Unable to add TLS to new domain

Gideon-IT-UK · March 1, 2024, 12:44pm

Trying to add TLS to a new domain managed by my box. It won’t provision and I get the following error. Any ideas?

Log:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for philipalantyler.co.uk and 4 more domains Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: mta-sts.philipalantyler.co.uk Type: dns Detail: DNS problem: server failure at resolver looking up A for mta-sts.philipalantyler.co.uk; DNS problem: server failure at resolver looking up AAAA for mta-sts.philipalantyler.co.uk Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Some challenges have failed. Ask for help or search for solutions at xxxx. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

KiekerJan · March 1, 2024, 4:37pm

Is this a new installation and is mta-sts the only domain giving issues? Then you might have better luck tomorrow.

sybe · March 1, 2024, 4:42pm

I also had this, try doing it again/rebooting your whole machine, fixed it for me

Gideon-IT-UK · March 1, 2024, 5:29pm

Been working for a few days with the main domain, just added a second today. I guess the DNS may not have propogated completely yet.

Gideon-IT-UK · March 1, 2024, 5:37pm

Sadly a reboot hasn’t fixed it. I’ll try again tomorrow.

sybe · March 1, 2024, 6:03pm

Did you setup the the directory?

Navigate to admin#web and follow the steps when you click “change” (on the domain you wanna setup). aka. make a directory on your machine: /home/user-data/www/example.com

It’s saying it can’t download the temporary challenge files. If I check the host https://check-host.net/ip-info?host=http%3A%2F%2Fmta-sts.philipalantyler.co.uk, it seems to have propagated, check if the IP matches as well

Gideon-IT-UK · March 1, 2024, 6:24pm

I’ve tried too many times today - LetsEncrypt won’t let me try again. I’ll give a go tomorrow. The directory the static website exists in the www folder and I’m able to browse to it, but I get a certificate error as the LetsEncrypt cert is not provisioned.

Gideon-IT-UK · March 1, 2024, 6:34pm

Weird. It’s just worked!

sybe · March 1, 2024, 6:43pm

Did you do anything particular that made it work or did it just kinda resolve itself?

Gideon-IT-UK · March 1, 2024, 6:48pm

I created a folder called mta-sts.philipalantyler.co.uk in the www folder and used the change button to set that as the folder in admin#web

Not sure if that’s what did it though!

sybe · March 1, 2024, 9:31pm

Okay, no idea. Glad it’s resolved now

Gideon-IT-UK · March 2, 2024, 4:48pm

That extra domain added ok. The second to last domain I need to add is refusing to work!

Is it just DNS that hasn’t propagated thoroughly?

This is the error…

gideon-it.co.uk, autoconfig.gideon-it.co.uk, autodiscover.gideon-it.co.uk, mta-sts.gideon-it.co.uk, www.gideon-it.co.uk

Log:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for gideon-it.co.uk and 4 more domains An unexpected error occurred: Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate :: Error finalizing order :: Rechecking CAA for “mta-sts.gideon-it.co.uk” and 2 more identifiers failed. Refer to sub-problems for more information Ask for help or search for solutions

Gideon-IT-UK · March 3, 2024, 9:05am

Hi,

Any idea what the error I’m getting for this domain means?

“Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for gideon-it.co.uk and 4 more domains An unexpected error occurred: Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate :: Error finalizing order :: Rechecking CAA for “mta-sts.gideon-it.co.uk” and 3 more identifiers failed. Refer to sub-problems for more information Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.”

I’ve no idea where to find the file /var/log/letsencrypt/letsencrypt.log to investigate further as the letsencrypt folder doesn’t exist on my MiaB and obvisouly I cannot access the one on LetsEncrypt’s servers.

Tried AGAIN and got the following…

Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for gideon-it.co.uk and 4 more domains An unexpected error occurred: Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate :: Error finalizing order :: While processing CAA for www.gideon-it.co.uk: DNS problem: server failure at resolver looking up CAA for gideon-it.co.uk Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Any idea what DNS problem it could mean? I’ve used MXToolbox to check the DNS and it all looks OK!

Gideon-IT-UK · March 3, 2024, 6:04pm

Ok. Panic over. Must have been a DNS propagation issue. It’s just decided to work!

system · March 10, 2024, 6:04pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.