Hello,
I need SSL for my new host server:
srv8,jsalfianmarketing,com

I've already request with:
/usr/local/directadmin/scripts/letsencrypt.sh request srv8.jsalfianmarketing.com 4096

but failed.

[root@srv8 ~]# /usr/local/directadmin/scripts/letsencrypt.sh request srv8.jsalfianmarketing.com 4096
Setting up certificate for a hostname: srv8.jsalfianmarketing.com
srv8.jsalfianmarketing.com was skipped due to unreachable http://srv8.jsalfianmarketing.com/.well-known/acme-challenge/ file.
No domains pointing to this server to generate the certificate for.
[root@srv8 ~]#

This DA server was installed by DA support. and here's my license:
My server IP: 104.37.168.247
https://license.directadmin.com/#

I need your help on how to get SSL for my host server:
http://104.37.168.247:2222/evo/

Regards,
Jerry Salfian

More Info's:

According to:

Check the REQUIREMENT TO ENABLE:
dns_ttl=1

[root@srv8 ~]#  cat /usr/local/directadmin/conf/directadmin.conf
add_userdb_quota=1
allow_backup_encryption=0
apache_public_html=0
awstats=0
backup_ftp_md5=0
backup_ftp_pre_test=0
backup_gzip=2
backup_hard_link_check=0
brute_dos_count=100
brute_force_log_scanner=1
brute_force_scan_apache_logs=0
brute_force_time_limit=1200
brutecount=20
bruteforce=1
check_partitions=2
check_subdomain_owner=1
clear_blacklist_ip_time=86400
clear_brute_log_entry_time=4
clear_brute_log_time=24
cloud_cache=1
demodocsroot=./data/skins/evolution
dkim=2
dns_ttl=1
dnssec=1
docsroot=./data/skins/evolution
dovecot=1
enforce_difficult_passwords=0
ethernet_dev=enp1s0
exempt_local_block=1
hide_brute_force_notifications=1
ip_brutecount=100
ipv6=1
jail=1
letsencrypt=1
litespeed=0
logs_to_keep=5
lost_password=0
mail_sni=1
max_per_email_send_limit=0
max_username_length=16
maxfilesize=2147483648
nginx=0
nginx_proxy=0
ns1=ns1.jsalfianmarketing.com
ns2=ns2.jsalfianmarketing.com
openlitespeed=0
partition_usage_threshold=95
php_fpm_max_children_default=10
plugins_allowed_run_as=1
pointers_own_virtualhost=1
pureftp=1
purge_spam_days=0
quota_partition=/
restore_database_as_admin=0
secure_access_group=access
servername=srv8.jsalfianmarketing.com
session_minutes=60
system_user_to_virtual_passwd=1
tally_after_restore=0
timeout=60
unblock_brute_ip_time=86400
unified_ftp_password_file=1
user_brutecount=100
user_can_set_email_limit=1
webmail_backup_is_email_data=0
webmail_link=roundcube
[root@srv8 ~]#

[root@srv8 ~]# echo "action=directadmin&value=restart" >> /usr/local/directadmin/data/task.queue; /usr/local/directadmin/dataskq d2000
Debug mode. Level 2000

2023/10/22 08:15:44  info executing task            task=action=directadmin&value=restart
get_process_list_from_status: running: /usr/bin/systemctl status clamav-freshclam.service 2>&1
get_process_list_from_status: running: /usr/bin/systemctl status clamd@scan.service 2>&1
Ssl::admin_retry_domains: About to work on 0 values.
[root@srv8 ~]#

[root@srv8 ~]# cd /usr/local/directadmin/custombuild
[root@srv8 custombuild]# ./build update
[root@srv8 custombuild]# ./build letsencrypt
######################################################################## 100.0%
######################################################################## 100.0%
Lego 953d5c85145b6---hide---d919faf23e04a359b3 Installed.
[root@srv8 custombuild]#

I moved your post to the Help category. It is a better place and would have asked for answers to various questions to help us.

But, in this case it looks like your first problem is there is no DNS A (or AAAA for IPv6) record in the public DNS system for this domain. That is required to satisfy an HTTP Challenge and for anyone to reach you using your domain name.

The Let's Debug test site is often helpful to test new setups.

You might get better instructions by asking them for help. They know best how your system should be configured.

If you need more help here, please answer as much from the Help form as you can

===================================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, DirectAdmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

My domain is: srv8.jsalfianmarketing.com

I ran this command:

[root@srv8 ~]# /usr/local/directadmin/scripts/letsencrypt.sh request srv8.jsalfianmarketing.com 4096

It produced this output:

Setting up certificate for a hostname: srv8.jsalfianmarketing.com
srv8.jsalfianmarketing.com was skipped due to unreachable http://srv8.jsalfianmarketing.com/.well-known/acme-challenge/ file.
No domains pointing to this server to generate the certificate for.
[root@srv8 ~]#

My web server is (include version):

[root@srv8 ~]# /usr/local/directadmin/directadmin c | grep -i 'version='
show_php_version=1
tls_min_version=tls12
version=1.654
[root@srv8 ~]#

The operating system my web server runs on is (include version):

[root@srv8 ~]# hostnamectl
   Static hostname: srv8.jsalfianmarketing.com
         Icon name: computer-desktop
           Chassis: desktop
        Machine ID: 0e001b75512c46d1b99febb05b935717
           Boot ID: f35333c2c9f14059961df21b2cfa5570
  Operating System: CloudLinux 7.9  (Boris Yegorov)
       CPE OS Name: cpe:/o:cloudlinux:cloudlinux:7.9:beta:server
            Kernel: Linux 3.10.0-962.3.2.lve1.5.81.el7.x86_64
      Architecture: x86-64
[root@srv8 ~]#

My hosting provider, if applicable, is:
https://www.reprisehosting.com/
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, DirectAdmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.7.2 from Certbot Project (certbot-eff✓)

What's next?

Hello Mike,

I just migrated from cPanel to DA panel,

And just finished restore all of datal backup and got this problem.

Please direct me...

What shows?:
sudo certbot certificates

And please show the log file:
/var/log/letsencrypt/letsencrypt.log

And the obvious:

There is no IP for that name you are trying to secure:
*** 8.8.8.8 can't find srv8.jsalfianmarketing.com: Non-existent domain

[root@srv8 ~]# sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

No certificates found.

[root@srv8 ~]#

[root@srv8 ~]# cat /var/log/letsencrypt/letsencrypt.log
2023-10-22 12:12:25,028:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2023-10-22 12:12:25,600:DEBUG:certbot._internal.main:certbot version: 2.7.2
2023-10-22 12:12:25,600:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3420/bin/certbot
2023-10-22 12:12:25,600:DEBUG:certbot._internal.main:Arguments: ['--preconfigured-renewal']
2023-10-22 12:12:25,600:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-10-22 12:12:25,635:DEBUG:certbot._internal.log:Root logging level set at 30
2023-10-22 12:12:25,648:DEBUG:certbot._internal.display.obj:Notifying user: No certificates found.
[root@srv8 ~]#

@jsalfian your DNS server is missing records for FQDN srv8.jsalfianmarketing.com, to the public Internet it does not exist.

$ nslookup srv8.jsalfianmarketing.com ns1.jsalfianmarketing.com.
Server:         ns1.jsalfianmarketing.com.
Address:        104.37.168.248#53

** server can't find srv8.jsalfianmarketing.com: NXDOMAIN

$ nslookup srv8.jsalfianmarketing.com ns2.jsalfianmarketing.com.
Server:         ns2.jsalfianmarketing.com.
Address:        104.37.168.248#53

** server can't find srv8.jsalfianmarketing.com: NXDOMAIN

That's really strange...
My other 2 websites dns and ssh working fine...
https://marketer-safelist.com
http://mailersafelist.com

Please hold!

The certbot log file implies that certbot might not be used by the script:

In post #4 the OP quoted my blank "Please fill out info" form and included their answers in the quote from me. So, later quotes of their answers look like they came from me when they did not.

I didn't say half the stuff I'm quoted as saying LOL

Let me fix/undo that...

Hello Everyone,

I;m using cPanel for about 15 years, and migrate to DA Panel a few days ago,
The DA panel install by DA supoort team,
After I've restored all of my cPanel backup to DA Panel... Everythings Messed!
Learning a lot DA panel as a NEWBIE and not even sleep for 2-3 days.
Set it back all of the configiration settings,
Review it again more and more times...
Enable Let's Encrypt and Install SSL for host server and all of myDomain,

Restart DirectAdmin:

cd /usr/local/directadmin/scripts
echo "action=directadmin&value=restart" >> /usr/local/directadmin/data/task.queue; /usr/local/directadmin/dataskq d2000

cd /usr/local/directadmin/conf/
nano directadmin.conf
cd /usr/local/directadmin
service directadmin restart

#and make sure to Setup Wildcard SSL in Directadmin with dns_ttl=1
#This feature is only available in the Evolution Skin as of November 2020. You may access it via the User level Dashboard > Account Manager > SSL Certificates.

#Add the /.well-known Alias:

cd /usr/local/directadmin/custombuild
./build rewrite_confs
./build update
./build letsencrypt

/usr/local/directadmin/data/admin/
nano dnsprovider.conf

#Automatically set up Let's Encrypt SSL for all domains that do not currently have a certificate

cd /root
wget -O autoletsencrypt.sh http://files.directadmin.com/services/all/letsencrypt/autoletsencrypt.sh
chmod 755 autoletsencrypt.sh
service directadmin restart
./autoletsencrypt.sh

#Enforcing ssl=ON for all Users, Resellers and their packages
#First, we'll setup the enforcement for actions in

nano /usr/local/directadmin/scripts/custom/package_write_pre/enforce_ssl.sh

#Insert this code
#!/bin/sh

if [ "${ssl}" = "OFF" ]; then
   echo "SSL must be enabled";
   exit 1;
fi
exit 0;

#Account creation/modification
#Create both:
#Mode #1

nano /usr/local/directadmin/scripts/custom/user_create_pre/enforce_ssl.sh

Insert the code:

!/bin/sh
if [ "${ssl}" = "OFF" ]; then
   echo "SSL must be enabled";
   exit 1;
fi
exit 0;

Mod #1

nano /usr/local/directadmin/scripts/custom/user_modify_pre/enforce_ssl.sh

Insert the code:

#!/bin/sh

if [ "${ssl}" = "OFF" ]; then
   echo "SSL must be enabled";
   exit 1;
fi
exit 0;

#Chmod all scripts to 755:
chmod 755 /usr/local/directadmin/scripts/custom/*/enforce_ssl.sh

cd /usr/local/directadmin/scripts
echo "action=directadmin&value=restart" >> /usr/local/directadmin/data/task.queue; /usr/local/directadmin/dataskq d2000
./letsencrypt.sh request srv8.jsalfianmarketing.com,mail.srv8.jsalfianmarketing.com,smtp.srv8.jsalfianmarketing.com,www.srv8.jsalfianmarketing.com,srv8.jsalfianmarketing.com 4096

GOTCHA...
Finally! all of my websites inluding host main server Secured!

Screenshot from 2023-10-23 18-10-301280×800 96.4 KB

Thank you for all of your support. advice and inspiration...
Much apprecuated!

Best Regards,
Jerry Salfian

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.