Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
syntafin.de
I ran this command:
acme.sh --issue -d syntafin.de -d www.syntafin.de -d api.syntafin.de -w /home/forge/syntafin.de/public --debug
It produced this output:
2024-01-19 07:57:49 URL:https://forge-certificates.laravel.com/le/2044530/2185005/ecdsa?env=production [4511] -> "letsencrypt_script1705647469" [1]
Cloning into 'letsencrypt1705647469'...
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:connection"
["error","detail"] "157.90.249.186: Fetching https://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0: Timeout during connect (likely firewall problem)"
["error","status"] 400
["error"] {"type":"urn:ietf:params:acme:error:connection","detail":"157.90.249.186: Fetching https://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0: Timeout during connect (likely firewall problem)","status":400}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/305769841526/FP2wgg"
["token"] "vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0"
["validationRecord",0,"url"] "http://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0"
["validationRecord",0,"hostname"] "api.syntafin.de"
["validationRecord",0,"port"] "80"
["validationRecord",0,"addressesResolved",0] "157.90.249.186"
["validationRecord",0,"addressesResolved",1] "2a01:4f8:c012:de1a::2"
["validationRecord",0,"addressesResolved"] ["157.90.249.186","2a01:4f8:c012:de1a::2"]
["validationRecord",0,"addressUsed"] "2a01:4f8:c012:de1a::2"
["validationRecord",0] {"url":"http://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0","hostname":"api.syntafin.de","port":"80","addressesResolved":["157.90.249.186","2a01:4f8:c012:de1a::2"],"addressUsed":"2a01:4f8:c012:de1a::2"}
["validationRecord",1,"url"] "http://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0"
["validationRecord",1,"hostname"] "api.syntafin.de"
["validationRecord",1,"port"] "80"
["validationRecord",1,"addressesResolved",0] "157.90.249.186"
["validationRecord",1,"addressesResolved",1] "2a01:4f8:c012:de1a::2"
["validationRecord",1,"addressesResolved"] ["157.90.249.186","2a01:4f8:c012:de1a::2"]
["validationRecord",1,"addressUsed"] "157.90.249.186"
["validationRecord",1] {"url":"http://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0","hostname":"api.syntafin.de","port":"80","addressesResolved":["157.90.249.186","2a01:4f8:c012:de1a::2"],"addressUsed":"157.90.249.186"}
["validationRecord",2,"url"] "https://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0"
["validationRecord",2,"hostname"] "api.syntafin.de"
["validationRecord",2,"port"] "443"
["validationRecord",2,"addressesResolved",0] "157.90.249.186"
["validationRecord",2,"addressesResolved",1] "2a01:4f8:c012:de1a::2"
["validationRecord",2,"addressesResolved"] ["157.90.249.186","2a01:4f8:c012:de1a::2"]
["validationRecord",2,"addressUsed"] "2a01:4f8:c012:de1a::2"
["validationRecord",2] {"url":"https://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0","hostname":"api.syntafin.de","port":"443","addressesResolved":["157.90.249.186","2a01:4f8:c012:de1a::2"],"addressUsed":"2a01:4f8:c012:de1a::2"}
["validationRecord"] [{"url":"http://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0","hostname":"api.syntafin.de","port":"80","addressesResolved":["157.90.249.186","2a01:4f8:c012:de1a::2"],"addressUsed":"2a01:4f8:c012:de1a::2"},{"url":"http://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0","hostname":"api.syntafin.de","port":"80","addressesResolved":["157.90.249.186","2a01:4f8:c012:de1a::2"],"addressUsed":"157.90.249.186"},{"url":"https://api.syntafin.de/.well-known/acme-challenge/vGJX_N6ppIwjfXpud7AJQ5R3Ibmsdg9lYORhcR5oOL0","hostname":"api.syntafin.de","port":"443","addressesResolved":["157.90.249.186","2a01:4f8:c012:de1a::2"],"addressUsed":"2a01:4f8:c012:de1a::2"}]
["validated"] "2024-01-19T06:58:05Z")
My web server is (include version):
nginx/1.24.0
The operating system my web server runs on is (include version):
Ubuntu 22.04
My hosting provider, if applicable, is:
Hetzner Cloud
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Laravel Forge
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
acme.sh 3.0.8/Laravel Forge
Additional information:
I am unable to obtain a certificate for all root domains on the server, that means for example "syntafin.de" (with aliases for www.syntafin.de and api.syntafin.de) but I can obtain certificates for subdomains only without any issue as example would be: example.syntafin.de
I only have 3 DNS Records for this domain, that would be a A/AAAA record pointing to the IP and a CNAME wildcard record.
After I talked to Hetzner I opened a ticket at Laravel Forge and they said "not a problem on our side ask in LetsEncrypt forum".
For the moment I use an old LetsEncrypt certificate I copied over from my old server but the end for this one is near (around 6 days till expiration).
Anyone any idea?