I have had an Organizational SSL Certificate from Commodo for the past five years but it will expire the end of next month. I would like to move to LetsEncrypt but am having problems issuing a certificate. I get the following error.
Many thanks! I thought it was there, but it wasn’t. I just added it and I’m sure that will do the trick but now I have had too many failed authorizations so I guess I’ll have to wait to try it again.
I have gone over all my records and compared them with another of my sites. Everything is there now but I still can’t issue a new certificate that includes cpanel and mail.
Your DNS setup seems odd to me. For a typical cPanel account, everything should point to the same IP address, more or less.
In your case though:
mail.bowmanvillegolf.ca. 600 IN A 167.114.208.131
cpanel.bowmanvillegolf.ca. 600 IN A 142.44.176.146
I can’t think of any scenario where they would be different. Since the cpanel. authorization is succeeding, I imagine that both domains should use the 142. IP address.
On the other hand, if mail. is intentionally pointing to a different server because e.g. your mail is served by a different server, then the server you’re issuing the certificate from simply won’t be able to issue a certificate for mail. - it has no way to demonstrate control of that subdomain.
Finally, you can use the “dry-run” button on the user interface to test things out without hitting Let’s Encrypt rate limits (assuming the plugin is up to date).
My mail server (server.mapenterprises.ca) uses 167.114.208.131 but their dedicated IP is 142.44.176.146. Apparently it has to be like that for “banner to match”? I honestly know nothing about these settings. I will try it with 142.44.176.146