Letsencrypt_timestamp file not created


#1

My domain is: zitecraft-dev.cloud.tilaa.com

I ran this command:

It produced this output:

It wants to verify my domain based on the auto-generated file with the timestamp but this doesn’t work in the manual setup I’m running.

I can access files via the web in the acme folder: http://zitecraft-dev.cloud.tilaa.com/.well-known/acme-challenge/letsencrypt_1522750978 so the alias is set ok in httpd.

How can I finish setting up the SSL certificate?

My web server is (include version):
Apache 2.2.27

The operating system my web server runs on is (include version):
DirectAdmin 1.53.0

My hosting provider, if applicable, is:
Tilaa.com, but it’s a private server, so I have full access.

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
CentOs 6.5


#2

Hi @BarendJun,

If you check the error log (screenshot) you will see that the error is for subdomain www.zitecraft-dev.cloud.tilaa.com (with www) and this domain doesn’t have an IP associated.

dig www.zitecraft-dev.cloud.tilaa.com

; <<>> DiG 9.9.7 <<>> www.zitecraft-dev.cloud.tilaa.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9910
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.zitecraft-dev.cloud.tilaa.com. IN  A

;; AUTHORITY SECTION:
cloud.tilaa.com.        171     IN      SOA     ns1.tilaa.nl. hostmaster.tilaa.nl. 2018040217 43200 3600 604800 300

;; Query time: 191 msec
;; SERVER: 16.110.135.51#53(16.110.135.51)
;; WHEN: ma. abr. 03 16:03:12 RDT 2018
;; MSG SIZE  rcvd: 110

Cheers,
sahsanu


#3

Ah ok, thanks Sahsanu!

It’s probably out of scope in this forum but how do I associate an IP address with www.zitecraft-dev.cloud.tilaa.com?

I already added
www.zitecraft-dev.cloud.tilaa.com. | A | 84.22.97.113
and
www.zitecraft-dev.cloud.tilaa.com. | NS | zitecraft-dev.zitecraft.com.

and I set the TTL to 60.


#4

Hi @BarendJun,

The authorititative DNS servers for your domain are:

ns1.tilaa.nl.
ns2.tilaa.nl.
ns3.tilaa.nl.

So you should add the A record for www.zitecraft-dev.cloud.tilaa.com in the same site you added the A record for zitecraft-dev.cloud.tilaa.com

Also, remove this:

Cheers,
sahsanu


#5

Because this is a test/dev server I don’t have a domain name from a third party attached to it and everything is set in DirectAdmin.

I still don’t understand why www.zitecraft-dev.cloud.tilaa.com has no IP address associated with it.


#6

There’s no A-record for any of your sub-names (ftp, pop, smtp, www) because as was pointed out above the authoritative name servers for your domain are ns1.tilaa.nl.-ns3.tilaa.nl. The nameserver you’ve set up at zitecraft-dev.cloud.tilaa.com isn’t authoritative (from the perspective of the outside world). What you put there can be used by machines that explicitly query it, but no one outside will use it by default.

You’ll either need to get www. put into your domains authoritative server, or get them to delegate your dev- domain to your nameserver.

By the way, your first www. entry is incorrect as it’s missing the “.” at the end. It’s also redundant so should be removed.


#7

I got LetsEncrypt running now on zitecraft-dev.cloud.tilaa.com! I solved the problem with the www. domain on the live server so I’ll leave things as they are on my dev server.

Thanks for your help!


#8

It doesn’t come easy :frowning:

Can’t get past the “acme test” on my live server. Via the shell command I see the file but when testing in the browser it’s not there.

I test it via http://zitecraft.com/.well-known/acme-challenge/test.txt

Edit: I can find it via http://37.252.127.179/.well-known/acme-challenge/test.txt so I guess it’s a DNS issue again.

Am I overlooking something else maybe?


#9

Can you see other files in /var/www/html under http://zitecraft.com/?


#10

Hi Schoen,

Do you mean via the shell? Yes, I see this:

Don’t see the .well-known alias here. Is that a problem?

[Edit]: I can’t access any of those via the browser.


#11

The Unix ls command (for which dir is an alias meant to help people coming from DOS or Windows) doesn’t show files beginning with a dot (“dotfiles”) unless you use the -a option.

So we don’t know from that output whether .well-known exists there or not.

What I meant by my question about “can you see other files” is that I’m wondering whether, if you make a file /var/www/html/top-level-test.txt, you can see its contents with a browser at http://zitecraft.com/top-level-test.txt.


#12

Ok thanks for the info, I indeed used my little amount of DOS experience from the 80’s :wink:

With dir -a I indeed see the .well-known folder. Created /var/www/html/top-level-test.txt, but can’t see it with a browser at http://zitecraft.com/top-level-test.txt.

Also tried it after temporary removing my .htaccess file but that made no difference as expected.

Can it be a DNS issue maybe?


#13

OK, this means that your web server is not currently configured to serve static files out of that directory, at least not for the zitecraft.com virtual host.

What information led you to tell Certbot that this directory is your webroot? (There isn’t necessarily some other directory that would work better without a web server configuration change, but I’m wondering where you came across this information.)


#14

I followed the DirectAdmin/LetsEncrypt documentation. Certbot is something different right? I’m a bit confused now.


#15

I’m sorry, I was thinking of another thread and shouldn’t have assumed you were using Certbot.

What information led you to tell DirectAdmin that this directory is your webroot?


#16

LetsEncrypt needs to verify I own this domain by checking if that folder exists in this directory and I haven’t seen an option to make it look in another directory (but maybe I overlooked?).

How can I change my webroot and what impact will that have on my server. In other words, what can stop working when I change it?


#17

Usually when a web server is first configured it has a particular directory that it will serve static files out of. However, subsequent web server configuration can make it have some other behavior instead (like rerouting requests to a CMS or web application or to some other server process or computer). In that case that behavior would often need to have an exception added if you want to use webroot-style verification (so that the behavior of serving static files is reinstated with respect to a specific directory, /.well-known/acme-challenge).

So, I was wondering how you chose to tell DirectAdmin that this particular directory was a place that static files were served from.


#18

I hired someone years ago to set this up.

What would be wise to do now?


#19

Would it be an option to hire someone to look into what’s happening now?

If you want to continue examining things here on the forum, I’d suggest that you post your web server configuration files so that we can try to understand how your web server is serving things and whether there’s some kind of exception that needs to be added for /.well-known/acme-challenge.


#20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.