testing wildcard let´s encrypt but get "cannot excute your request"

Awd

Verified User
Joined
Aug 9, 2015
Messages
316
Hi,

Just installed latest skin with DA pre release binaries and tested wildcard.
https://www.directadmin.com/features.php?id=2122

I get this message:

Code:
Getting challenge for *.mydomain.com from acme-server...
new-authz error: HTTP/1.1 100 Continue\r
Expires: Wed, 09 May 2018 20:08:46 GMT\r
Cache-Control: max-age=0, no-cache, no-store\r
Pragma: no-cache\r
\r
HTTP/1.1 400 Bad Request\r
Server: nginx\r
Content-Type: application/problem+json\r
Content-Length: 129\r
Boulder-Requester: 10407514\r
Replay-Nonce: KLIuC64iHQ5fDLqAip_V72Son8Cfrqq9s-VeLTnzj00\r
Expires: Wed, 09 May 2018 20:08:46 GMT\r
Cache-Control: max-age=0, no-cache, no-store\r
Pragma: no-cache\r
Date: Wed, 09 May 2018 20:08:46 GMT\r
Connection: close\r
\r
{
  "type": "urn:acme:error:malformed",
  "detail": "Error creating new authz :: Wildcard names not supported",
  "status": 400
}. Exiting...
Anyone have suggestions?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,888
Location
LT, EU
Please make sure your let's encrypt script version is at least 1.1.0 (it comes with pre-release binaries).
 

Awd

Verified User
Joined
Aug 9, 2015
Messages
316
Hi,

Thanks, indeed I was running "old" version. Installed latest and now it works.

One general question, the TEXT record for verification, is that temporary and deleted automatically by DA, as I do not see that record in the DNS?
And if the dns server is external, can I add there the TXT record (temporary)? And what if it is automatically renewed?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,888
Location
LT, EU
It's deleted automatically after verification. External DNS server can be ran, if you have hooks to deploy DNS there automatically. Otherwise, if you add the DNS record there manually, it would fail with renewal after 60 days.
 

Awd

Verified User
Joined
Aug 9, 2015
Messages
316
Thank you for explanation. Have a great day!
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,786
Location
London UK
It's deleted automatically after verification. External DNS server can be ran, if you have hooks to deploy DNS there automatically. Otherwise, if you add the DNS record there manually, it would fail with renewal after 60 days.
I understand the reason behind this, but what if you have NS/DNS at CloudFlare etc (with no API).....
 

Awd

Verified User
Joined
Aug 9, 2015
Messages
316
Now get a new error

Code:
Requesting new certificate order...
Processing authorization for domain.nl...
Challenge is valid.
Processing authorization for [url]www.domain.nl[/url]...
Waiting for domain verification...
Trying again...
1..2..3..4..5..
Challenge error: HTTP/1.1 100 Continue\r
Expires: Thu, 10 May 2018 16:16:15 GMT\r
Cache-Control: max-age=0, no-cache, no-store\r
Pragma: no-cache\r
\r
HTTP/1.1 400 Bad Request\r
Server: nginx\r
Content-Type: application/problem+json\r
Content-Length: 144\r
Boulder-Requester: 34689302\r
Replay-Nonce: uMqRbzEziBQZ6zFh2rkIEh0GlOTICr6tp0wUAm2JaBk\r
Expires: Thu, 10 May 2018 16:16:15 GMT\r
Cache-Control: max-age=0, no-cache, no-store\r
Pragma: no-cache\r
Date: Thu, 10 May 2018 16:16:15 GMT\r
Connection: close\r
\r
{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: The challenge is not pending.",
  "status": 400
}. Exiting...
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,888
Location
LT, EU
May you run it from terminal using "bash -x ./letsencrypt.sh request domain.nl 4096" and attaching the output somewhere (you can PM it to me as well)?
 
Top