[error] Could not get Let's Encrypt certificate

I can’t seem to be able to create Let’s Encrypt certificates for any of my domains. Maybe there is something wrong with the webserver-config, so that LE doesn’t finde the .well-known-folder? Am I missing something? Viewing http://kinderarzt-wilmersdorf.de/.well-known/acme-challenge/test.txt in the browser works.

My domain is:
kinderarzt-wilmersdorf.de/

I ran this command:
php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
…to generate the Let’s Encrypt certs in Froxlor

It produced this output:

> [error] Could not get Let's Encrypt certificate for kinderarzt-wilmersdorf.de: Verification ended with error: {"identifier":{"type":"dns","value":"kinderarzt-wilmersdorf.de"},"status":"invalid","expires":"2018-03-01T14:46:20Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http:\/\/kinderarzt-wilmersdorf.de\/.well-known\/acme-challenge\/_r58XCAl13HQfqcMCxkqaY5usXPNVie81zcHymuiA7w: \"<!DOCTYPE HTML PUBLIC \"-\/\/IETF\/\/DTD HTML 2.0\/\/EN\">\n<html><head>\n<title>404 Not Found<\/title>\n<\/head><body>\n<h1>Not Found<\/h1>\n<p\"","status":403},"uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/KeOCfP43vnLY3Tph3weSza3LTcs6muEQNO-apQX_5_s\/3558464225","token":"_r58XCAl13HQfqcMCxkqaY5usXPNVie81zcHymuiA7w","keyAuthorization":"_r58XCAl13HQfqcMCxkqaY5usXPNVie81zcHymuiA7w.rrEQJG6SKQ5CIU4ze1PiBc4z_jDi0kyyAyY7EnGaM-o","validationRecord":[{"url":"http:\/\/kinderarzt-wilmersdorf.de\/.well-known\/acme-challenge\/_r58XCAl13HQfqcMCxkqaY5usXPNVie81zcHymuiA7w","hostname":"kinderarzt-wilmersdorf.de","port":"80","addressesResolved":["37.120.173.224"],"addressUsed":"37.120.173.224"}]},{"type":"dns-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/KeOCfP43vnLY3Tph3weSza3LTcs6muEQNO-apQX_5_s\/3558464226","token":"hybJJw1LB4AYCWX5GfSy3XTidwIVD8Izo-IxranOwv8"}],"combinations":[[1],[0]]}

My web server is (include version):
Apache 2.2

The operating system my web server runs on is (include version):
Debian 7

My hosting provider, if applicable, is:
Netcup.net

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Froxlor 0.9.39.5-1+wheezy1

Hi,

After visiting this link, it shows Drupal was redirect your link to a 404 page.
Can you try to remove the redirect just for this directory?

Thank you

Thanks, Steven,

I thought that was because the file wasn’t created. I get the Apache 404 page, when commenting out the Drupal-htaccess - the result for LE stays the same. Any ideas?

Hi,

Can you confirm that LE's verification token are in the same root as your domain pointing?(I.E. make sure LE's token was pointing to /var/www/ and your domain was pointing to the same directory.)

Thank you.

How can I check this? The root of my website is in /var/customers/webs/rugo/

Hi,

Can you try temporary point the website root to your FROXLOR_INSTALL_DIR? (accoring to this file)
https://github.com/Froxlor/Froxlor/blob/master/scripts/jobs/cron_letsencrypt.php

Thank you

Thank you for your help so far!

Done - now I get the rate-limits message for now…

Hi,

This just means you got too many failed attempts.
Please wait for an hour to try again.

Thank you.

1 Like

Yeah! Working with the changed path! Is there a way to make it work with the “correct” path for the website? Many thanks again for your help!

Great!

I personally think you can try switch to Let's encrypt V2 API(as the code on API V2 is correct) on the panel.
However, I don't know how to do it.

Thank you.

1 Like

FYI, the v2 API is not yet live in production, so you can’t switch issuance to use it.

I’m afraid I don’t know how to make Froxlor use the correct path, though!

1 Like

Thanks @stevenzhu and @jsha!
Yes, I tried setting ACME v2, results in Couldn't resolve host 'acme-v02.api.letsencrypt.org

I just switch pathes for the cert refresh every 90 days until v2 is up and running :wink:

Thanks a lot for the help, coulnd’t have get it to work without!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.