An error occurred creating certificates with Let's Encrypt:

Help
1

When I try to do an SSL certificate in my domain I am getting this error:

An error occurred creating certificates with Let's Encrypt:

private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/10/18 17:22:26 No key found for account dramico2@gmail.com. Generating a
P256 key.
2024/10/18 17:22:26 Saved key to
/opt/bitnami/letsencrypt/accounts/acme-v02.api.letsencrypt.org/dramico2@gmail.com
/keys/dramico2@gmail.com.key
2024/10/18 17:22:26 [INFO] acme: Registering account for dramico2@gmail.com
2024/10/18 17:22:27 [INFO] [plumbingandelectrical.net.au,
www.plumbingandelectrical.net.au] acme: Obtaining bundled SAN certificate
2024/10/18 17:22:28 [INFO] [plumbingandelectrical.net.au] AuthURL:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/417978623797
2024/10/18 17:22:28 [INFO] [www.plumbingandelectrical.net.au] AuthURL:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/417978623807
2024/10/18 17:22:28 [INFO] [plumbingandelectrical.net.au] acme: use tls-alpn-01
solver
2024/10/18 17:22:28 [INFO] [www.plumbingandelectrical.net.au] acme: use
tls-alpn-01 solver
2024/10/18 17:22:28 [INFO] [plumbingandelectrical.net.au] acme: Trying to solve
TLS-ALPN-01
Press [Enter] to continue:
2024/10/18 17:22:40 [INFO] [plumbingandelectrical.net.au] The server validated
our request
2024/10/18 17:22:40 [INFO] [www.plumbingandelectrical.net.au] acme: Trying to
solve TLS-ALPN-01
2024/10/18 17:22:47 [INFO] Skipping deactivating of valid auth:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/417978623797
2024/10/18 17:22:47 [INFO] Deactivating auth:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/417978623807
2024/10/18 17:22:47 Could not obtain certificates:
error: one or more domains had a problem:
[www.plumbingandelectrical.net.au] acme: error: 403 ::
urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol
"acme-tls/1" for tls-alpn-01 challenge

Please check our documentation and support forums, we'll be happy to help!

2

Hello @doyle,

Let’s Debug give https://letsdebug.net/plumbingandelectrical.net.au/2256893 for results.

CloudflareCDN
WARNING
The domain plumbingandelectrical.net.au is being served through Cloudflare CDN. Any Let's Encrypt certificate installed on the origin server will only encrypt traffic between the server and Cloudflare. It is strongly recommended that the SSL option 'Full SSL (strict)' be enabled.
https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-

This is the important part “It is strongly recommended that the SSL option 'Full SSL (strict)' be enabled.”

3

Thanks for the response, does this mean that I can't certify it with SSL anymore? Or do we have a certain command to run to overwrite it?

So the scenario is, I am planning to route the domain to another Server by setting up the static IP to its DNS settings, however in that new server that I have its not yet SSL certified.

4

Your DNS settings when you ran the command shown in your first post are different than the ones you have now.

For that request your apex name plumbingandelectrical.net.au pointed to a server at AWS. And, the TLS-ALPN challenge for that worked.

But, your www subdomain pointed to Cloudflare edge locations. This is because you had a CNAME for your www subdomain that does this

www.plumbingandelectrical.net.au. 10 IN CNAME   wp.wpenginepowered.com.

Why do you point your www name to wpenginepowered? Did they give you these instructions?

5

Yes Mike, I have reverted the DNS settings back to the old server, the new server that I have is running in AWS Lightsail with a new Name Server.

And for the wpenginepowered, this was set up by the previous dev, the site is currently running in wpengine. My goal is to totally transfer it to the new AWS Lightsail server

6

Then your DNS settings for both names should point to your new AWS server.

You need to modify the CNAME for your www domain and point it to your apex.

7

Thanks Mike, I'll give it a try