I ran this command:
.acme.sh/acme.sh --issue -d typing12.com -w /home/umardd/typing12.com
List item
It produced this output:
[Mon Aug 22 04:55:33 EDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Aug 22 04:55:33 EDT 2022] Single domain='typing12.com'
[Mon Aug 22 04:55:33 EDT 2022] Getting domain auth token for each domain
[Mon Aug 22 04:55:35 EDT 2022] Getting webroot for domain='typing12.com'
[Mon Aug 22 04:55:35 EDT 2022] Verifying: typing12.com
[Mon Aug 22 04:55:36 EDT 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Mon Aug 22 04:55:40 EDT 2022] Pending, The CA is processing your order, please just wait. (2/30)
[Mon Aug 22 04:55:44 EDT 2022] typing12.com:Verify error:185.61.154.53: Invalid response from https://typing12.com/.well-known/acme-challenge/peYHXXGCU-t-WVzuLBSmR_bqL_IKtpPow0rIqRdC8CI: 404
[Mon Aug 22 04:55:44 EDT 2022] Please check log file for more details: /home/umardd/.acme.sh/acme.sh.log
My web server is (include version):
namecheap says it is web hosting product. I don't know if it is correct for shared hosting.
The operating system my web server runs on is (include version):
namecheap says it is Cent OS 7
My hosting provider, if applicable, is: namecheap.com (shared hosting).
I can login to a root shell on my machine (yes or no, or I don't know):
Yes.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
cPanel: 102
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I am not using certbot. I am executing .acme.ssh commands on terminal and I do have SSH access.
Yes, I was trying to execute acme.sh with ZeroSSL which failed many times with a Timeout error. Once I tried to setup them manually but it did not work and displayed the message invalid certificate.
Yes, I have acme.sh to obtain certificates from ZeroSSL for other domains but now ZeroSSL is not working so I switched to Let'sEncrypt server.
The last certificate I generated was for basicscomp.com and it is working fine.
The key error code is the '404'. It means the challenge file created by acme.sh in the -d-w folder was not found by the Let's Encrypt server using that URL.
Usually this error is caused when the -d-w folder name is not the same as the one in the server's document root. I believe litespeed uses the same config as apache and so that would be the DocumentRoot value in the VirtualHost for that domain.
Can you show the VirtualHost config for that?
@vuumar Sorry, I just realized I typed -d when I meant -w - fixed.
Here is the output after running the desired command.
[umardd@premium61 ~]$ .acme.sh/acme.sh --issue -d typing12.com -w /home/umardd/public_html/typing12.com
[Wed Aug 24 22:11:00 EDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Aug 24 22:11:00 EDT 2022] Single domain='typing12.com'
[Wed Aug 24 22:11:00 EDT 2022] Getting domain auth token for each domain
[Wed Aug 24 22:11:02 EDT 2022] Getting webroot for domain='typing12.com'
[Wed Aug 24 22:11:02 EDT 2022] Verifying: typing12.com
[Wed Aug 24 22:11:03 EDT 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Wed Aug 24 22:11:07 EDT 2022] Pending, The CA is processing your order, please just wait. (2/30)
[Wed Aug 24 22:11:11 EDT 2022] typing12.com:Verify error:185.61.154.53: Invalid response from https://typing12.com/.well-known/acme-challenge/6bZPJ2dRetV-tHwDLzW1qK2Ho-QLPpLj-pcoC0hmT64: 404
[Wed Aug 24 22:11:11 EDT 2022] Please check log file for more details: /home/umardd/.acme.sh/acme.sh.log
Contents of .htaccess file:
text/x-generic .htaccess ( ASCII English text )
# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
<IfModule LiteSpeed>
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]
RewriteRule \.litespeed_conf\.dat - [F,L]
### marker CACHE RESOURCE start ###
RewriteRule wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php - [E=cache-control:max-age=3600]
### marker CACHE RESOURCE end ###
### marker FAVICON start ###
RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400]
### marker FAVICON end ###
### marker DROPQS start ###
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:utm*
CacheKeyModify -qs:_ga
### marker DROPQS end ###
</IfModule>
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN NON_LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END NON_LSCACHE
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# BEGIN Security Block
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# Disable directory listing
Options All -Indexes
# Remove header with PHP version
Header always unset X-Powered-By
Header unset X-Powered-By
# END Security Block
# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file '/home/umardd/public_html/wordfence-waf.php'
</IfModule>
<IfModule lsapi_module>
php_value auto_prepend_file '/home/umardd/public_html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
I just realized you got a cert for typing12.com earlier today.
How did you get that one? The only thing "wrong" is it does not have the www subdomain as Rudy pointed out earlier. That's an easy fix once you are able to get a cert.