Error issuing certificate

halbot · June 30, 2022, 8:59am

Hi, so this morning I flipped the DNS over for a site to point to Cyberpanel, waited 30 mins or so and tried to issue a certificate.

The error is:

domain:Verify error:20.117.225.163: Invalid response from http://domain/.well-known/acme-challenge/1O33rip5-yS7aeRDdl9DU0BlUVzjvmKdv9eLp7zLB4I: 404

I can see in the site access logs that this URL is being hit by the letsencrypt bot, from multiple IP addresses. Also the challenge file exists in the correct location. And using dns checker it looks like DNS is fully propogated for the domain. Other domains on the same server work fine.

Anyone have an idea why this might happen? Do I just need to wait longer?

Thanks

halbot · June 30, 2022, 1:30pm

Update: so from the error logs it is giving a 404:
“3.131.99.217 - - [30/Jun/2022:12:53:40 +0000] “GET /.well-known/acme-challenge/Hcoe6QeAPfwv0dqQYU8gST5r3eqacZAUR4hOfWQ4ZpY HTTP/1.1” 404 705 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)””
I also get a 404 if I try and browse using the file URL. But the file is there.

I also see this in the vHost conf, think this is right?

context /.well-known/acme-challenge {
location /usr/local/lsws/Example/html/.well-known/acme-challenge
allowBrowse 1

tmoore · June 30, 2022, 1:35pm

Try the following:
Delete your .well-known folder from /home/YOUR_DOMAIN/public_html
Make sure that if you are using cloudflare, the cloudflare proxy is disabled (grey cloud)

Then run this command as root:

/root/.acme.sh/acme.sh --issue -d YOUR_DOMAIN --cert-file /etc/letsencrypt/live/YOUR_DOMAIN/cert.pem --key-file /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem --fullchain-file /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem -w /home/YOUR_DOMAIN/public_html --force --debug

Editing the YOUR_DOMAIN

Notice that i did not add the certificate to “www” but normal domain instead.
Place the output here if it fails

halbot · June 30, 2022, 1:40pm

Thanks, same error:

[Thu 30 Jun 2022 01:39:53 PM UTC] my_domain:Verify error:20.117.225.163: Invalid response from http://my_domain/.well-known/acme-challenge/hiIyp4ztI3LJZHfYlK8JJs0FjvrcsI3t01wxFvBxt3E: 404

halbot · June 30, 2022, 3:38pm

After after trying many times in the shell, I ran in from the GUI in desperation. And it worked. I hvae no idea why or what the issue was which is pretty frustrating…I’ll blame DNS.

peakminute · June 30, 2022, 4:34pm

I have the same issue now.
So you did it via Cyberpanel dashboard?

luckyrajpurohit · June 30, 2022, 4:47pm

The problem is cbyerpanel changed the directory of the acme challenge via context but users are still adding docroot path while requesting the SSL from command line. Please use same path defined in error log file while dubuging via cli