 1.59.5 and I can´t add LE wildcard certificates.

hi @_rik_

Will you please informe me where is the post that fix it because I am on DA 1.59.5 and I can´t add LE wildcard certificates ?

Or is only working on pre-release version ?

By the way does anybody know how must time a feature stays in pre-release version before moving to stable release version ?

Thanks
 

_rik_

Verified User
Joined
Sep 25, 2019
Messages
27
Location
England
Hi @crenet
I'm not on a pre-release, it was fixed with the version released in October 2019 that ships with Letsencrypt.sh 1.1.31
So at this point, there are 2 cases:
1) You have something wrong in the config.
2) DA has re-introduced a new problem with the latest version

In any case, try to delete the _acme-challenge record and retry. If you come from an older version could help as it did for me.
 
Top