Server: Ubuntu 18.04.2 LTS Bionic Beaver I am having strange error for one particular website, where Letsencrypt is not able to verify domain due to some reason, things I have tried so far are: - Domain correctly resolves to IP address using tools like mxtoolbox etc. - DNS settings are correctly pointing to IP's (IPV4 & IPV6) of my hosting (AAAA). - When running /usr/local/ispconfig/server/server.sh log, following output comes: Code: 25.02.2023-16:52 - WARNING - Could not verify domain liafi1964.in, so excluding it from letsencrypt request. 25.02.2023-16:52 - WARNING - Could not verify domain www.liafi1964.in, so excluding it from letsencrypt request. 25.02.2023-16:52 - WARNING - Let's Encrypt SSL Cert for: liafi1964.in could not be issued. - When checked SSL option - "Skip Lets Encrypt Check", following log comes: Code: Attached as txt file - Then from one of thread from forum I tried /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/hello.txt - And I am able to see content of hello.txt using following URL : http://liafi1964.in/.well-known/acme-challenge/hello.txt Now I am lost, don't know whats going wrong with this domain. I have several domains with letsencrypt SSL running smoothly but this domain is not working. Any help please ?
ISPConfig excluded the domains as they are unreachable, you then told ISPConfig to not check domains but run let#s encrypt and Let#s encrypt was also not able to reach the domains due to missing or wrong DNS records. So ISPConfig was correct to exclude the domains from the LE cert, therefore you should enable the skip letsencrypt check again, as it worked correctly. Next step is to fix your DNS records, the reason can also be AAAA Records and not just A records, when your system uses IPv6. Or you did not wait long enough, it may sometimes take up to 24 hours until DNS changes are propagated to all mirrors, especially when you switched to a different DNS server with that zone. You can check DNS e.g. at intodns.com
This domain was transferred from Google Domains to Resellerclub on 15th Feb. Normally NS records gets updated within couple of days but upon checking it seems its still pointing NS records of Google Domains (which I changed before transfer to ns1.linode.com and so on but mistakenly added ns5.linode.com - which does not exist and its still showing ns5, whereas in resellerclub I added till ns4 only).
Sure, but this will be a self-signed SSL cert then or you have to buy an SSL cert at an SSL certification authority. Self-signed SSL certificates and also SSL certificate requests to buy a SSL cert can be created on the SSL tab of the website, enter the details in the fields at the top of the page, then select create certificate as action in the action field at the bottom and press save, you will then get a self-signed SSL cert after about 60 seconds. This also creates a certificate signing request that you can use to buy an SSL cert.
But just to mention it, you can't use the site live anyway before you get the DNS issue fixed as many users will fail to reach your site, in the same way, Let's encrypt failed to reach it. And when DNS is ok, then you can get a Let's encrypt cert too.
Its as simple as with any other domain: Domain was transferred 12 days back With new registrar I am having NS records as ns1.linode.com, ns2..., ns3..., ns4... showing correctly In linode domain manager I have created domain mapping my ISPCONFIG server IPs In ISPCONFIG I have created same domain with all correct details Hosted my site and site is working very well without https But when I try LE SSL its says: Code: Failed authorization procedure. www.liafi1964.in (http-01): urn:ietf:params:acmenctioning; DNS problem: SERVFAIL looking up AAAA for www.liafi1964.in - the doma: SERVFAIL looking up A for liafi1964.in - the domain's nameservers may be malfuoning Ping to site from any location gives 0 packet loss with IP showing to my ISPCONFIG server Now I am lost ... no idea whatsoever about whats going wrong and why LE is not able to verify my domain?
You know why it fails. You explained it even to me in post #3. You won't get a LE cert until you have a valid and working DNS setup, meaning that ALL DNS servers must be valid and responding, not just some servers. Look up your domain at intodns.com and fix the errors mentioned there before you try to get a LE cert.
The DNS config is a mess. Looks like ns1 and ns2.godaddy.com are listed as dns servers for the domain and they don't contain any records for the domain. No wonder LE can't issue a certificate.
Not working still even afte more than month of transfer. https://intodns.com/liafi1964.in is showing everything correct but LE is not able to verify this domain.
Here is the error: The IPv4 and IPv6 records for liafi1964.in and www.liafi1964.in is incorrect or missing. And Let#s encrypt is right about this, just queried for the domains and they do not have valid DNS records. Code: root@server1:~# dig liafi1964.in ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> liafi1964.in ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50726 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;liafi1964.in. IN A ;; Query time: 121 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Mar 29 10:55:55 CEST 2023 ;; MSG SIZE rcvd: 41 root@server1:~# dig www.liafi1964.in ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> www.liafi1964.in ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 15373 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.liafi1964.in. IN A ;; Query time: 248 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Mar 29 10:56:01 CEST 2023 ;; MSG SIZE rcvd: 45 So the original problem that you do not have valid DNS records still persists. Fix your DNS and you will get a LE cert.
Well Its clear that its a DNS problem but the question is how to fix that ? - I have correct DNS records on domain providers panel - Correctly created in Linode hosting panel - Correct IPV4 and IPV6 are there on Linode panel - Website works fine without SSL
