Let’s Encrypt: api.vectorams.co.nz: No such challenge

My domain is: api.vectorams.co.nz
CN is: transfer.vector.co.nz

I ran this command: https://letsdebug.net/api.vectorams.co.nz/278547

It produced this output: All OK!

OK

No issues were found with api.vectorams.co.nz. If you are having problems with creating an SSL certificate, please visit the Let’s Encrypt Community forums and post a question there.

I am from Akamai technical support team and hosting provider for the certificate.

I found an article in my DB, which states below:

Solution

Let’s Encrypt block a number of particularly high-profile domains from getting certificates from Let’s Encrypt by default. In order to remove the block, they need all of the following:

  1. An entity representative must email security@letsencrypt.org requesting the change, from an email address with the domain in question.
  2. The domain owner must have an accredited attorney submit a letter requesting addition or removal from the blocklist. Letter must include: Attorney Name, Firm Name, Firm Phone Number and Email Address, Firm Physical Address, Name of organization being represented, a request that specific domains be added or removed from our blocklist, date of request

Let’s Encrypt are only able to entirely remove blocked domains. We cannot whitelist subdomains of a blocked domain.

If the customer would like to protect domains after a block is removed Let’s Encrypt can recommend adding CAA records.

–> This customer does have other domains ending with “vectorams.co.nz” not sure if this solution is the right/valid solution and customer needs to follow this or not.

Please help us with the next possible steps and assist us in verifying if the issue seem related to above mentioned kb

I’m not exactly sure what the problem may be if any.

@lestaff

You guys might need to field this one.

https://dnsviz.net/d/transfer.vector.co.nz/dnssec/

Let’s Encrypt block a number of particularly high-profile domains from getting certificates from Let’s Encrypt by default. In order to remove the block, they need all of the following:

This advice is not relevant. vector.co.nz is not one of those high-profile blocked domains.

If you are having problems with issuing a certificate for that domain, sharing any specific error messages is the first step towards getting help on this forum.

3 Likes

If you are trying to get certs for the CNAMEd domains then you will have a problem.

Hi @avirmani

if you have that error

api.vectorams.co.nz: No such challenge

that’s not that problem.

Blocked domains - you see an explicit error message: “Policy forbids …”.

And letsedebug tries to create a test certificate, so letsdebug would show the same error -> impossible, if letsdebug reports an OK.

“No such challenge” -> something in your client is wrong.

Is there a better output?

PS: I don’t understand that:

Is it a problem with api or with transfer?

2 Likes

the domain is: api.vectorams.co.nz

this domain is CNAMED to Akamai.

Complete error prompt:

CA comments

2020-09-01 02:51 GMT Let’s Encrypt: api.vectorams.co.nz: No such challenge

State

Running

Status

Coordinating domain name validation.

What did you run to produce that msg?

not even sure that is an error

I am from hosting service provider’s team and I am getting this message/error from our certificate provisioning system interface.

Can you expound on that?

That’s not an error from Letsencrypt, that’s an error of your client.

Ask the developers of that client why the client hangs.

Or check, if there is a better log.

3 Likes