Acme script points to wrong ip address

My domain is: dutchhardstyle.com

I ran this command: ./letsencrypt.sh request dutchhardstyle.com 4096

It produced this output:

Getting challenge for dutchhardstyle.com from acme-server…
Error: http://dutchhardstyle.com/.well-known/acme-challenge/letsencrypt_1500114939 is not reachable. Aborting the script.
dig output for dutchhardstyle.com:
109.70.6.249
Please make sure /.well-known alias is setup in WWW server.

My web server is (include version):
Apache 2.4.27
DirectAdmin 1.51.4

I can login to a root shell on my machine Yes

The issue is that I dont understand why its pointing to another IP since my server IP is completely different.

Many thanks for the help and suggestions.

i think your NS1 DNS server is playing up

Note: Let’s Encrypt does not use Google or Other Public DNS providers. It uses your DNS servers

You have 3 servers 2 of which seem to be aliased other name servers. You can try run the command again and it should pass as Let’s Encrypt chooses a server at random (look up on this forum as this has been discussed before)

Andrei

Hi Andrei,

First of all thanks for your really quick answer. Ill Try it again and let you know if it has been resolved.

@ahaw021,

It works now and thanks. But the next issue occurs:

The SSL is for:

Certificate Hosts admin.scubaya.com, ftp.scubaya.com, mail.scubaya.com, merchants.scubaya.com, pop.scubaya.com, scubaya.com, smtp.scubaya.com, user.scubaya.com, www.admin.scubaya.com, www.merchants.scubaya.com, www.scubaya.com, www.user.scubaya.com

But i have 2 servers. one for web applications and one for email. If i copy the certificate and key and the CA Root Certificate to my other server the common is not correct any more:

See: https://mail.scubaya.com/

Message:
Certificate Error
There are issues with the site’s certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).

Looks like for some reason it takes the server name as common. Is this correct? Can this be fixed somehow?

you certificate has the correct domain names: https://crt.sh/?id=173057447

However you web server is not using that certificate

Copying the certificate is not enough always. depending on the web server/mail server you use you may need to restart for the new certificate to be used

Andrei

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.