Letsencrypt server reports unreachable though the sites are reachable from the net.

Discussion in 'General' started by zenny, Jan 10, 2017.

  1. zenny

    zenny Member

    Hi,
    I am trying to get letsencrypt ssl certificate for one of TLDs (DOMAIN01.org in the cron.log output below with the remaining 5 domains (DOMAIN02-06) as aliases in a machine running ISPConfig: v3.1.1p1 in Debian8 Jessie tried with nginx (or Tenzine stable).

    Strange that letsencrypt reports DOMAIN03.net is not reachable and dies with "failed authorization procedure" despite all the domains are reachable from the Internet in HTTP mode:

    Code:
    $ curl http://DOMAIN03.net
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html>
    <head><title>301 Moved Permanently</title></head>
    <body bgcolor="white">
    <h1>301 Moved Permanently</h1>
    <p>The requested resource has been assigned a new permanent URI.</p>
    <hr/>Powered by Tengine/2.2.0</body>
    </html>
    Appreciate inputs. Thanks!
     
    Last edited: Jan 10, 2017
  2. Jesse Norell

    Jesse Norell Well-Known Member

    There's a little faq for letsencrypt problems in one of he forums here, you might run through that, but make sure dns is correct for www.DOMAIN03.net, and as you have the domain (not necessarily www subdomain) redirected, test that it does that redirect in a manner that doesn't interfere with letsencrypt's authentication. Eg. run
    Code:
    echo 'This is a test file' > /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/test.txt
    then access http://www.DOMAIN03.net/.well-known/acme-challenge/test.txt to make sure you see the test file.
     
  3. zenny

    zenny Member

    Attached Files:

    Last edited: Jan 16, 2017
  4. zenny

    zenny Member

    Actually it is not the solution. Letsencrypt started working for the above domain when I changed the ownership of the site from C1 user (first user created) to a C2 (second user created under ISPConfig). However, the question remains unanswered: what prevented a certain domain owned by the first user to reach the letsencrypt certificate issuing server?
     
  5. Jesse Norell

    Jesse Norell Well-Known Member

    At this point, with it working, who knows. Maybe something had been written badly to the vhost, or it was failing to update at all, and when you changed users it has cleared up - clean vhost config, and letsencrypt works. But that's just a guess, you might be able to dig up a little more info in the log files if you had your log level up, or just live with it working and address it in the future if the problem shows up again.
     
  6. zenny

    zenny Member

  7. ahrasis

    ahrasis Member

    I think the cause may be the same as I guess in here.
     
  8. zenny

    zenny Member

Share This Page