SSL installation was skipped due to unreachable http://my-hostname/.well-known/acme-challenge/ file

G

gate2vn

Verified User
Joined
Nov 9, 2004
Messages
513
Location
Oslo
Interesting enough, but
1. I have SSL on DA on port 2222 working no problem.
2. http://my-hostname/.well-known/acme-challenge/test.txt can be read / downloaded both from inside and outside the server.

But running "./letsencrypt.sh request_single `hostname -f` 4096" always gives me error:
Setting up certificate for a hostname: my-hostname
my-hostname was skipped due to unreachable http://my-hostname/.well-known/acme-challenge/ file.
No domains pointing to this server to generate the certificate for.
Click to expand...
Tried to update letsencrypt.sh script, run rewrite_confs, then request SSL again, got the same error.

Did I miss something? Running Almalinux 8.8 with DA 1.649 latest build.
Thanks.
 
gate2vn said:
No domains pointing to this server to generate the certificate for.
Click to expand...
Seems your domain can't be found for some reason.

However, you can find it from outside.
Letsencrypt.sh uses Google DNS, maybe you hit the rate limit of Google DNS or it did not update correctly yet.

Check your hostname on Google's 8.8.8.8 dns server to see if Google dns recognize your domain/hostname.
 
Happend to me few times, please execute few times the script and you will see that it works
Assuming here that your dns is ok
 
dig @8.8.8.8 my-hostname
Click to expand...
returns correct IP address. And even with testing, I changed 8.8.8.8 to local dns 127.0.0.1, no luck. Still http://my-hostname/.well-known/acme-challenge/test.txt can be read / downloaded both from inside and outside the server. The my-hostname is set up from last year, not a new name.

Yes, I tried several times already, not only once :)

I also checked the SSL for DA. It's also Letsencrypt SSL, renewed automatically in April 30, 2023. So, the SSL for DA is working as expected, but the SSL for the hostname cannot be renewed for some reasons. And I am stuck in finding the reason :D
 
gate2vn said:
And I am stuck in finding the reason :D
Click to expand...
Just out of curiosity, did you create a seperate DNS entry in Directadmin for your hostname?
So as admin in the DNS administration, then "add zone" and then put in the hostname there.

Also, did you try this one and see what it gives, with your hostname?
/usr/local/bin/curl -I -L -k -X GET http://server.domain.com/.well-known/acme-challenge/test.txt
 
Yes, curl can connect and return result normally. As mentioned above already, the link can be read / download both from inside and outside server.
Adding a seperate DNS entry for the hostname seems solving the problem. Thanks for suggestion.
 
gate2vn said:
Adding a seperate DNS entry for the hostname seems solving the problem. Thanks for suggestion.
Click to expand...
My assumption was that is was already covered in the first place , clearly not then.
You must have an DNS record for your hostname to avoid this kind problems, still wondering why you didn't had this problem earlier then.
 
You must log in or register to reply here.
Back
Top