Let's Encrpyt and Quic.Cloud

Richies_Room · February 26, 2021, 8:17pm

I ran this command: SSL certificates generated through webhost cpanel.

It produced this output: The server error log shows a number of 'File not found' errors relating to the 'well-known/acme-challenge' directory - which I believe is used by Let's Encrypt. Is there something in particular that I need to do with LE SSLs as a result of using the Quic.Cloud CDN? I'm very much a beginner so please explain as if talking to a 5-year-old!

I'm not sure whether it is relevant but I'm also getting a number of errors in the format: ... richiesroom.com:443] File not found [... public_html/403.shtml]

My web server is (include version): Litespeed - Apache 2.4.46

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Krystal (UK)

I can login to a root shell on my machine (yes or no, or I don't know): No idea!

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, cpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): cpanel version 92.0 (build 11)

Thanks,
Richie

schoen · February 26, 2021, 8:53pm

Hi @Richies_Room,

It looks like your certificate was set up correctly, and these errors are a subsequent phenomenon?

If so, I really don't know what's causing them but it doesn't seem like they necessarily cause any harm or indicate any problem. Your certificate will expire on May 24, which means cPanel should attempt to renew it in late April; I'd suggest checking around the end of April whether this has happened successfully.

If the error messages continue to concern you, maybe you could ask your web host's support whether they have any idea what's going on?

One thing that could cause this is having an old server that's still online somewhere and that thinks it's still your web server, but that the DNS records are no longer pointed at. In that case the old server would try to renew its certificates, prompting the CA to connect to your site to check whether the request was really coming from your web server; the errors coming back would tell it "no" and it would refuse to give the old server a new certificate. If so, this wouldn't affect your new server's ability to get certificates at all; it's an intended behavior that certificates can only be obtained this way by the server that the DNS records currently point to.

Richies_Room · February 27, 2021, 12:15am

Hi schoen. Thanks for the prompt response

Yes, these errors have arisen after the certificate was installed. And, they don't seem to be causing any practical problems - the site is working as it should. They are just 'Info' errors. They just niggle me in case they are the beginning of something that may be problematic at a later date.

Thanks again.

HardcoreGames · February 27, 2021, 12:30am

you certificate seems to be working fine on your site

Richies_Room · February 27, 2021, 12:08pm

Hi HardcoreGames. Thanks for your response.

Yes, I know that the certificate seems to be working. It's the server errors related to the certificate that are confusing me.

HardcoreGames · February 27, 2021, 4:36pm

which distribution are you using?

Richies_Room · February 27, 2021, 7:16pm

Do you mean what host? I'm using Krystal (UK).

HardcoreGames · February 27, 2021, 7:28pm

That could be the reason for the issues

Debian and CentOS are more mainstream

Richies_Room · February 27, 2021, 11:42pm

Krystal isn't an OS, its a webhost provider like BlueHost, HostGator, DreamHost etc etc

Richies_Room · February 27, 2021, 11:43pm

What do you guys think of the article here about LE SSL and htaccess:

and
https://perishablepress.com/bluehost-sitelock/

griffin · February 28, 2021, 12:00am

I think this:

https://httpd.apache.org/docs/current/rewrite/avoid.html

and this:

https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=115522444#content/view/115522444

HardcoreGames · February 28, 2021, 2:36am

Ask your ISP or upload to your host if you have FTP access

.htaccess which should be full readwrite to the web server, this will allow Apache etc the ability to support mod_rewirite properly

place .htaccess is the root of your website

Richies_Room · March 1, 2021, 3:47pm

OK, well, that didn't work!

It's weird. The blog site works without any issues and the certificate appears to be working (blog site using https and an 'A' on being tested here:SSL Server Test (Powered by Qualys SSL Labs) ). And yet the server keeps (daily) producing these 'File not found' errors for the /.well-known/acme-challenge folder.

Within Wordpress I have 2 security plugins; BBQ Firewall and Wordfence Security. Could they be blocking any validation attempts? How often are these validation attempts made? I'm just wondering whether I could take them off-line for long enough for the validation to take place and then reactivate them again. Apologies if this is a crazy suggestion ... this stuff is all new to me

system · March 31, 2021, 3:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.