Cant setup LetsEncrypt for DirectAdmin on CentOS7

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: devconexus.nl

I ran this command: Setup SSL certficiate in DirectAdmin

It produced this output:

Requesting new certificate order…
Processing authorization for www.devconexus.nl…
Waiting for domain verification…
Trying again…
1…2…3…4…5…
Challenge status: invalid. Challenge error: “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:unauthorized”, “detail”: "Invalid response from http://www.devconexus.nl/.well-known/acme-challenge/WXSmYwuTOh0VLG5SP6T9yxkdlTo4wPOTxnDje3RPk94: “\u003c!doctype html\u003e\u003chtml lang=\“nl\”\u003e\u003chead\u003e \u003cmeta charset=\“UTF-8\”\u003e \u003cmeta name=\“viewport\” content=\“width=device-width, user-scalable=no””, “status”: 403 . Exiting…

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): CentOS7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): DirectAdmin

I can’t get my Let’s encrypt to work it give a 403 error but I provided 777 access in my folder through the file manger in DirectAdmin. What am I doing wrong here?

I would ensure that your challenge folder can be accessed properly from the internet - place attest.txt file at:
http://www.devconexus.nl/.well-known/acme-challenge/test.txt

Screenshot.png1359×467 65.7 KB

Look at the attached screenshot. I did it correct right? Sorry I’m not a pro at this.

It is opening the file now. It was not in my public_html directory

I see the test file - so that is the correct folder…
hmm

I tried again, still getting the same error

check the folder while you are trying to get the cert.
There should be a new file created there.
otherwise, locate the letsencrypt.log file and post it here.

Nope, still only showing the test.txt file. Very weird. I installed SSL-certificate from comodo for an other domain on the same VPS and that one is just working fine.

[root@devconexus ~]# /var/log/letsencrypt/letsencrypt.log

bash: /var/log/letsencrypt/letsencrypt.log: No such file or directory

…

This is a classic IPv4 vs. IPv6 case. Your DNS records include an IPv6 record for your site, which Let’s Encrypt uses, but the site available in IPv4 and IPv6 is not the same site.

Okay thanks problem clarified. Sooo any advice on how to fix this?

Unless otherwise required, just remove the IPv6 DNS entry for your FQDN (AAAA record).
Or, if that IPv6 address can be served by your host, just add IPv6 support to your web system.

I removed the AAAA records. Restarted DirectAdmin, checked the DNS records on dnschecker.org . AAAA is gone, but I am still receiving the same error.

It may be a CentOS7/DirectAdmin problem…
It doesn’t seem to be an LE problem:
https://letsdebug.net/www.devconexus.nl/6509
https://letsdebug.net/devconexus.nl/6510

Well, there is some change right now. I think the DNS change needed some time. However now I get another error, but a different one.

Cannot Execute Your Request

Details

Requesting new certificate order…
Processing authorization for devconexus.nl…
Error: http://devconexus.nl/.well-known/acme-challenge/letsencrypt_1539269071 is not reachable. Aborting the script.
dig output for devconexus.nl:
84.22.102.228
Please make sure /.well-known alias is setup in WWW server.

So you can view my text file, so it should be accessible. Why it is still not reachable?

Its fixed now. I used this https://help.directadmin.com/item.php?id=646 guide to manually debug the folder.
Thanks for the help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.