An error occurred creating certificates with Let's Encrypt:

doyle · October 18, 2024, 5:26pm

When I try to do an SSL certificate in my domain I am getting this error:

private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/10/18 17:22:26 No key found for account dramico2@gmail.com. Generating a
P256 key.
2024/10/18 17:22:26 Saved key to
/opt/bitnami/letsencrypt/accounts/acme-v02.api.letsencrypt.org/dramico2@gmail.com
/keys/dramico2@gmail.com.key
2024/10/18 17:22:26 [INFO] acme: Registering account for dramico2@gmail.com
2024/10/18 17:22:27 [INFO] [plumbingandelectrical.net.au,
www.plumbingandelectrical.net.au] acme: Obtaining bundled SAN certificate
2024/10/18 17:22:28 [INFO] [plumbingandelectrical.net.au] AuthURL:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/417978623797
2024/10/18 17:22:28 [INFO] [www.plumbingandelectrical.net.au] AuthURL:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/417978623807
2024/10/18 17:22:28 [INFO] [plumbingandelectrical.net.au] acme: use tls-alpn-01
solver
2024/10/18 17:22:28 [INFO] [www.plumbingandelectrical.net.au] acme: use
tls-alpn-01 solver
2024/10/18 17:22:28 [INFO] [plumbingandelectrical.net.au] acme: Trying to solve
TLS-ALPN-01
Press [Enter] to continue:
2024/10/18 17:22:40 [INFO] [plumbingandelectrical.net.au] The server validated
our request
2024/10/18 17:22:40 [INFO] [www.plumbingandelectrical.net.au] acme: Trying to
solve TLS-ALPN-01
2024/10/18 17:22:47 [INFO] Skipping deactivating of valid auth:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/417978623797
2024/10/18 17:22:47 [INFO] Deactivating auth:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/417978623807
2024/10/18 17:22:47 Could not obtain certificates:
error: one or more domains had a problem:
[www.plumbingandelectrical.net.au] acme: error: 403 ::
urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol
"acme-tls/1" for tls-alpn-01 challenge

Please check our documentation and support forums, we'll be happy to help!

Bitnami Documentation: https://docs.bitnami.com
Bitnami Community: GitHub - bitnami/vms: Bitnami VMs

Bruce5051 · October 18, 2024, 5:34pm

Hello @doyle,

Let’s Debug give https://letsdebug.net/plumbingandelectrical.net.au/2256893 for results.

CloudflareCDN
WARNING
The domain plumbingandelectrical.net.au is being served through Cloudflare CDN. Any Let's Encrypt certificate installed on the origin server will only encrypt traffic between the server and Cloudflare. It is strongly recommended that the SSL option 'Full SSL (strict)' be enabled.
https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-

This is the important part “It is strongly recommended that the SSL option 'Full SSL (strict)' be enabled.”

doyle · October 18, 2024, 5:42pm

Thanks for the response, does this mean that I can't certify it with SSL anymore? Or do we have a certain command to run to overwrite it?

So the scenario is, I am planning to route the domain to another Server by setting up the static IP to its DNS settings, however in that new server that I have its not yet SSL certified.

MikeMcQ · October 18, 2024, 5:48pm

Your DNS settings when you ran the command shown in your first post are different than the ones you have now.

For that request your apex name plumbingandelectrical.net.au pointed to a server at AWS. And, the TLS-ALPN challenge for that worked.

But, your www subdomain pointed to Cloudflare edge locations. This is because you had a CNAME for your www subdomain that does this

www.plumbingandelectrical.net.au. 10 IN CNAME   wp.wpenginepowered.com.

Why do you point your www name to wpenginepowered? Did they give you these instructions?

doyle · October 18, 2024, 5:52pm

Yes Mike, I have reverted the DNS settings back to the old server, the new server that I have is running in AWS Lightsail with a new Name Server.

And for the wpenginepowered, this was set up by the previous dev, the site is currently running in wpengine. My goal is to totally transfer it to the new AWS Lightsail server

MikeMcQ · October 18, 2024, 5:56pm

Then your DNS settings for both names should point to your new AWS server.

You need to modify the CNAME for your www domain and point it to your apex.

doyle · October 18, 2024, 6:01pm

Thanks Mike, I'll give it a try

system · November 17, 2024, 6:01pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
An error occurred creating certificates with Let's Encrypt Help	3	267	August 17, 2024
Error when i try to issue a Let's Encrypt SSL/TLS certificate Help	2	1180	November 12, 2017
Cannot create ssl certificates in Let's Encrypt Help	5	1891	November 3, 2019
Acme: error: 400 using bitnami and lego for tls-alpn-01 Help	7	1560	February 2, 2023
An error occurred creating certificates with Let's Encrypt: Help	2	1072	February 20, 2020

An error occurred creating certificates with Let's Encrypt:

Related topics