Directadmin Error with LetsEncrypt request

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: omedita.lt
My hosting provider, if applicable, is: hostinger

I am trying to issue a Lets's Encrypt wildcard ssl certificate but everytime i get an error saying that something is wrong and i can't get it

I already have enabled a PositiveSSL. Maybe that's the problem, that it can't be 2 certificates at the same time

Erorr window:
Found wildcard domain name and http challenge type, switching to dns-01 validation.
2023/06/30 14:12:23 [INFO] [omedita.lt, .omedita.lt] acme: Obtaining SAN certificate
2023/06/30 14:12:24 [INFO] [.omedita.lt] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/241406514967
2023/06/30 14:12:24 [INFO] [omedita.lt] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/241406514977
2023/06/30 14:12:24 [INFO] [.omedita.lt] acme: use dns-01 solver
2023/06/30 14:12:24 [INFO] [omedita.lt] acme: Could not find solver for: tls-alpn-01
2023/06/30 14:12:24 [INFO] [omedita.lt] acme: Could not find solver for: http-01
2023/06/30 14:12:24 [INFO] [omedita.lt] acme: use dns-01 solver
2023/06/30 14:12:24 [INFO] [.omedita.lt] acme: Preparing to solve DNS-01
2023/06/30 14:12:26 2023/06/30 14:12:24 info executing task task=action=dns&do=delete&domain=omedita.lt&name=_acme-challenge&type=TXT
2023/06/30 14:12:25 info executing task task=action=dns&do=add&domain=omedita.lt&name=_acme-challenge&named_reload=yes&ttl=5&type=TXT&value=%22Ivlglik2Rez6jQL8YV3eGKg-ljLB0WkONkRN_nytNgA%22

2023/06/30 14:12:26 [INFO] [.omedita.lt] acme: Trying to solve DNS-01
2023/06/30 14:12:26 [INFO] [.omedita.lt] acme: Checking DNS record propagation using [[2001:4860:4860::8888]:53]
2023/06/30 14:12:56 [INFO] Wait for propagation [timeout: 5m0s, interval: 30s]
2023/06/30 14:12:57 [INFO] [.omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:13:27 [INFO] [.omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:13:57 [INFO] [.omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:14:27 [INFO] [.omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:14:58 [INFO] [.omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:15:28 [INFO] [.omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:15:58 [INFO] [.omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:16:28 [INFO] [.omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:16:58 [INFO] [.omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:17:28 [INFO] [.omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:17:58 [INFO] [*.omedita.lt] acme: Cleaning DNS-01 challenge
2023/06/30 14:17:59 2023/06/30 14:17:58 info executing task task=action=dns&do=delete&domain=omedita.lt&name=_acme-challenge&type=TXT

2023/06/30 14:17:59 [INFO] [omedita.lt] acme: Preparing to solve DNS-01
2023/06/30 14:18:02 2023/06/30 14:17:59 info executing task task=action=dns&do=delete&domain=omedita.lt&name=_acme-challenge&type=TXT
2023/06/30 14:18:01 info executing task task=action=dns&do=add&domain=omedita.lt&name=_acme-challenge&named_reload=yes&ttl=5&type=TXT&value=%22s7UeBhIxmSMMxIzhikureF0LGOvdukkNgAhSfSJ2_yg%22

2023/06/30 14:18:02 [INFO] [omedita.lt] acme: Trying to solve DNS-01
2023/06/30 14:18:02 [INFO] [omedita.lt] acme: Checking DNS record propagation using [[2001:4860:4860::8888]:53]
2023/06/30 14:18:32 [INFO] Wait for propagation [timeout: 5m0s, interval: 30s]
2023/06/30 14:18:32 [INFO] [omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:19:02 [INFO] [omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:19:32 [INFO] [omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:20:02 [INFO] [omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:20:33 [INFO] [omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:21:03 [INFO] [omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:21:33 [INFO] [omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:22:03 [INFO] [omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:22:33 [INFO] [omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:23:03 [INFO] [omedita.lt] acme: Waiting for DNS record propagation.
2023/06/30 14:23:33 [INFO] [omedita.lt] acme: Cleaning DNS-01 challenge
2023/06/30 14:23:34 2023/06/30 14:23:33 info executing task task=action=dns&do=delete&domain=omedita.lt&name=_acme-challenge&type=TXT

2023/06/30 14:23:35 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/241406514967
2023/06/30 14:23:35 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/241406514977
2023/06/30 14:23:35 Could not obtain certificates:
error: one or more domains had a problem:
[*.omedita.lt] time limit exceeded: last error: NS ns1.dns-parking.com. returned NXDOMAIN for _acme-challenge.omedita.lt.
[omedita.lt] time limit exceeded: last error: NS ns2.dns-parking.com. returned NXDOMAIN for _acme-challenge.omedita.lt.
Certificate generation failed.

Those 2 lines changes everytime sometimes there is:
NS ns2.dns-parking.com and NS ns2.dns-parking.com
NS ns1.dns-parking.com and NS ns1.dns-parking.com
NS ns2.dns-parking.com and NS ns1.dns-parking.com

Hello @, welcome to the Let's Encrypt community.

There are both IPv4 and IPv6 Address for the domain, IPv4 seem fine however IPv6 is not connecting see https://www.ssllabs.com/ssltest/analyze.html?d=omedita.lt
Let's Encrypt will try IPv6 first. All IP Address need to produce the same replies and responses.

image1132×544 20.5 KB

How do i fix this?

A quick fix would be to disable IPv6 by removing the DNS AAAA Records from the domain.

What will that do? Won't this crash my website?

How would the crash your website?

I don't know, maybe removing that, the current working SSL will stop working?

What about the not quick fix?

Get your server responding identical for both IPv4 and IPv6 addresses.

If i delete that line in DNS settings, the Let's Encrypt should start working. Yes?

I thinks so, or at least show us the next issue (if there are any).

Gona post if something is wrong later, don't want to delete that setting when 100+ people are browsing the website

Sensible.

Bruce: OP is having issues with their dns-01 challenge. While I agree a non-functional IPv6 is a bad thing and needs to be addressed, it's not the cause of the failing certificate issuance (as that would require the usage of the http-01 challenge, not the currently used dns-01).

@Tautuxs Is the DNS zone for omedita.lt also managed in DirectAdmin? Or separately?

Edit: Hm, it seems dns-parking.com (the domain of the nameservers for omedita.lt) actually belong to Hostinger.. So that should be good, right? Can you confirm you can modify the DNS zone for omedita.lt using DirectAdmin?

The output of your log looks from acme.sh but when I tried to identify the DNS plugin used by searching for the text named_reload, it does not give any result? Maybe Hostinger is using a custom DNS plugin for their acme.sh integration? -> Hm, it seems that named_reload variable is a DirectAdmin thing looking at named_reload=yes to respect named_service_override.. Probably isn't acme.sh at all

@Tautuxs You might want to ask Hostinger about this issue.

Good point Osiris, thank you.

What should i ask them?
Like: Why Let's Encrypt wildcard won't work for my VPS website?
Or should i just copy pasta the same error window i posted in here?

Since the DNS-01 challenge is being used this maybe of some use.

I think it's from hostinger, the DNS name servers, because the domain is bought from hostinger

Here DNS Spy report for omedita.lt shows name servers ns1.dns-parking.com. and ns2.dns-parking.com.

image1046×615 9.2 KB

Yes. Those 2 name servers: ns1 and ns2 are hostingers name servers