Let's Encrypt acme Skip invalid cert for hostname

Discussion in 'Installation/Configuration' started by pecka33, Feb 1, 2022.

  1. pecka33

    pecka33 Member

    Hello,

    i am using debian 11 and latest version of ispconfig. All works fine, i am using LE for all my sites and works fine. But every night in ssl check in lets encrypt log i can see
    Code:
    [Tue 01 Feb 2022 12:43:01 AM CET] di='/root/.acme.sh/hd518.hostname/'
    [Tue 01 Feb 2022 12:43:01 AM CET] d='hd518.hostname'
    [Tue 01 Feb 2022 12:43:01 AM CET] Using config home:/root/.acme.sh
    [Tue 01 Feb 2022 12:43:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 01 Feb 2022 12:43:01 AM CET] DOMAIN_PATH='/root/.acme.sh/hd518.hostname'
    [Tue 01 Feb 2022 12:43:01 AM CET] Renew: 'hd518.hostname'
    [Tue 01 Feb 2022 12:43:01 AM CET] Le_API='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 01 Feb 2022 12:43:01 AM CET] Using config home:/root/.acme.sh
    [Tue 01 Feb 2022 12:43:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 01 Feb 2022 12:43:01 AM CET] Skip invalid cert for: hd518.hostname[Tue 01 Feb 2022 12:43:01 AM CET] Return code: 2
    [Tue 01 Feb 2022 12:43:01 AM CET] Skipped hd518.hostname
    How can i fix it? And set lets encrypt for hostname?
     
  2. pecka33

    pecka33 Member

    Maybe this could be with DNS problems? I step by step my vps a few months ago via this tutorial and all works fine https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/ .

    I access to my ISPCONFIG or webmail, phpmyadmin via IP address of vps, so example https://MyIP:8080/index.php
    When i type my hostname to browser, o get DNS_PROBE_FINISHED_NXDOMAIN.

    Maybe i should add in ispconfig in DNS zone A records for my hostname?
    Not sure why, but everyhting else works fine, just can not found reason why i can see this message in LE logs.
     
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The Let's Encrypt Error FAQ should help finding what is wrong with LE: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
    If you suspect DNS errors, fix them first because if DNS is wrong LE can not give the certificate.
    Is the hd518.hostname a placeholder name because you want to hide the real FQDN? If
    hd518.hostname is the actual hostname, that can not work with LE since .hostname is not a real top level domain.
    My signature has link to DNS setup tutorial, it has info on troubleshooting DNS problems.
     
  4. pecka33

    pecka33 Member

    Thank you. My hostname is hd518.hostname.net
    hostname.net is not working in internet, because this is URL of my provider where i have hosted dedicated server.
    I check what you wrote, but maybe i should try to create new nameservery in my domain provider, add new nameservers in ispconfig?
     
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    You should use a working one. Creating and adding one should work if done properly.
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    If your domain provider offers name service, use that. It is easier that setting up your own two name servers (see my signature on Tutorial what name service setup involves).
    You can not get LE certificates before your host is properly set up in name service, no matter where that name service is running.
     
  7. pecka33

    pecka33 Member

    Thank you so much. For clarification with hidden information, my provider of dedicated server is myprovider.com. I bought there a few months ago dedicated server which get after create name myds15.
    After i did installation of debian 11 with ispconfig, all works fine, lets encrypt for domains working fine, renew of LE etc.
    But as my hostname of dedicated server is provider name, in this case is hostname of my server myds15.myprovider.com
    This name i can see as host of my dedicated server in ispconfig.
    This url is not working, is not in DNS, in browser get just DNS_PROBE_FINISHED_NXDOMAIN

    All works fine, only problem is that in LE log i can see
    [Tue 01 Feb 2022 12:43:01 AM CET] Skip invalid cert for: myds15.myprovider.com[Tue 01 Feb 2022 12:43:01 AM CET] Return code: 2
    [Tue 01 Feb 2022 12:43:01 AM CET] Skipped myds15.myprovider.com

    Maybe because this i can not get SSL for my ispconfig, ISPConfig i can see via IPofMyServer:8080/index.php
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Does your host show correct hostname for commands
    Code:
    hostname
    hostname -f
    If it does, ISPConfig can get the LE certificate when the hostname is in name service. Try asking that provider how you can get name service for your hostname.
     
  9. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    My preference is always to use my own domain for my server e.g. sub.domain.tld as provider domain may be used too many times in applying LE certs and that may cause failure in obtaining or renewing them.
     
  10. pecka33

    pecka33 Member

    Thank you. So do you think that best solution is in nameservers admin create fo example non exist subdomain ds.mydomain.com, set A record to my deticated server and in ISPconfig page manager add this ds.mydomain.com as new domain?

    And change hostname in

    /etc/hosts
    /etc/postfix/main.cf
    /home/admispconfig/ispconfig/lib/config.inc.php
    /root/ispconfig/httpd/conf/httpd.conf
    /etc/hostname
    ?
     

Share This Page