Ssl verification - godaddy cpanel server - ACME client is certbot

The folder path public_html/99anchors

give me the full log

Hey @Neilpang

I am now retrying everything step by step.
i am now stuck at this step
ssh -i .ssh/mydomain t$YOUR_CUSTOMER_NUMBER@$YOUR_DOMAIN.com

The error here I get is Permission Denied. I am sure I entered correct password too.

t45031863@dev.new.citykites.com's password: 
Permission denied, please try again.

Previously I imported the public key via SSH Access - > Manage SSH Key - > Import key from the Cpanel

This is out of the scope. please make sure your ssh is working first.

@Neilpang Yes I am working on it. and will get back here.
Thanks a lot.

EDIT : still working on it.

@Neilpang Thanks a lot for your support. I have sucessfully installed the SSL certificate for my main domain. I am now trying for subdomain as well.

Here is the full log
Domain that I still need to verify are 99anchors.com, www.99anchors.com and 99anchors.dev.new.citykites.com

sachinmandalia@p3plcpnl0887 [~]$ acme.sh --issue -d 99anchors.dev.new.citykites.com -d www.99anchors.dev.new.citykites.com -w ~/www --debug
[Sat Mar 11 01:20:12 MST 2017] Lets find script dir.
[Sat Mar 11 01:20:12 MST 2017] _SCRIPT_='/home/sachinmandalia/.acme.sh/acme.sh'
[Sat Mar 11 01:20:12 MST 2017] _script='/home/sachinmandalia/.acme.sh/acme.sh'
[Sat Mar 11 01:20:12 MST 2017] _script_home='/home/sachinmandalia/.acme.sh'
[Sat Mar 11 01:20:12 MST 2017] Using config home:/home/sachinmandalia/.acme.sh
https://github.com/Neilpang/acme.sh
v2.6.7
[Sat Mar 11 01:20:12 MST 2017] Using api: 
[Sat Mar 11 01:20:12 MST 2017] Using config home:/home/sachinmandalia/.acme.sh
[Sat Mar 11 01:20:12 MST 2017] DOMAIN_PATH='/home/sachinmandalia/.acme.sh/99anchors.dev.new.citykites.com'
[Sat Mar 11 01:20:12 MST 2017] Le_NextRenewTime
[Sat Mar 11 01:20:12 MST 2017] _on_before_issue
[Sat Mar 11 01:20:12 MST 2017] Le_LocalAddress
[Sat Mar 11 01:20:12 MST 2017] Check for domain='99anchors.dev.new.citykites.com'
[Sat Mar 11 01:20:12 MST 2017] _currentRoot='/home/sachinmandalia/www'
[Sat Mar 11 01:20:12 MST 2017] Check for domain='www.99anchors.dev.new.citykites.com'
[Sat Mar 11 01:20:12 MST 2017] _currentRoot='/home/sachinmandalia/www'
[Sat Mar 11 01:20:12 MST 2017] _saved_account_key_hash is not changed, skip register account.
[Sat Mar 11 01:20:12 MST 2017] Read key length:
[Sat Mar 11 01:20:12 MST 2017] _createcsr
[Sat Mar 11 01:20:12 MST 2017] Multi domain='DNS:www.99anchors.dev.new.citykites.com'
[Sat Mar 11 01:20:12 MST 2017] Getting domain auth token for each domain
[Sat Mar 11 01:20:12 MST 2017] Getting webroot for domain='99anchors.dev.new.citykites.com'
[Sat Mar 11 01:20:12 MST 2017] _w='/home/sachinmandalia/www'
[Sat Mar 11 01:20:12 MST 2017] _currentRoot='/home/sachinmandalia/www'
[Sat Mar 11 01:20:12 MST 2017] Getting new-authz for domain='99anchors.dev.new.citykites.com'
[Sat Mar 11 01:20:12 MST 2017] Try new-authz for the 0 time.
[Sat Mar 11 01:20:12 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Mar 11 01:20:12 MST 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "99anchors.dev.new.citykites.com"}}'
[Sat Mar 11 01:20:12 MST 2017] RSA key
[Sat Mar 11 01:20:13 MST 2017] GET
[Sat Mar 11 01:20:13 MST 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Sat Mar 11 01:20:13 MST 2017] timeout
[Sat Mar 11 01:20:13 MST 2017] _CURL='curl -L --silent --dump-header /home/sachinmandalia/.acme.sh/http.header '
[Sat Mar 11 01:20:13 MST 2017] ret='0'
[Sat Mar 11 01:20:13 MST 2017] POST
[Sat Mar 11 01:20:13 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Mar 11 01:20:13 MST 2017] _CURL='curl -L --silent --dump-header /home/sachinmandalia/.acme.sh/http.header '
[Sat Mar 11 01:20:14 MST 2017] _ret='0'
[Sat Mar 11 01:20:14 MST 2017] code='201'
[Sat Mar 11 01:20:14 MST 2017] The new-authz request is ok.
[Sat Mar 11 01:20:14 MST 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/S_x_LTyTZU5BswpdWohWp476f9yPV7Js4f3lf5YBQh4/778330844","token":"7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA"'
[Sat Mar 11 01:20:14 MST 2017] token='7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA'
[Sat Mar 11 01:20:14 MST 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/S_x_LTyTZU5BswpdWohWp476f9yPV7Js4f3lf5YBQh4/778330844'
[Sat Mar 11 01:20:14 MST 2017] keyauthorization='7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA.y4n16hAf3Jup8Ss6NqjU9tSmStrYj_di-dEBz1DjKC8'
[Sat Mar 11 01:20:14 MST 2017] dvlist='99anchors.dev.new.citykites.com#7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA.y4n16hAf3Jup8Ss6NqjU9tSmStrYj_di-dEBz1DjKC8#https://acme-v01.api.letsencrypt.org/acme/challenge/S_x_LTyTZU5BswpdWohWp476f9yPV7Js4f3lf5YBQh4/778330844#http-01#/home/sachinmandalia/www'
[Sat Mar 11 01:20:14 MST 2017] Getting webroot for domain='www.99anchors.dev.new.citykites.com'
[Sat Mar 11 01:20:14 MST 2017] _w='/home/sachinmandalia/www'
[Sat Mar 11 01:20:14 MST 2017] _currentRoot='/home/sachinmandalia/www'
[Sat Mar 11 01:20:14 MST 2017] Getting new-authz for domain='www.99anchors.dev.new.citykites.com'
[Sat Mar 11 01:20:14 MST 2017] Try new-authz for the 0 time.
[Sat Mar 11 01:20:14 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Mar 11 01:20:14 MST 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "www.99anchors.dev.new.citykites.com"}}'
[Sat Mar 11 01:20:14 MST 2017] POST
[Sat Mar 11 01:20:14 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Mar 11 01:20:14 MST 2017] _CURL='curl -L --silent --dump-header /home/sachinmandalia/.acme.sh/http.header '
[Sat Mar 11 01:20:14 MST 2017] _ret='0'
[Sat Mar 11 01:20:14 MST 2017] code='201'
[Sat Mar 11 01:20:14 MST 2017] The new-authz request is ok.
[Sat Mar 11 01:20:14 MST 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/qfC1IkGQoy2c1OF9o9JH-k5f3_Hzpol9rKUGtf2zF1E/778330908","token":"jedK_T7nvvOzhDkqUe7OqmF96B2z1GI3MGkifbMf3_E"'
[Sat Mar 11 01:20:14 MST 2017] token='jedK_T7nvvOzhDkqUe7OqmF96B2z1GI3MGkifbMf3_E'
[Sat Mar 11 01:20:14 MST 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/qfC1IkGQoy2c1OF9o9JH-k5f3_Hzpol9rKUGtf2zF1E/778330908'
[Sat Mar 11 01:20:14 MST 2017] keyauthorization='jedK_T7nvvOzhDkqUe7OqmF96B2z1GI3MGkifbMf3_E.y4n16hAf3Jup8Ss6NqjU9tSmStrYj_di-dEBz1DjKC8'
[Sat Mar 11 01:20:14 MST 2017] dvlist='www.99anchors.dev.new.citykites.com#jedK_T7nvvOzhDkqUe7OqmF96B2z1GI3MGkifbMf3_E.y4n16hAf3Jup8Ss6NqjU9tSmStrYj_di-dEBz1DjKC8#https://acme-v01.api.letsencrypt.org/acme/challenge/qfC1IkGQoy2c1OF9o9JH-k5f3_Hzpol9rKUGtf2zF1E/778330908#http-01#/home/sachinmandalia/www'
[Sat Mar 11 01:20:14 MST 2017] vlist='99anchors.dev.new.citykites.com#7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA.y4n16hAf3Jup8Ss6NqjU9tSmStrYj_di-dEBz1DjKC8#https://acme-v01.api.letsencrypt.org/acme/challenge/S_x_LTyTZU5BswpdWohWp476f9yPV7Js4f3lf5YBQh4/778330844#http-01#/home/sachinmandalia/www,www.99anchors.dev.new.citykites.com#jedK_T7nvvOzhDkqUe7OqmF96B2z1GI3MGkifbMf3_E.y4n16hAf3Jup8Ss6NqjU9tSmStrYj_di-dEBz1DjKC8#https://acme-v01.api.letsencrypt.org/acme/challenge/qfC1IkGQoy2c1OF9o9JH-k5f3_Hzpol9rKUGtf2zF1E/778330908#http-01#/home/sachinmandalia/www,'
[Sat Mar 11 01:20:14 MST 2017] ok, let's start to verify
[Sat Mar 11 01:20:14 MST 2017] Verifying:99anchors.dev.new.citykites.com
[Sat Mar 11 01:20:14 MST 2017] d='99anchors.dev.new.citykites.com'
[Sat Mar 11 01:20:14 MST 2017] keyauthorization='7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA.y4n16hAf3Jup8Ss6NqjU9tSmStrYj_di-dEBz1DjKC8'
[Sat Mar 11 01:20:14 MST 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/S_x_LTyTZU5BswpdWohWp476f9yPV7Js4f3lf5YBQh4/778330844'
[Sat Mar 11 01:20:14 MST 2017] _currentRoot='/home/sachinmandalia/www'
[Sat Mar 11 01:20:14 MST 2017] wellknown_path='/home/sachinmandalia/www/.well-known/acme-challenge'
[Sat Mar 11 01:20:14 MST 2017] writing token:7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA to /home/sachinmandalia/www/.well-known/acme-challenge/7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA
[Sat Mar 11 01:20:14 MST 2017] Changing owner/group of .well-known to sachinmandalia:sachinmandalia
[Sat Mar 11 01:20:14 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/S_x_LTyTZU5BswpdWohWp476f9yPV7Js4f3lf5YBQh4/778330844'
[Sat Mar 11 01:20:14 MST 2017] payload='{"resource": "challenge", "keyAuthorization": "7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA.y4n16hAf3Jup8Ss6NqjU9tSmStrYj_di-dEBz1DjKC8"}'
[Sat Mar 11 01:20:14 MST 2017] POST
[Sat Mar 11 01:20:14 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/S_x_LTyTZU5BswpdWohWp476f9yPV7Js4f3lf5YBQh4/778330844'
[Sat Mar 11 01:20:14 MST 2017] _CURL='curl -L --silent --dump-header /home/sachinmandalia/.acme.sh/http.header '
[Sat Mar 11 01:20:15 MST 2017] _ret='0'
[Sat Mar 11 01:20:15 MST 2017] code='202'
[Sat Mar 11 01:20:15 MST 2017] sleep 2 secs to verify
[Sat Mar 11 01:20:17 MST 2017] checking
[Sat Mar 11 01:20:17 MST 2017] GET
[Sat Mar 11 01:20:17 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/S_x_LTyTZU5BswpdWohWp476f9yPV7Js4f3lf5YBQh4/778330844'
[Sat Mar 11 01:20:17 MST 2017] timeout
[Sat Mar 11 01:20:17 MST 2017] _CURL='curl -L --silent --dump-header /home/sachinmandalia/.acme.sh/http.header '
[Sat Mar 11 01:20:17 MST 2017] ret='0'
[Sat Mar 11 01:20:17 MST 2017] 99anchors.dev.new.citykites.com:Verify error:DNS problem: NXDOMAIN looking up A for 99anchors.dev.new.citykites.com
[Sat Mar 11 01:20:17 MST 2017] Debug: get token url.
[Sat Mar 11 01:20:17 MST 2017] GET
[Sat Mar 11 01:20:17 MST 2017] url='http://99anchors.dev.new.citykites.com/.well-known/acme-challenge/7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA'
[Sat Mar 11 01:20:17 MST 2017] timeout='1'
[Sat Mar 11 01:20:17 MST 2017] _CURL='curl -L --silent --dump-header /home/sachinmandalia/.acme.sh/http.header  --connect-timeout 1'
[Sat Mar 11 01:20:17 MST 2017] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Sat Mar 11 01:20:17 MST 2017] ret='6'
[Sat Mar 11 01:20:17 MST 2017] Debugging, skip removing: /home/sachinmandalia/www/.well-known
[Sat Mar 11 01:20:17 MST 2017] pid
[Sat Mar 11 01:20:17 MST 2017] No need to restore nginx, skip.
[Sat Mar 11 01:20:17 MST 2017] _clearupdns
[Sat Mar 11 01:20:17 MST 2017] Dns not added, skip.
[Sat Mar 11 01:20:17 MST 2017] _on_issue_err
[Sat Mar 11 01:20:17 MST 2017] Please add '--debug' or '--log' to check more details.
[Sat Mar 11 01:20:17 MST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Sat Mar 11 01:20:17 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/S_x_LTyTZU5BswpdWohWp476f9yPV7Js4f3lf5YBQh4/778330844'
[Sat Mar 11 01:20:17 MST 2017] payload='{"resource": "challenge", "keyAuthorization": "7XwoxBEbKHZI6TFrFn3cZH2JqylCmi2B6zK8wyQjSPA.y4n16hAf3Jup8Ss6NqjU9tSmStrYj_di-dEBz1DjKC8"}'
[Sat Mar 11 01:20:17 MST 2017] POST
[Sat Mar 11 01:20:17 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/S_x_LTyTZU5BswpdWohWp476f9yPV7Js4f3lf5YBQh4/778330844'
[Sat Mar 11 01:20:17 MST 2017] _CURL='curl -L --silent --dump-header /home/sachinmandalia/.acme.sh/http.header '
[Sat Mar 11 01:20:17 MST 2017] _ret='0'
[Sat Mar 11 01:20:17 MST 2017] code='400'
[Sat Mar 11 01:20:17 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/qfC1IkGQoy2c1OF9o9JH-k5f3_Hzpol9rKUGtf2zF1E/778330908'
[Sat Mar 11 01:20:17 MST 2017] payload='{"resource": "challenge", "keyAuthorization": "jedK_T7nvvOzhDkqUe7OqmF96B2z1GI3MGkifbMf3_E.y4n16hAf3Jup8Ss6NqjU9tSmStrYj_di-dEBz1DjKC8"}'
[Sat Mar 11 01:20:17 MST 2017] POST
[Sat Mar 11 01:20:18 MST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/qfC1IkGQoy2c1OF9o9JH-k5f3_Hzpol9rKUGtf2zF1E/778330908'
[Sat Mar 11 01:20:18 MST 2017] _CURL='curl -L --silent --dump-header /home/sachinmandalia/.acme.sh/http.header '
[Sat Mar 11 01:20:18 MST 2017] _ret='0'
[Sat Mar 11 01:20:18 MST 2017] code='202'
[Sat Mar 11 01:20:18 MST 2017] Diagnosis versions: 
openssl:openssl
OpenSSL 1.0.1e-fips 11 Feb 2013
apache:
apache doesn't exists.
nc:
[v1.10-40]
connect to somewhere:	nc [-options] hostname port[s] [ports] ... 
listen for inbound:	nc -l -p port [-options] [hostname] [port]
options:
	-c shell commands	as `-e'; use /bin/sh to exec [dangerous!!]
	-e filename		program to exec after connect [dangerous!!]
	-b			allow broadcasts
	-g gateway		source-routing hop point[s], up to 8
	-G num			source-routing pointer: 4, 8, 12, ...
	-h			this cruft
	-i secs			delay interval for lines sent, ports scanned
        -k                      set keepalive option on socket
	-l			listen mode, for inbound connects
	-n			numeric-only IP addresses, no DNS
	-o file			hex dump of traffic
	-p port			local port number
	-r			randomize local and remote ports
	-q secs			quit after EOF on stdin and delay of secs
	-s addr			local source address
	-T tos			set Type Of Service
	-t			answer TELNET negotiation
	-u			UDP mode
	-v			verbose [use twice to be more verbose]
	-w secs			timeout for connects and final net reads
	-z			zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').

Is this your domain : 99anchors.dev.new.citykites.com ?

@Neilpang
There are 3 domains
main domain is dev.new.citykites.com which points to public_html
subdomains are 99anchors and 99anchors.dev.new.citykites.com which points to public_html/99anchors

if the domains are not pointing to the same webroot folder, you must specify the webroot folder for each domain:

acme.sh --issue  -d dev.new.citykites.com  -w public_html  -d 99anchors.dev.new.citykites.com -w public_html/99anchors

Great. how to read this command?
acme.sh --issue -d dev.new.citykites.com -w public_html -d 99anchors.dev.new.citykites.com -w public_html/99anchors
does it mean that with this command, I can issue a certificate for 99anchors.dev.new.citykites.com ?
So the first paramenter after - d -d dev.new.citykites.com is always the main domain?

BTW , I already got the certificate with lets encrypt for the main domain which is dev.new.citykites.com

yes,

The first -d domain is the main domain.

And all the domains will be issued in the same cert.

ok perfect, so this one worked
acme.sh --issue -d dev.new.citykites.com -w public_html -d 99anchors.com -w public_html/99anchors
and I installed cert for 99anchors.com

but the following gave me an error log as below
acme.sh --issue -d dev.new.citykites.com -w public_html -d 99anchors.dev.ciytkites.com -w public_html/99anchors --debug
[Sun Mar 12 03:58:58 MST 2017] Lets find script dir.
[Sun Mar 12 03:58:58 MST 2017] SCRIPT=’/home/sachinmandalia/.acme.sh/acme.sh’
[Sun Mar 12 03:58:58 MST 2017] _script=’/home/sachinmandalia/.acme.sh/acme.sh’
[Sun Mar 12 03:58:58 MST 2017] _script_home=’/home/sachinmandalia/.acme.sh’
[Sun Mar 12 03:58:58 MST 2017] Using config home:/home/sachinmandalia/.acme.sh
https://github.com/Neilpang/acme.sh
v2.6.7
[Sun Mar 12 03:58:58 MST 2017] Using api:
[Sun Mar 12 03:58:58 MST 2017] Using config home:/home/sachinmandalia/.acme.sh
[Sun Mar 12 03:58:58 MST 2017] DOMAIN_PATH=’/home/sachinmandalia/.acme.sh/dev.new.citykites.com’
[Sun Mar 12 03:58:58 MST 2017] Le_NextRenewTime=‘1494413726’
[Sun Mar 12 03:58:58 MST 2017] _saved_domain=‘dev.new.citykites.com’
[Sun Mar 12 03:58:58 MST 2017] _saved_alt=‘99anchors.dev.ciytkites.com’
[Sun Mar 12 03:58:58 MST 2017] Domains not changed.
[Sun Mar 12 03:58:59 MST 2017] Skip, Next renewal time is: Thu May 11 10:55:26 UTC 2017
[Sun Mar 12 03:58:59 MST 2017] Add ‘–force’ to force to renew.

so I got them now on my website!! Thanks a million… how can I automate it ?

You must specify the webroot folder for each domain:

acme.sh  -d domain1.com  -w /path/to/domain.com  -d sub.domain2.com  -w /path/to/sub.domain2.com  -d  sub2.domain3.com  -w /path/to/sub2.domain3.com

I’m sorry, but you can not automate it for now. Because you need to deploy the cert to your cpanel account by hand.

However, I’m working on a deploy hook for cpanel now, it should be done in near future .
please watch on github or twitter.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.