Failed to get SSL in Let's Encrypt

Help! (Home for newbies)
1
SYSTEM INFORMATION
OS type and version Ubuntu 18.04 64bit with Webmin/Virtualmin/LAMP
Virtualmin version 7.5

image

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for itcusys.online
dns-01 challenge for itcusys.online
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. itcusys.online (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.itcusys.online - check that a DNS record exists for this domain, itcusys.online (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.itcusys.online - check that a DNS record exists for this domain
IMPORTANT NOTES:

The following errors were reported by the server:

Domain: itcusys.online
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.itcusys.online - check that a DNS record exists for
this domain

Domain: itcusys.online
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.itcusys.online - check that a DNS record exists for
this domain

My hosting provider, if applicable, is: Hostinger

2

For some reason its doing a DNS challenge and DNS TXT records don’t exist. I never use wildcard. Untick and see what happens.

3

I tried and this are the outputs. I transfer to image because I cant send links. Thank you.

image
image1847×899 49.3 KB

4

image
image1852×869 39.5 KB

5

3
31016×601 65.5 KB

6

You have setup the DNS correctly and point to the correct IP.

7

Yes.

image
image1128×100 3.07 KB

8

image
image1116×67 3.25 KB

9

Ok I used this https://letsdebug.net/ its saying you have muliple IP addresses. I see IP6 address in the error above, maybe that the issue.

image
image1107×498 25.3 KB

2 Likes
10

Ide drop the IP6

1 Like
11

Thank you for your help. I will try this

12

weird, docs say it should work as long as the address are correct.

13

Yeah :smiley: as check my ip is still not yet propagated after i drop the IPv6

image
image1282×819 101 KB

14

The errors are clear.

It’s not talking about an A record. It is talking about a TXT record that is generated in real time at the time of request. If Virtualmin is not managing your DNS, and if you haven’t properly delegated authority for DNS to the Virtualmin server and its secondary DNS server(s), then DNS validation cannot work.

Wildcards are not recommended, in general, but they can’t be validated in Virtualmin if Virtualmin is not managing your DNS, because it requires immediate creation of a TXT record with the necessary information.

A records are absolutely irrelevant here.

You posted another log for a non-wildcard request, which shows 404 errors from the web server, which is always one of three things.

  1. DNS is wrong. Let’s Encrypt validation server is hitting the wrong web server when it tries to request the verification file. If you have correct A records this isn’t you.
  2. You have a proxy or redirect preventing access to the .well-known path where Let’s Encrypt verification file must be accessible. Check this by putting an HTML or text file in /home/domainname/public_html/.well-known/ and see if you can browse to it. I assume you cannot. You have to fix that.
  3. Misconfiguration of Apache (or nginx) Virtual Hosts causing the wrong site to be served. Browse to the domain (without https), do you see the right site? If not, fix that.

You can search for either of these problems, they’ve been discussed a ton, and it can literally only ever be one of those three things (wildcards can only be a DNS problem, because wildcards can only be validated via DNS).

1 Like
15

Okay thanks I found the solution to my problem there are some misconfiguration on my end.

16

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.