SSL by Let'sEncrypt not working on mail -> still selfsigned

Hi, I am getting this error when issuing SSL to my mail subdomain.

[08.04.2022_17-14-26] Status Code: Unkown for: Error: Exceeded 30 redirects.
[08.04.2022_17-14-26] Status Code: Unkown for: Error: Exceeded 30 redirects.
[08.04.2022_17-14-28] /root/ --issue -d -d --cert-file /etc/letsencrypt/live/ --key-file /etc/letsencrypt/live/ --fullchain-file /etc/letsencrypt/live/ -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[08.04.2022_17-14-28] Failed to obtain SSL for: and:
[08.04.2022_17-14-28] /root/ --issue -d --cert-file /etc/letsencrypt/live/ --key-file /etc/letsencrypt/live/ --fullchain-file /etc/letsencrypt/live/ -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[08.04.2022_17-14-28] Failed to obtain SSL, issuing self-signed SSL for:
[08.04.2022_17-14-28] {'': (554, b'5.7.1 <>: Relay access denied')}
[08.04.2022_17-14-28] Websites matching query does not exist. [installSSLForDomain:72]
[08.04.2022_17-14-28] Self signed SSL issued for

My DNS records are setup like this:
Nameservers in namecheap → forwarded to hetzner DNS:

DNS records in Hetzner DNS

Am I missing something?

Thank you!

why would we care about dns records?

Anyway just put a file inside of /usr/local/lsws/Example/html/.well-known/acme-challenge

Any file, then try to access it with

If you can access it, over HTTP, then come back here. If you can’t, well fix that. Honestly it’s all in the log, it’s not even a difficult issue.

because other users were suspecting it might be might DNS records setup incorrectly.

I cannot access my file via HTTP, getting 404 “The page isn’t redirecting properly”
What could be the issue there?

in the vhost.conf of that domain, there should be something that looks like

context /.well-known/acme-challenge {
  location                /usr/local/lsws/Example/html/.well-known/acme-challenge

Make sure it’s there, or add it. Also, remove those 404 directive, the infinite redirection is embarrassing. You can send the vhost file.

yeah, not sure why that 404 directive happens, everything should be stock…

I added the context into the vhost config file of that domain. It was not there, but did not solve the issue.

docRoot                   /home/
vhDomain                  $VH_NAME
vhAliases                 www.$VH_NAME
enableGzip                1
enableIpGeo               1

index  {
  useServer               0
  indexFiles              index.php, index.html

errorlog $VH_ROOT/logs/ {
  useServer               0
  logLevel                WARN
  rollingSize             10M

accesslog $VH_ROOT/logs/ {
  useServer               0
  logFormat               "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
  logHeaders              5
  rollingSize             10M
  keepDays                10  
  compressArchive         1

phpIniOverride  {


module cache {
 storagePath $VH_ROOT/lscache

errorpage 403 {
  url                     403.html

errorpage 404 {
  url                     404.html

errorpage 500 {
  url                     500.html

scripthandler  {
  add                     lsapi:tener15585960 php

extprocessor tener15585960 {
  type                    lsapi
  address                 UDS://tmp/lshttpd/tener15585960.sock
  maxConns                10
  env                     LSAPI_CHILDREN=10
  initTimeout             60
  retryTimeout            0
  persistConn             1
  pcKeepAliveTimeout      1
  respBuffer              0
  autoStart               1
  path                    /usr/local/lsws/lsphp73/bin/lsphp
  extUser                 tener1558
  extGroup                tener1558
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           400
  procHardLimit           500

rewrite  {
  enable                  1
  autoLoadHtaccess        1

context /.well-known/acme-challenge {
  location                /usr/local/lsws/Example/html/.well-known/acme-challenge

vhssl  {
  keyFile                 /etc/letsencrypt/live/
  certFile                /etc/letsencrypt/live/
  certChain               1
  sslProtocol             24
  enableECDHE             1
  renegProtection         1
  sslSessionCache         1
  enableSpdy              15
  enableStapling           1
  ocspRespMaxAge           86400

did you restart the server?

edit : just lsws not the full server

restarted it, tried requesting ssl for my mail and main domain now, neither of those working now :grin:
i was actually able to get letsencrypt for my main domain name at least, now the same error is showing up and I got a selfsigned cert there now too :(. I think my whole lsws installation is messed up somehow.

God, why I even try. Look, that’s not what I’m asking, ok, you know there’s a limit to how many certificate request you can do per day, per hour and all of that.

Ok? So just answer what I ask, just stop messing up files and listen for 5 seconds. Ok, what matters now is the very first error in the log Error: Exceeded 30 redirects.

You need to point at a certificate challenge, nothing else matters, you’ll never get a certificate until you fix that.

1 Like