Unable to issue SSL


#1

My domain is: rainbowcosmetics.info

Hello all

I use Let’s Encrypt quite a lot but I’m helping out a former employer with one now but the server has WHM/cPanel and it’s getting on my goat.

So I try to issue the certificate with the plugin (which I’ve just purchased a licence for) and I get the following error

I’ve checked to see if I can view a test file in the acme-challenge folder which works
http://rainbowcosmetics.info/.well-known/acme-challenge/test.txt

I’ve a sneaky suspicion it’s something to do with DNS but I can’t figure out what. The DNS uses another too, which I don’t have access to at the moment, but both the A records for with and without www. are pointing at the correct server.

Can somebody point me in the right direction.

I have full SSH and WHM/cPanel access to the server.

curl -vvv -H "Authorization: whm root:$(cat /etc/.letsencrypt-cpanel-api-token)" \
-i -k https://$(hostname):2087/json-api/version

This returns 200 and looks ok

  • le-cp self-test

All passes fine

Thanks


#2

You have an IPv6 address configured on your server which is giving different results from the IPv4 address:

osiris@desktop ~ $ curl -Lvk http://rainbowcosmetics.info/.well-known/acme-challenge/PyZjy64d3oqH01mVyy2tom2bQCZ3xOA06qpCUpufvvM
*   Trying 2001:8d8:1000:10b4:f07e:561:4d88:2839...
* Connected to rainbowcosmetics.info (2001:8d8:1000:10b4:f07e:561:4d88:2839) port 80 (#0)
> GET /.well-known/acme-challenge/PyZjy64d3oqH01mVyy2tom2bQCZ3xOA06qpCUpufvvM HTTP/1.1
> Host: rainbowcosmetics.info
> 
< HTTP/1.1 204 No Content
< Content-Length: 0
< Connection: keep-alive
< Keep-Alive: timeout=15
< Date: Sun, 03 Feb 2019 18:39:33 GMT
< Server: Apache
osiris@client ~ $ curl -Lvk4 http://rainbowcosmetics.info/.well-known/acme-challenge/PyZjy64d3oqH01mVyy2tom2bQCZ3xOA06qpCUpufvvM
*   Trying 82.196.238.200...
* Connected to rainbowcosmetics.info (82.196.238.200) port 80 (#0)
> GET /.well-known/acme-challenge/PyZjy64d3oqH01mVyy2tom2bQCZ3xOA06qpCUpufvvM HTTP/1.1
> Host: rainbowcosmetics.info
> 
< HTTP/1.1 404 Not Found
< Date: Sun, 03 Feb 2019 18:39:42 GMT
< Server: Apache
< Content-Type: text/html; charset=UTF-8
< 
<!doctype html>
(...)
* Connection #0 to host rainbowcosmetics.info left intact
osiris@desktop ~ $

#3

Thanks … any idea what I can do about that? I hate working with WHM/cPanel


#4

Talk to your hosting provider and ask why they have set up an IPv6 address which doesn’t show your site in the first place.

I don’t have any experience with WHM/cPanel, sorry.


#5

Hi @johnedwarddoyle

do you have access to your nameserver settings? If yes, remove your ipv6 entries.

This is the AAAA entry.


#6

Ah I see. I don’t at the moment, I’m trying to get the details which is proving difficult for a Sunday evening. I’ll get them in time. Thanks for the help.


#7

It looks like the errant IPv6 record for your domain has been successfully removed now.

It was pointing to a completely different server to your cPanel server - which would have shown a different website to visitors who were IPv6-enabled.

You should be able to issue a certificate now.


#8

Yes you are correct. I eventually got access to the DNS. Thanks all


closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.