Richard G
Verified User
I know them, seen the series here and I like it.
LetsEncrypt Issue
- Thread starter WebHostingUK
- Start date
Richard G
Verified User
@glio: There was an update to 1.1.32 today. You might update and try again.
Maybe it's fixed.
Maybe it's fixed.
This is not releated to the problems some users has in this thread, but I would like to point out that it is a good idea to monitor Let's Encrypt status page at https://letsencrypt.status.io - currently there is a active issue from October 3 wich is still not resolved, wich could give timeouts. Look under the heading "Timeouts Accessing Some API Endpoints"
Richard G
Verified User
@Ditto: Thank you, good tip! This explains some timeouts I was having on other domains. I didn't care because they worked a day later. But it's always good to have a place to check things.
@glio: You might consider sending in a ticket about that issue.
@glio: You might consider sending in a ticket about that issue.
Richard G
Verified User
Only @Smtalk can answer that I guess. I presume there is a good reason for changing the way this works, maybe the old way will be deprecated in the future or it's done to prevent running in to limits or other error notices? I don't know.
If it could be done it would be nice indeed.
If it could be done it would be nice indeed.
ikkeben
Verified User
Even with 1.1.34 ?
https://files.directadmin.com/services/all/letsencrypt/
And take care if this in old versions then using ....
https://community.letsencrypt.org/t...cation-of-unauthenticated-resource-gets/74380
Last edited:
crenet
Verified User
- Joined
- Sep 23, 2019
- Messages
- 114
Hi,
This is my first default/basic DA server setup, using the default setup and getting a lot of issues to make things working.
I am troubleshooting in the last 7 days, already post in other forum categories and I did not get any help.
Some time ago I use DA and DirectAdmin forum was very active and helpful.
I really hope that somebody could help me with this DA issue with Let's Encrypt wildcard limitation.
I tried to install Let's Encrypt wildcard but I get an error because DA script do not allow me to add the LE activation record on my external DNS.
This seem to be a DA limitation because PLESK allow users to set the LE activation record for wildcard on external DNS server.
Plesk guide
https://docs.plesk.com/en-US/obsidia...encrypt.79603/
"Whether the Let’s Encrypt extension adds the DNS record automatically or you do it manually, it can take some time before it propagates. We recommend that you check that the DNS record was added before going to the next step. Here is how you can do it:"
So how can DA users know which TXT record should we add for complete certificate validation ?
This feature exist so when will it be fixed to allow users to add the record in the external DNS server ?
Thanks
This is my first default/basic DA server setup, using the default setup and getting a lot of issues to make things working.
I am troubleshooting in the last 7 days, already post in other forum categories and I did not get any help.
Some time ago I use DA and DirectAdmin forum was very active and helpful.
I really hope that somebody could help me with this DA issue with Let's Encrypt wildcard limitation.
I tried to install Let's Encrypt wildcard but I get an error because DA script do not allow me to add the LE activation record on my external DNS.
This seem to be a DA limitation because PLESK allow users to set the LE activation record for wildcard on external DNS server.
Plesk guide
https://docs.plesk.com/en-US/obsidia...encrypt.79603/
"Whether the Let’s Encrypt extension adds the DNS record automatically or you do it manually, it can take some time before it propagates. We recommend that you check that the DNS record was added before going to the next step. Here is how you can do it:"
So how can DA users know which TXT record should we add for complete certificate validation ?
This feature exist so when will it be fixed to allow users to add the record in the external DNS server ?
Thanks
crenet
Verified User
- Joined
- Sep 23, 2019
- Messages
- 114
Hi Martynas,Let's Encrypt certificates auto-renew themselves. Are you going to re-add these DNS records manually every 60 days? I wouldn't call this auto-renewal though, as it'd require manual action
Plesk is doing why DirectAdmin do not allow Lets Encrypt wildcard certificates when using external DNS servers ?
This seems not good because the way DA is doing it I can not get LE wildcard certificates into DirectAdmin.
It should be available, just change the script and allow the user to see the activation record that he need to add in external DNS with a confirmation button to continue the script.
Do not seem very complicated and will allow to work with both local DNS and external DNS.
Seems logical, I did not expect to see this limitation on DirectAdmin because DA is very active in implementing new features.
Doing this way will limit the use of LE wildcard certificates for local DNS that is a no sense because awe all now that its better to get a external DNS service.
Thanks
Thanks, but your link is not working...
P.S: Let's Encrypt 1.1.25 is not work anymore(I think something changed and it not work anymore =_=!) , even 1.1.38
Last edited:
I think so, my domain have some MX, A type and CNAME 's and value to external ip(out of my server, like google suite's server), so I think that is the problem why we can't finish and get ssl cert
Could DA don't limit external DNS anymore or add selection to us disable or enable it? Thanks
Last edited:
Finally, I find a stupid way to let new version(1.1.38) of Lets Encrypt to work, hope this can help the guys like me or dev to find a way may it more user friend: Go to dns control, and delete all external DNS(MX, CNAME, A...) and you can finish your cert request.
Please, we need DA to support external DNS and make it more user friendly
Please, we need DA to support external DNS and make it more user friendly
crenet
Verified User
- Joined
- Sep 23, 2019
- Messages
- 114
The link was fine and some how it stop working.
This is what we can read in Plesk doc about Let's Encrypt certificates, DA urgently need to add this feature in Directadmin for users that are using external DNS services. I think this a basic feature for who want to optimize DNS.
I just can not believe that DA is not able to do it.
To forum administrator this is not a promotion link this is just a prove that it´s possible to allow DA users to add LE wildcard certificates into DirectAdmin, you must use this feature as soon as possible.
@glio
Are you sure it's not only a matter of deleting the _acme-challenge record? Because I had the same problem in some previous versions.
@crenet
This thread was initiated by my ISP and virtually marked as solved by me because some versions ago DA actually started to works with LE wildcard on external DNS. Read some pages back on this thread.
Are you sure it's not only a matter of deleting the _acme-challenge record? Because I had the same problem in some previous versions.
@crenet
This thread was initiated by my ISP and virtually marked as solved by me because some versions ago DA actually started to works with LE wildcard on external DNS. Read some pages back on this thread.
crenet
Verified User
- Joined
- Sep 23, 2019
- Messages
- 114
Will you please informe me where is the post that fix it because I am on DA 1.59.5 and I can´t add LE wildcard certificates.
hi @_rik_
Will you please informe me where is the post that fix it because I am on DA 1.59.5 and I can´t add LE wildcard certificates ?
Or is only working on pre-release version ?
By the way does anybody know how must time a feature stays in pre-release version before moving to stable release version ?
Thanks
Hi @crenet
I'm not on a pre-release, it was fixed with the version released in October 2019 that ships with Letsencrypt.sh 1.1.31
So at this point, there are 2 cases:
1) You have something wrong in the config.
2) DA has re-introduced a new problem with the latest version
In any case, try to delete the _acme-challenge record and retry. If you come from an older version could help as it did for me.
I'm not on a pre-release, it was fixed with the version released in October 2019 that ships with Letsencrypt.sh 1.1.31
So at this point, there are 2 cases:
1) You have something wrong in the config.
2) DA has re-introduced a new problem with the latest version
In any case, try to delete the _acme-challenge record and retry. If you come from an older version could help as it did for me.