[Solved] New installation, 404 error

Hi everyone

I’m trying to install the free ssl, but when i’m traying to put the file into the .well-known/acme-challenge/

I got a error 404 not found.

someone can help me ?


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

My domain is: www.horairegw.ca

I ran this command: http://www.horairegw.ca/.well-known/acme-challenge

It produced this output: 404 error

My web server is (include version): directadmin

I can login to a root shell on my machine (yes or no, or I don’t know): i dont know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): directadmin

Did you try to enable the certificate via a setting within directadmin? Or did you follow some other procedure (and if so, what procedure)?

I dont have any yet the ssl certification, i cant get it.

Yes, i follow this: https://www.sslforfree.com/ but i cant confirm my website… it’s not working. Maybe they are any other way to confirm my website ?

Yes, there are other ways. One is the DNS verification challenge which you can select at the second step on https://www.sslforfree.com/ (“Manual verification (DNS)”) - this involves creating special DNS records rather than files on your site, so one might work if you have trouble with the other.

Also I think directadmin has built-in Let’s Encrypt support, though you might have to ask your hosting provider to enable it if you’re on shared hosting. If that’s possible it may be the simplest option.

I alredy try. Please take a look about the error page: it’s not working…

It seems the DNS interface you’re using automatically adds your domain name, so you don’t need to include it in the name of the TXT record. So when you entered _acme-challenge.horairegw.ca, it was automatically changed to _acme-challenge.horairegw.ca.horairegw.ca and that’s where the TXT record is currently…

Instead, try just using _acme-challenge and _acme-challenge.www and trust that the .horairegw.ca will be added automatically.

Thanks for your help, i really appriciated

But same error:50

No TXT Record Found. Set the TTL to 1 second or if you cannot set the TTL then you must wait the TTL (in seconds) so it updates before verifying the domain.

Hmm, well I can see them now… maybe try again?

ok i just bypass the “check link” function and click on get ssl with your suggestion. And i got a ssl certification fils. So it’s good ?

do i need to erase the TXT after ssl installation ?

You don’t need to, but you can, if you want to keep things tidy.

You’ll need to create a new and different one when it’s time to renew, anyway.

really thanks for your help, it’s working now !!!

it’s valid only until march 2018, normal ?

Yes, that’s normal. Let’s Encrypt certificates expire after 3 months (but you can renew them for free).

It’s easiest if your hosting provider can do this for you, as they are in the best position to automate it. It might be worth asking them about this.

BTW, you seem to have installed the wrong intermediate certificate - you should be using the one you got from sslforfree. Some browsers will be unable to validate your certificate otherwise.

could you check now, i think it’s ok

Nope… I’m still seeing a RapidSSL intermediate:

$ openssl s_client -connect www.horairegw.ca:443 -servername www.horairegw.ca </dev/null
Certificate chain
 0 s:/CN=www.horairegw.ca
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA

I don’t know what sslforfree names the files, but it’s probably something like chain.pem or intermediate.pem.

If you can’t find it you can download it from here: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt (but in the future you should make sure to use the one you download along with the certificate, as it may change from time to time).

Note you can also test it for yourself at https://www.ssllabs.com/ssltest

Goetrust it’s my old expired SSL. I really dont know why it’s still there. i erased all the SSL keys to put the new one from freessl…

And yes, the internediate certificate it’s well inside with all the other one. This is why i dont understand why it’s dont show up. Maybe Geotrust override ?

Do you mean you used the combined file containing the certificate and intermediate in a single file? If so, maybe your hosting provider requires them to be uploaded separately?