See if cPanel has logs showing the real error message, or contact your hosting company's support.
If the Let's Encrypt staff have time, they may be able to find an error message in the server logs, but there's little the community can do without more information.
I think the problem is because we are going through Cloudflare the dns records are not the ones of the host and they need to be before the Let’s Encrypt will install the certificate.
Let's Encrypt supports 3 different mechanisms for demonstrating control of a domain in order to obtain a certificate. Two of them work with websites proxied by Cloudflare (orange cloud). The third is called TLS-SNI-01.
I don't know what cPanel does.
You really need to get more information from your host.
tls-sni-01 challenges work by reconfiguring your webserver to respond to a specific SNI (server name) request. it applies a specific, temporary, self-signed certificate to this temporary server name that Let’s Encrypt expects to see when it initiates the TLS connection.
Does this shed any light on it?
All comments appreciated.
:::::Verify domain resolving for member.mydomain.ltd
Resolves OK
:::::Verify domain resolving for www.member.mydomain.ltd
Google said while cpanel says 77.104.171.189
:::::Removing old Let’s Encrypt certs for the same domain (if any)
:::::Calling Let’s encrypt
2017-10-09 00:26:07,046:INFO:letsencrypt.main:Saving debug log to /home/proper53/.letsencrypt/logs/letsencrypt.log
2017-10-09 00:26:08,863:INFO:letsencrypt.auth_handler:Performing the following challenges:
2017-10-09 00:26:08,863:INFO:letsencrypt.auth_handler:http-01 challenge for member.mydomain.ltd
2017-10-09 00:26:08,863:INFO:letsencrypt.plugins.webroot:Using the webroot path /home/proper53/public_html/member for all unmatched domains.
2017-10-09 00:26:08,871:INFO:letsencrypt.auth_handler:Waiting for verification…
2017-10-09 00:26:12,360:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2017-10-09 00:26:12,360:INFO:letsencrypt.auth_handler:Cleaning up challenges
Failed authorization procedure. member.mydomain.ltd (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://member.mydomain.ltd/.well-known/acme-challenge/4wH_-1fDyLITylwUL9LMHt49KT0FzkTh4xpS68NM7PQ: "
"
IMPORTANT NOTES:
- The following errors were reported by the server:
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
STATUS:2:Let’s encrypt has failed
" To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address."
So I am guessing changing the A record is the right track.
Hi everyone,
Just to let you know I got the certificate installed by:
deleting the CNAME record (you might not already have one but remember the details for later)
adding an A record with the host server IP address.
Installing the “Let’s encrypt” certificate form cPanel -> let’s encrypt app.
Deleting the A record
Adding the CNAME record back
I installed a “service down” page at the subdomain so anyone coming to the site doesn’t just get a broken link while your changing things. It just a basic HTML page that says sorry but we’re doing some updates kind of thing but this method doesn’t take long at all
If this helps anyone then that’s great. It’s taken me days to sort this and lots of stress because the deadline is tomorrow.
