How to get ACME Challenge for New Domain

Greeting All,

It has been a while since I have been in the forums. So apparently when I was copying all of the steps to get a Let's Encrypt SSL certificate, I forgot the steps to get the ACME challenge information for the 'A' record.

Does anyone have any websites/links/info on how to do this?

Thanks in advance!

Tycho

1 Like

Try reading here Challenge Types - Let's Encrypt

1 Like

Hi Bruce. This page explains the different challenge types but it does not provide instructions on how to create one.

You don't create one. Your ACME client does.

5 Likes

Thanks linkp, I will check the link out. Thanks!

1 Like

Sorry. :frowning:

1 Like

No worries Bruce. Though I must say that this is proven to be much harder. I tried to use CertBot and it was giving me a 'Cannot find Apache executable apache2ctl' error. So I gave up and now am going to the ACME challenge using Lego. I'll post updates.

1 Like

I prefer webroot when using certbot. When using Apache, mod_md is my standard.

Obviously what client is most appropriate for any given circumstance will be influenced by many variables. Let us know what one ends up working best for your current situation.

6 Likes

Do you mean "TXT" record?
Are you trying to get a wildcard certificate?
I don't know of any ACME challenge that requires putting an "A" record.
[to satisfy the challenge]
Other than HTTP-01 (& TLS-ALPN-01) authentication needing to reach the IP address of the name being requested.
But that should have been there already... Since:
You should have a working HTTP site before trying to secure it via HTTP-01 authentication.

6 Likes

@rg305 Sorry doing too many things at once. Yea A record and I am still having no luck. Certbot isn't working with my new Lightsail LAMP instance.

1 Like

@tychoash care to share any more details?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my ACME client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!

1 Like

Here you where using the DNS-01 Challenge

While here it looks like you were using HTTP-01 Challenge

Maybe that can help recall what you did in the past, especially if choose to not share more details.
I realize I am not being of much value here, but just trying to help.

3 Likes

Thanks Bruce I will try those.

3 Likes

Bruce we are getting somewhere my friend! So using the first part I was able to get the challenges at least. However, when trying to use Lego to get the certs I got an interesting ACME error:

[ecorealism.org] acme: use tls-alpn-01 solver2022/12/23 21:33:09 [INFO] [ecorealism.org] acme: Trying to solve TLS-ALPN-012022/12/23 21:33:13 [INFO] [ecorealism.org] The server validated our request2022/12/23 21:33:13 [INFO] [www.ecorealism.org, ecorealism.org] acme: Validations succeeded; requesting certificates2022/12/23 21:33:14 Could not obtain certificates:error: one or more domains had a problem:[ecorealism.org] acme: error: 404 :: POST :: https://acme-v02.api.letsencrypt.org/acme/cert/03fcf4985ed74de104bd01304eb8257bb395/1 :: urn:ietf:params:acme:error:malformed :: Certificate not found[www.ecorealism.org] acme: error: 404 :: POST :: https://acme-v02.api.letsencrypt.org/acme/cert/03fcf4985ed74de104bd01304eb8257bb395/1 :: urn:ietf:params:acme:error:malformed :: Certificate not found

Is it because I used Lego next?

3 Likes

I can download the certificate perfectly using that link. I think your ACME client is buggy, can you upgrade the version?

4 Likes

Ok this was odd. I gave it a few minutes and it responded correctly this time. Let me try and put them in the right folder now. BRB

1 Like

Osiris I have the certs and have them in the /opt/bitnami/letsencrypt/certificates folder but they aren't showing on the website. Is this due to the ACME client being buggy? How do I upgrade it? Sorry for all of the questions but this is only my 2nd SSL cert ever. :slight_smile:

1 Like

Using this online tool https://crt.sh/ here is a list of issued certificates crt.sh | ecorealism.org, the latest being 2022-12-23.

Using the online tool Let's Debug with the TLS-ALPN-01 Challenge selected there an ERROR; results here https://letsdebug.net/ecorealism.org/1310947
Debug version of results here https://letsdebug.net/ecorealism.org/1310947?debug=y

[IssueFromLetsEncrypt](https://letsdebug.net/ecorealism.org/1310947#IssueFromLetsEncrypt-Error)

Error

A test authorization for ecorealism.org to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.

44.194.152.221: Error getting validation data

Do you think it is because I got the acme using certbot and then the certs using lego?

Sorry @tychoash that is something I do not know, nor even how to guess.

So, kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.