Challenge verification failed!


#1

I’m using this gem:

https://github.com/lgromanowski/letsencrypt-plugin

Trying to gen a cert for sesher.co. Sesher.co is registered with godaddy, but DNS is hosted dreamhost (I read that godaddy wouldn’t support let’s encrypt so I moved DNS to dreamhost. I really I would like to host dns on Amazon but I don’t think that’s support either please let me know though). App is rails and is hosted on heroku. When I run

rake letsencrypt_plugin RAILS_ENV=production

I get the error

Challenge verification failed! Error: urn:acme:error:unknownHost: No IPv4 addresses found for sesher.co

I want www.sesher.co, sesher.co and staging.sesher.co to all have ssl. Any help with the error would be greatly appreciated. Thanks!


#2

You are definitely missing a DNS record for sesher.co, add a DNS record for sesher.co and try again. (There only seems to be a working record for www.sesher.co and staging.sesher.co)

nslookup sesher.co 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
*** Can't find sesher.co: No answer`

#3

Your DNS provider doesn’t need to support Let’s Encrypt in any way. Some web hosts might decide to include support for Let’s Encrypt for things like shared hosting plans, where they would might offer a one-click setup in their management UI, but that doesn’t mean it’s not possible or significantly harder with anyone else.

Verification happens on a HTTP (or HTTPS) level, so as long as you can serve your site to the public (or rather serve specific content on a certain path; which is what the gem does behind the scenes), you’re good to go.


#4

Here is a list of hosting who support LE: https://github.com/letsencrypt/letsencrypt/wiki/Web-Hosting-Supporting-LE

I should really make a getting started video


#5

That’s simply the DNS server @mbrugger is using, which would then check the NS records for that domain and ask the responsible DNS server for the A record (which doesn’t exist, that’s the issue).


#6

@mbrugger @pfg

I am using heroku which doesn’t give you an IP to set as the A record. You can only use cnames. I moved the DNS to cloudflare which let’s you alias the A record, now I am getting this error:

Challenge verification failed! Error: urn:acme:error:unauthorized: Invalid response from http://sesher.co/.well-known/acme-challenge/

Thoughts? And thank yoU!


#7

“The server http://sesher.co:80 requires a username and password. The server says: Staging.”

Well, that’s never gonna work ofcourse :wink:


#8

Sorry, I should have been more specific. CNAME will work too. The issue was that there wasn’t any record for sesher.co. (Not that moving to CloudFlare is a bad idea anyway IMO, they have one of the fastest DNS networks :smile:)

As for the rest, @Osiris pointed you in the right direction. You’ll want to make sure that a request to http://sesher.co/.well-known/acme-challenge/{random token} works - without any authentication or something similar.


#9

I have the same problem with @jennykortina, I also use that gem. I added the folders to the code, and placed a sample file in the folder, I can visit the sample file through the url http://mydomain.com/.well-known/acme-challenge/sample_file