Koozali.org: home of the SME Server

letsencrypt challenge not completing

Offline umbi

  • ***
  • 100
  • +0/-0
letsencrypt challenge not completing
« on: April 22, 2021, 05:20:21 AM »
Hello everybody

Im desperated and i hope somebody can help me here.
Im using SME Server 9.2 with letsencrypt. but after i changed to API V2 in config now i get this error allso in testmode:

when i make dehydratet -c   it comes:

Error registering account key. See message above for more information.
rm: remove from „/etc/dehydrated/accounts/[OBF]/
registration_info.json“

the file does not exist i checked.
Is there a possibility to clean up completely letsencrypt (remove all files and configs) and start installation from letsencrypt by scratch?

i tried to uninstall, rebootet and reinstalled, but same error cames up again. The problem is all my domains now have no certificate :-(

config:

    ACCEPT_TERMS=yes
    API=2
    configure=all
    email=*@*.com
    hookScript=disabled
    status=test

i tried allso:

config delprop modSSL crt
config delprop modSSL key
config delprop modSSL CertificateChainFile

i think i have installed both contribs:

yum --enablerepo=smecontribs install dehydrated 
and
yum install smeserver-letsencrypt --enablerepo=smecontribs


i will really apreciate your help.

Thank you verry much

umbi
« Last Edit: April 22, 2021, 08:27:10 PM by Jean-Philippe Pialasse »

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #1 on: April 22, 2021, 07:41:54 AM »
this should clean your dehydrated installation

Code: [Select]
rm -rf /etc/dehydrated/accounts/* /etc/dehydrated/certs/* /etc/dehydrated/chains/*
do a backup first ;)

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #2 on: April 22, 2021, 12:13:04 PM »
Version: dehydrated-0.6.5-13.el6.fws.noarch



Hello Jean-Philippe

Thank you verry much for your fast answer.

I did what you wrote but the error is still here:


# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
Certificate authority doesn't allow registrations.


Error registering account key. See message above for more information.
rm: Remove of: „/etc/dehydrated/accounts/[OBF]/registration_info.json“ not possible: File or Directory not found
[root@server ~]#



When i delete manually the directory with:

rm -r [OBF]/

after dehydratet -c   it regenarates the same directory again :-(

when i uncomment in the config:

CA="https://acme-staging.api.letsencrypt.org/directory"
to
#CA="https://acme-staging.api.letsencrypt.org/directory"


 dehydrated]# dehydrated -c


i get this error:

# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
  + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 403)

Details:
{
  "type": "urn:acme:error:unauthorized",
  "detail": "Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.",
  "status": 403
}





« Last Edit: April 22, 2021, 08:26:56 PM by Jean-Philippe Pialasse »

Offline sages

  • *
  • 182
  • +0/-0
    • http://www.sages.com.au
Re: letsencrypt challenge not completing
« Reply #3 on: April 22, 2021, 02:16:46 PM »
I think the mention the v1 is no longer supported and you must use v2 in the error messages might be a clue.
The wiki makes mention of this and how to resolve it.
https://wiki.koozali.org/Letsencrypt#V2_API
« Last Edit: April 22, 2021, 02:20:50 PM by sages »
...

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #4 on: April 22, 2021, 02:23:08 PM »
Hi Sages

Thank you verry much for your answer.

As you can see i have this config:

# config show letsencrypt
letsencrypt=service
   ACCEPT_TERMS=yes
   API=2
   configure=none
   email=####@#####.###
   hookScript=disabled
   status=test

do you think is bether to change instead from API 2  to API = auto as i had mixed V1 and V2 certificates?

My goal is to make all certificates of all domains new under V2


Is it possible that i have to remove and regenerate:  /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge 

?    That directory is full....

Appreciating your help  thank you

Umbi
« Last Edit: April 22, 2021, 06:01:30 PM by umbi »

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #5 on: April 22, 2021, 06:08:17 PM »
My guess is you did not fully followed the wiki and did set your DB but did not expand your templates.

can you please FIRST paste here what returns

Code: [Select]
# cat /etc/dehydrated/config
then only after copying here the result, try
Code: [Select]
rm -rf /etc/dehydrated/accounts/* /etc/dehydrated/certs/* /etc/dehydrated/chains/*
config setprop letsencrypt API 2
expand-template /etc/dehydrated/config
expand-template /etc/dehydrated/domains.txt
expand-template /usr/bin/hook-script.sh
dehydrated -c

beware there is a day limit of tries, after that you get your IP banned. So make sure all your domains listed in /etc/dehydrated/domains.txt DO point to your current IP

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #6 on: April 22, 2021, 06:15:53 PM »
My guess is you did not fully followed the wiki and did set your DB but did not expand your templates.

can you please FIRST paste here what returns

Code: [Select]
# cat /etc/dehydrated/config
#!/bin/bash
CA="https://acme-staging-v02.api.letsencrypt.org/directory"
WELLKNOWN="/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge"
HOOK="/usr/bin/hook-script.sh"
BASEDIR="/etc/dehydrated"
CONTACT_EMAIL=*@*
API="2"
PARAM_ACCEPT_TERMS="yes"



then only after copying here the result, try
Code: [Select]
rm -rf /etc/dehydrated/accounts/* /etc/dehydrated/certs/* /etc/dehydrated/chains/*
config setprop letsencrypt API 2
expand-template /etc/dehydrated/config
expand-template /etc/dehydrated/domains.txt
expand-template /usr/bin/hook-script.sh
dehydrated -c

beware there is a day limit of tries, after that you get your IP banned. So make sure all your domains listed in /etc/dehydrated/domains.txt DO point to your current IP

sorry for the double post....

at moment im in test mode.  So you think i can start with your purpose?

rm -rf /etc/dehydrated/accounts/* /etc/dehydrated/certs/* /etc/dehydrated/chains/*
config setprop letsencrypt API 2
expand-template /etc/dehydrated/config
expand-template /etc/dehydrated/domains.txt
expand-template /usr/bin/hook-script.sh
dehydrated -c

In test mode or productive ?
« Last Edit: April 22, 2021, 06:20:01 PM by umbi »

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #7 on: April 22, 2021, 06:34:53 PM »
in test mode same error:

server dehydrated]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
Certificate authority doesn't allow registrations.

Error registering account key. See message above for more information.
rm: remove of „/etc/dehydrated/accounts/[OBF]/registration_info.json“ not possible: File or Directory not found
[root@server dehydrated]#

 :-(

now i found in log files that here:

[Thu Apr 22 16:14:52 2021] [warn] RSA server certificate CommonName (CN) `host.mydomain.com' does NOT match server name!?

after reboot this error comes no more - host.mydomain.com shows now again to my ip
« Last Edit: April 22, 2021, 08:26:01 PM by Jean-Philippe Pialasse »

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #8 on: April 22, 2021, 07:53:17 PM »
please check you do not have any config file that could be interpreted and overrule what is in /etc/dehydrated/config  in the following places
 /usr/local/etc/dehydrated/config
./config  (current directory)
/usr/bin/config



please paste here the result of

Code: [Select]
# dehydrated -eyou can hide your email address and account string please. (what is  in  /etc/dehydrated/accounts/<HERE>/..)


Code: [Select]
now i found in log files that here:

[Thu Apr 22 16:14:52 2021] [warn] RSA server certificate CommonName (CN) `host.mydomain.com' does NOT match server name!?

after reboot this error comes no more - host.mydomain.com shows now again to my ip
not relevant just noise



edit

also please what returns
Code: [Select]
rpm -q dehydrated


« Last Edit: April 22, 2021, 08:01:26 PM by Jean-Philippe Pialasse »

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #9 on: April 22, 2021, 08:16:37 PM »
Hello  Jean-Philippe

here the answers to your questions:

please check you do not have any config file that could be interpreted and overrule what is in /etc/dehydrated/config  in the following places
 /usr/local/etc/dehydrated/config

./config  (current directory)
/usr/bin/config

-> nothing found

----------------------------------------------

you can hide your email address and account string please. (what is  in  /etc/dehydrated/accounts/<HERE>/..)


-server accounts]# dir
[OBF]
[OBF]

----------------------------------------------

-server ~]# dehydrated -e
-bash: -server: Kommando nicht gefunden.
[root@gserver ~]# # dehydrated configuration
[root@g-server ~]# # INFO: Using main config file /etc/dehydrated/config
[root@g-server ~]# declare -- CA="https://acme-v02.api.letsencrypt.org/directory"
[root@g-server ~]# declare -- LICENSE=""
[root@g-server ~]# declare -- CERTDIR="/etc/dehydrated/certs"
[root@g-server ~]# declare -- CHALLENGETYPE="http-01"
[root@g-server ~]# declare -- DOMAINS_D=""
[root@gserver ~]# declare -- DOMAINS_TXT="/etc/dehydrated/domains.txt"
[root@gserver ~]# declare -- HOOK="/usr/bin/hook-script.sh"
[root@g-server ~]# declare -- HOOK_CHAIN="no"
[root@g-server ~]# declare -- RENEW_DAYS="30"
[root@g-server ~]# declare -- ACCOUNT_KEY="/etc/dehydrated/accounts/[OBF]/account_key.pem"
[root@g-server ~]# declare -- ACCOUNT_KEY_JSON="/etc/dehydrated/accounts/[OBF]/registration_info.json"
[root@g-server ~]# declare -- KEYSIZE="4096"
[root@g-server ~]# declare -- WELLKNOWN="/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge"
[root@g-server ~]# declare -- PRIVATE_KEY_RENEW="yes"
[root@g-server ~]# declare -- OPENSSL_CNF="/etc/pki/tls/openssl.cnf"
[root@g-server ~]# declare -- CONTACT_EMAIL="*@*.ch"
[root@g-server ~]# declare -- LOCKFILE="/etc/dehydrated/lock"


i hope it helps

thank you 

umbi
« Last Edit: April 22, 2021, 08:25:42 PM by Jean-Philippe Pialasse »

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #10 on: April 22, 2021, 08:29:25 PM »
you did not returned the result of

Code: [Select]
rpm -q dehydrated
the next possible issue is you have an outdated version

NB: i spitted the topic from where you posted.

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #11 on: April 22, 2021, 08:30:07 PM »
Sorry here it is:

-server accounts]# rpm -q dehydrated
dehydrated-0.6.5-13.el6.fws.noarch


i will add the information, that when the certs were stopped, i tried to do that what reetP told to me under this post:

https://forums.contribs.org/index.php/topic,54276.msg284403.html#msg284403

Now i see that all hes comments are deleted.

----------

and other information is that i istalled years ago both repos:

smeserver-letsencrypt + dehydratet

it worked under V1 for years.

maybe it helps .... i hope so

Thank you verry much

Umbi
« Last Edit: April 22, 2021, 08:53:30 PM by umbi »

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #12 on: April 22, 2021, 08:45:56 PM »
please try the following (I see you are in an accounts directory , which I presume is /etc/dehydrated/accounts, i really want you to get away from there and really be in root home when running dehydrated, I have seen weird behaviours already when in some path)


Code: [Select]
cd
rm -rf /etc/dehydrated/accounts/* /etc/dehydrated/certs/* /etc/dehydrated/chains/*
config setprop letsencrypt API 2
expand-template /etc/dehydrated/config
expand-template /etc/dehydrated/domains.txt
expand-template /usr/bin/hook-script.sh
bash -xv dehydrated --register --accept-terms 2>&1 | tee -a dehydrated.log
then post the output removing sensitive data first

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #13 on: April 22, 2021, 08:57:42 PM »
thank you

with the last commandline i get this:

-server ~]# bash -xv dehydrated --register --accept-terms 2>&1 | t                                            ee -a dehydrated.log
module () {  eval `/usr/bin/modulecmd bash $*`
}
dehydrated: dehydrated: ist an directory.
[root@goldstar-server ~]#


when i put  tee -a dehydrated.log    terminal is no more responding

« Last Edit: April 22, 2021, 08:59:22 PM by umbi »

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #14 on: April 22, 2021, 09:02:12 PM »
Code: [Select]
cd
mv dehydrated dehydrated.old
rm -rf /etc/dehydrated/accounts/* /etc/dehydrated/certs/* /etc/dehydrated/chains/*
config setprop letsencrypt API 2
expand-template /etc/dehydrated/config
expand-template /etc/dehydrated/domains.txt
expand-template /usr/bin/hook-script.sh
bash -xv /usr/bin/dehydrated --register --accept-terms 2>&1 | tee -a dehydrated.log

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #15 on: April 22, 2021, 09:07:30 PM »
ok i got a big log file....

maskerating sensitive datas takes a fiew minutes... .

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #16 on: April 22, 2021, 09:26:42 PM »
Jean-Philippe

the logfile is bigger than 20k charakters...   i sent you by mail function in forum function
« Last Edit: April 22, 2021, 09:29:41 PM by umbi »

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #17 on: April 22, 2021, 10:07:01 PM »
from what I have received (the beginning is missing)
you did not used the test staging but the v2
CA=https://acme-v02.api.letsencrypt.org/directory


you successfully registered
Code: [Select]
+ echo '+ Registering account key with ACME server...'
+ echo '+ Fetching account ID...'
+ echo '+ Done!'
+ Done!
+ exit 0

so you have now an active account and you just have to do the following (yes I want you in root home)

Code: [Select]
cd
/usr/bin/dehydrated -c

just to check

Code: [Select]
ll /root/config
and

Code: [Select]
whereis dehydrated

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #18 on: April 22, 2021, 10:28:44 PM »
Hi Jean-Philippe

cd
/usr/bin/dehydrated -c

give me this:

"type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Invalid response from http://de*-ver*.ch/.well-known/acme-challenge/GaM1p7****************xNo9K_y_9U7Onw [81.6.*.*]: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eForbidden\u003c/h1\u003e\\n\u003cp\"",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/125*****39/xYL8Ig",
  "token": "GaM1p7********************xNo9K_y_9U7Onw",
  "validationRecord": [
    {
      "url": "http://de*-ver*.ch/.well-known/acme-challenge/GaM1p**************_y_9U7Onw",
      "hostname": "de*-ver*.ch",
      "port": "80",
      "addressesResolved": [
        "81.6.*.*"
      ],
      "addressUsed": "81.6.*.*"
    }
  ],
  "validated": "2021-04-22T20:20:19Z"
})
[root@g-server ~]#


it looks that now the problem is at the  domains  and not at the hosts...

my scare is that they block me if i make many tries

-------

Code: [Select]
ll /root/config

**** not existing ****
--------

-server ~]# whereis dehydrated
dehydrated: /usr/bin/dehydrated /etc/dehydrated /usr/local/bin/dehydrated


thank you verry verry much - i guess we come the solution nearer... .

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #19 on: April 22, 2021, 10:43:03 PM »
Quote
403 Forbidden

that is why

Quote
"addressUsed": "81.6.*.*"
I guess you checked this is really your ip

Quote
"Invalid response from http://de*-ver*.ch/.well-known/acme-challenge/GaM1p7****************xNo9K_y_9U7Onw [81.6.*.*]

is your Ibay configured to force SSL connection ?
is the Primary ibay configured to force SSL connection (if domain not linked to the Primary ibay)?

you have to allow non ssl connection on the /.well-known/acme-challenge path, meaning you need to disable force ssl connection Primary ibay. If an important site is there I suggest moving it on another ibay


Finally is the ibay password protected ?

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #20 on: April 22, 2021, 10:56:19 PM »
Hi  Jean-Philippe

im really gracefull for your help.

- the masterdomain of the server points to  "primary i-bay"  and was SSL forced, now i have it disabled,
  but by htaccess there is a rewriteroule with goto https. Think should not be a problem.

- the primary directory is not pw protected.

Should i bether go to test mode to make a retry with etc/dehydrated -c ?
I'm scared that i arrive at the try limits...

umbi
« Last Edit: April 22, 2021, 11:11:46 PM by umbi »

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #21 on: April 22, 2021, 11:21:38 PM »
classic test is as follow

Code: [Select]
echo "pk" > /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/testme
then tries to it
http://myserver.ch/.well-known/acme-challenge/testme

from the internet. Your phone on the LTE might be your fiend there.

when you get a correct access you can proceed and delete the test file

Code: [Select]
rm /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/testme

https redirection should not be a problem according to the let's encrypt website...

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #22 on: April 22, 2021, 11:53:50 PM »
Sorry for the late answer - i had to bring my son to bed :-)

ok first i pointet the server-maindomain to  "primary i-bay"  and it worked not.  Auth. cert. error.
then i pointet the server-maindomain to an other i-bay and it results:

Forbidden

You don't have permission to access /.well-known/acme-challenge/testme on this server because the file is not there -  but its the best to point to primary isnt'it ?

 db accounts show Primary
Primary=ibay
    AllowOverride=All
    CgiBin=enabled
    FollowSymLinks=enabled
    Group=shared
    Modifiable=no
    Name=Primary i-bay
    PasswordSet=no
    Passwordable=no
    PublicAccess=global
    Removable=no
    SSL=enabled
    UserAccess=wr-*-rd-group

i did:

db accounts setprop Primary SSL disabled
[root@g-server ~]# signal-event console-save

and now is accessable ...

I wait your ok to retry

cd
/usr/bin/dehydrated -c

in test mode or in enabled mode ?

Umbi

« Last Edit: April 23, 2021, 12:24:35 AM by umbi »

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #23 on: April 23, 2021, 12:22:37 AM »
again i said ssl should be disabled on primary.
or have set an efficient redirection to https   for the wel-known. 
as soon as the robot it a 403 it will fail
« Last Edit: April 23, 2021, 12:25:10 AM by Jean-Philippe Pialasse »

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #24 on: April 23, 2021, 12:29:12 AM »
nono i did

db accounts setprop Primary SSL disabled
[root@g-server ~]# signal-event console-save

and your file is accessable under http://  without problems.

my question ist only should i go to test mode for requesting the certificate or should i make the dehydrated -c on productive mode ?

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #25 on: April 23, 2021, 12:46:26 AM »
i tried to get the certificate but failed again :-(

+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "Fetching http://www.g-server.domain.ch/.well-known/acme-challenge/uOwts6q_******_KrK-jBU: DNS problem: NXDOMAIN looking up A for www.g-server.domain.ch - check that a DNS record exists for this domain",
    "status": 400
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/125*****865/_vV3Vw"                    ,
  "token": "uOwts6q_yF*******J1oNB_KrK-jBU",
  "validationRecord": [
    {
      "url": "http://g-server.domain.ch/.well-known/acme-challenge/uOwt                   
                          s6q_yFo8u*****NB_KrK-jBU",
      "hostname": "g-server.domain.ch",
      "port": "80",
      "addressesResolved": [
        "81.6.*.*"
      ],
      "addressUsed": "81.6.*.*"
    }
  ],
  "validated": "2021-04-22T22:33:51Z"
})
[root@gserver ~]#

-----

why is he now trying to feetch from "http://www.g-server.domain.ch" with "www".
Maybe caused from the htaccess to force www in primary ?

I cannot make an A Record on my dns service now, because the e-mail for validation login is not working of cause the certificate trouble on server.

I cant get any mails at the moment.

Thank you in advance for your help.

Umbi
« Last Edit: April 23, 2021, 12:53:11 AM by umbi »

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #26 on: April 23, 2021, 01:12:22 AM »
i started to ask you to check the content of domains.txt. it will fetch all of them. 

please review the content and follow the wiki page to disable the hosts (www,mail...) and domaines that you do not have actively pointing to your ip

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #27 on: April 23, 2021, 01:24:38 AM »
thank you

i did it and  www.g-server.domain.ch is not listet in domains.txt

he tries to feetch something here:

"type": "urn:ietf:params:acme:error:dns",
    "detail": "Fetching http://www.g-server.domain.ch/.well-known/acme-challenge/uOwts6q_

why ?  i never putet that double host in server .... -  without email access i cannot login to the dns service to add the "A" record  www.g-server.domain.ch   

 im lost...

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #28 on: April 23, 2021, 01:42:15 AM »
without the full picture and just an isolated error it is hard to help. I am not reading in cristal balls ;)

do your htaccess has a redirection to www? i would wonder why if your dns are not pointing to the server. but still rather inclined that the domain is really the one verified.

as far as you keep on giving partial output, obfuscate all domains as this is dns issue / redirection we can not help you more.

finally you can access your server for mail using a self signed ssl certificate. just need to accept it. 

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #29 on: April 23, 2021, 01:52:09 AM »
Hi Jean-Philippe

Thank you for answering me at that time - im now 24h at work...

Of course

g-server.domain.ch   points to my server
www.domain.ch points to my server

but not www.g-server.domain.ch
i cant understand why he says that   it needs an "A" record to DNS  for www.g-server.domain.ch

i deleted now  the htaccess entry  which makes  from  domain.ch -> www.domain.ch   because it can be that
it will maybe redirect  g-server.domain.ch  to www.g-server.domain.ch  and that may cause  the error 400.

In the past i never changed something. For me unclear i have to change all this settings in primary i-bay.

If you find a cristal-ball, please send me allso one :-)


Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #30 on: April 23, 2021, 02:11:16 AM »
Dear Jean-Philippe

the htaccess redirection was the smoking gun !!!!  :lol:

It works and im the tireds and the happiest guy now.

my domains are again with a certificate, you cannot immagine how gracefull i am.

When pandemy is over and you come to swiss, i will invite you in the best restaurant.

This is a promise !  If you want, we can exchange contacts by pm.

Thank you thank you thank you  - friend, you had a patience like a rock with me!

i will sleep like a baby now :-)

wish you all the best and a verry good night... 

Umbi

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #31 on: April 23, 2021, 02:18:31 AM »
great news!

have a rest and take also some time with your family.

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #32 on: April 23, 2021, 02:28:16 AM »
thanks, i will follow your advice with the family.

Please stay healthy and my offer is valid with dinner.

btw. the paypal no: xx is for a Beer for you ;-)

i wish you all so a good rest.

umbi
« Last Edit: April 23, 2021, 03:05:03 AM by Jean-Philippe Pialasse »