Verify error-invalid response using acme.sh on shared hosting

This has now returned an output-1234

I have now successfully issued, install and deployed the certificates for smartwealthadvisors.com after removing the reference to the subdomain-app.smartwealthadvisors.com in my commands. But I’m now getting a verify error-DNS problem when I issue a command for just the subdomain.

I sill need help to issue a certificate for app.swealthadvisors.com. Got a DNS problem error.

I cannot resolve the address either. Did you add the subdomain to your DNS?

How do I do that? It’s a live subdomain with SSL, I just want to reissue using let’s encrypt.

No it's not. When I surf to the URL http://app.swealthadvisors.com/ I'm getting a "app.swealthadvisors.com ’s server IP address could not be found." error from my Chromium webbrowser.

The authorative DNS servers (ns21.domaincontrol.com and ns22.domaincontrol.com) return a "NXDOMAIN" when asked for app.swealthadvisors.com meaning the DNS server doesn't know that subdomain.

However, in my personal opinion (as a volunteer on this community), it is outside the scope of this Let's Encrypt community to tell and/or learn you how to manage your DNS zonefile.

It’s app.smartwealthadvisors.com not ‘appswealthadvisors’.

Ah, figures a lot :grimacing:

I just used the URL provided by you in:

Error was from my earlier response. Apologies

I still need help here. The same issue command that was successful for the main domain is giving a verify error-invalid response for a valid and active subdomain. I’m at a loss as to why the verification failed when everything else appears to check out. What should I check/fix to correct this. Is there a separate/different issue command for a subdomain/wildcard? Thanks

Your main domain and subdomain likely have different webroots.

The exact same command isn’t likely to work for both, the -w parameter has to point to the correct webroot for the specific domain you’re issuing for.

On https://github.com/acmesh-official/acme.sh/wiki/Simple-guide-to-add-TLS-cert-to-cpanel, there is a command which shows how to identify the webroot for your domains and subdomains, if you don’t already know it.

uapi DomainInfo single_domain_data domain=_EXAMPLE.COM_ | grep documentroot

So you could try something like:

uapi DomainInfo single_domain_data domain=smartwealthadvisors.com | grep documentroot
uapi DomainInfo single_domain_data domain=app.smartwealthadvisors.com | grep documentroot
uapi DomainInfo single_domain_data domain=www.app.smartwealthadvisors.com | grep documentroot

and then follow along with the right webroots.

If the issue command worked for www.smartwealthadvisors.com without any verify error, why not for app.smartwealthadvisors.com? Or should I have put in *.smartwealthadvisors.com along with smartwealthadvisors.com to account for both ‘app.’ and ‘www.’ in my initially successfully issued certificate?

Thanks for this. Let me give it a shot.

I just checked and I followed the correct webroot.

The 3rd option returned nothing

If it is the correct webroot, then you should be able to place an file in $WEBROOT/.well-known/acme-challenge/test.txt and access it at http://app.smartwealthadvisors.com/.well-known/acme-challenge/test.txt.

If we can get that to work, then we can issue a certificate with acme.sh.

That's OK, I just wasn't sure whether the www was the subdomain alias or not.

I already did an echo test and it returned the output

My thoughts exactly..

Can I see the test.txt file working myself?

Not that I don’t believe you, but there’s really nothing else that can be going wrong.

https://www.app.smartwealthadvisors.com/.well-known/acme-challenge/test This produces the output