My domain is: aalsultan.com
I ran this command: acme.sh --issue -d aalsultan.com --keylength 4096 -w /var/www/letsencrypt --key-file /etc/letsencrypt/rsa-certs/privkey.pem --ca-file /etc/letsencrypt/rsa-certs/chain.pem --cert-file /etc/letsencrypt/rsa-certs/cert.pem --fullchain-file /etc/letsencrypt/rsa-certs/fullchain.pem
It produced this output:
[Wed Sep 4 18:11:28 UTC 2019] Create account key ok.
[Wed Sep 4 18:11:28 UTC 2019] Registering account
[Wed Sep 4 18:11:30 UTC 2019] Registered
[Wed Sep 4 18:11:30 UTC 2019] ACCOUNT_THUMBPRINT=‘NeF4Vzx_qgeiN5l6Q9dF9g_r5kuVIM5dJa36SLR5taM’
[Wed Sep 4 18:11:30 UTC 2019] Creating domain key
[Wed Sep 4 18:11:31 UTC 2019] The domain key is here: /home/acmeuser/.acme.sh/aalsultan.com/aalsultan.com.key
[Wed Sep 4 18:11:31 UTC 2019] Single domain=‘aalsultan.com’
[Wed Sep 4 18:11:31 UTC 2019] Getting domain auth token for each domain
[Wed Sep 4 18:11:32 UTC 2019] Getting webroot for domain=‘aalsultan.com’
[Wed Sep 4 18:11:33 UTC 2019] Verifying: aalsultan.com
[Wed Sep 4 18:11:36 UTC 2019] aalsultan.com:Verify error:Invalid response from http://aalsultan.com/.well-known/acme-challenge/I-pCvG6YYFKt5UOC_G93N6hsPZQLrTUDOQc6AVIF8RY [220.127.116.11]:
[Wed Sep 4 18:11:36 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Wed Sep 4 18:11:36 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
My web server is (include version):
The operating system my web server runs on is (include version): ubuntu 18
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
This site uses a HTTP redirect to a completely different IP address, indicating that your DNS records are set quite inappropriately.
so i must stop redirecting to this IP and correct DNS record ?
If I understand the question correctly, yes. You need to set a DNS A record pointing to your actual IP address.
thanks danb35. i set a DNS a record pointing to my IP. but still cant verifying when i trying to issue certs. below is the new logs. thanks again for your help.
[Thu Sep 5 08:13:51 UTC 2019] Single domain=‘aalsultan.com’
[Thu Sep 5 08:13:51 UTC 2019] Getting domain auth token for each domain
[Thu Sep 5 08:13:55 UTC 2019] Getting webroot for domain=‘aalsultan.com’
[Thu Sep 5 08:13:55 UTC 2019] Verifying: aalsultan.com
[Thu Sep 5 08:13:59 UTC 2019] aalsultan.com:Verify error:unknownHost :: No valid IP addresses found for aalsultan.com
[Thu Sep 5 08:13:59 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Thu Sep 5 08:13:59 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
there is only an A record of your www version - https://check-your-website.server-daten.de/?q=aalsultan.com
||18.104.22.168 Riyadh/Ar Riyāḑ/Saudi Arabia (SA) - ARABIAN INTERNET & COMMUNICATIONS SERVICES CO.LTD No Hostname found
Your non www version doesn't have an ip address.
So it's impossible to create a certificate using http validation.
Add a new A record
aalsultan.com -> 22.214.171.124
And perhaps create a certificate with both domain names - non-www and www.
i already added this record before. please see the attached capture.
thanks for ur help
That menu adds the domain name.
So now you have an A entry with
D:\temp>nslookup aalsultan.com.aalsultan.com. ns1.domain.com.
Normally, @ is used if you want to create an entry with your main domain.
Share the complete output of your dns menu.
PS: And there is a second wrong entry
sure, please see the attached captures
The raw A entry is missing.
A @ 126.96.36.199
Like your other “raw” entries with “@” in the second column.
i have updated my DNS list. removed the wrong entry as you mentioned above and added the missing entry A @ 188.8.131.52.
i mean is this enough to solve my issue.
below is the logs
and i have ran this command (
acme.sh --issue -d aalsultan.com --keylength ec-384 -w /var/www/letsencrypt --key-file /etc/letsencrypt/ecc-certs/privkey.pem --ca-file /etc/letsencrypt/ecc-certs/chain.pem --cert-file /etc/letsencrypt/ecc-certs/cert.pem --fullchain-file /etc/letsencrypt/ecc-certs/fullchain.pem --log
plz i need help. i have been stuck in this issue since 2 weeks
There is your error: “Operation not permitted”. Looks like the account you use has insufficient rights.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.