Endre Ottem
Verified User
- Joined
- Jul 4, 2019
- Messages
- 13
For some reason, DA fails to renew Let's Encrypt certs when the A record for the domain name points to another server. An example:
We use DA for mail and DNS for a lot of our clients. In many cases though, their website is hosted on another server. This is because we deliver CMS and webshop solutions as a service, and use separate servers for this, set up and tuned especially for this purpose. Now, manually adding or renewing a Let's Encrypt cert for mail.[domain] and webmail.[domain] works fine. But when it comes to automatically renewing the certs, DA always fails.
I suspect this is because the A record for the main domain points to another server, however, since the cert was initially created only for mail.[domain] and webmail.[domain], isn't there a way to make DA remember that instead of trying to validate a host name that wasn't secured by DA in the first place? Or is there a way to have DA continue to try to secure the subdomains, even if the main domain fails (like cPanel does)?
Like I mentioned, DNS for the domains are in most (but not all) cases managed by DA. Usually, it's only the website that points to another server.
We use DA for mail and DNS for a lot of our clients. In many cases though, their website is hosted on another server. This is because we deliver CMS and webshop solutions as a service, and use separate servers for this, set up and tuned especially for this purpose. Now, manually adding or renewing a Let's Encrypt cert for mail.[domain] and webmail.[domain] works fine. But when it comes to automatically renewing the certs, DA always fails.
I suspect this is because the A record for the main domain points to another server, however, since the cert was initially created only for mail.[domain] and webmail.[domain], isn't there a way to make DA remember that instead of trying to validate a host name that wasn't secured by DA in the first place? Or is there a way to have DA continue to try to secure the subdomains, even if the main domain fails (like cPanel does)?
Like I mentioned, DNS for the domains are in most (but not all) cases managed by DA. Usually, it's only the website that points to another server.
