I’ve done this once before but don’t remember how I did it since it was a while back.

What I’m trying to do is create a ‘Let’s Encrypt’ SSL certificate, but the certificate will not install from 'Virtualmin’ because I do not have my DNS records properly showing in Digital Oceans DNS records settings.

Here is the error that I keep getting from 'Virtualmin’ & 'Let’s Encrypt’:

Let's Encrypt ..
.. request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for admin.ebaykeywordsniperpro.com
http-01 challenge for ebaykeywordsniperpro.com
http-01 challenge for mail.ebaykeywordsniperpro.com
http-01 challenge for webmail.ebaykeywordsniperpro.com
http-01 challenge for www.ebaykeywordsniperpro.com
Using the webroot path /home/aaronesteban/public_html for all unmatched domains.
Waiting for verification...
Challenge failed for domain admin.ebaykeywordsniperpro.com
Challenge failed for domain ebaykeywordsniperpro.com
Challenge failed for domain mail.ebaykeywordsniperpro.com
http-01 challenge for admin.ebaykeywordsniperpro.com
http-01 challenge for ebaykeywordsniperpro.com
http-01 challenge for mail.ebaykeywordsniperpro.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: admin.ebaykeywordsniperpro.com
   Type:   unauthorized
   Detail: During secondary validation: Invalid response from
   http://admin.ebaykeywordsniperpro.com/.well-known/acme-challenge/OvMbskvj1_2eAjq1_NOhdI8cv9N2xxul6yvbTtvhtyU
   [157.230.66.135]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: ebaykeywordsniperpro.com
   Type:   unauthorized
   Detail: Invalid response from
   http://ebaykeywordsniperpro.com/.well-known/acme-challenge/5vWFTq5Qa1Rfuulj91C1Y301XyKxwPZ1rfy7YC0Rpk0
   [157.230.66.135]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: mail.ebaykeywordsniperpro.com
   Type:   unauthorized
   Detail: Invalid response from
   http://mail.ebaykeywordsniperpro.com/.well-known/acme-challenge/B9EBuWJK6YeXpRm0c_yd-IjEXBNWM4rl5OPXq1Q_kdg
   [157.230.66.135]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
, DNS-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for admin.ebaykeywordsniperpro.com
dns-01 challenge for ebaykeywordsniperpro.com
dns-01 challenge for mail.ebaykeywordsniperpro.com
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Waiting for verification...
Challenge failed for domain admin.ebaykeywordsniperpro.com
Challenge failed for domain ebaykeywordsniperpro.com
Challenge failed for domain mail.ebaykeywordsniperpro.com
dns-01 challenge for admin.ebaykeywordsniperpro.com
dns-01 challenge for ebaykeywordsniperpro.com
dns-01 challenge for mail.ebaykeywordsniperpro.com
Cleaning up challenges
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: admin.ebaykeywordsniperpro.com
   Type:   unauthorized
   Detail: No TXT record found at
   _acme-challenge.admin.ebaykeywordsniperpro.com

   Domain: ebaykeywordsniperpro.com
   Type:   unauthorized
   Detail: No TXT record found at
   _acme-challenge.ebaykeywordsniperpro.com

   Domain: mail.ebaykeywordsniperpro.com
   Type:   unauthorized
   Detail: No TXT record found at
   _acme-challenge.mail.ebaykeywordsniperpro.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi @AaronEsteban1,

So, I can see the DNS records for your domain are being managed by DigitalOcean. To answer your second question first, you can change, edit, add DNS records from your Control Panel section.

Now, to the first question you had. It seems you are trying to install Let’s Encrypt on the subdomain but it can’t create an authentication file in your Domain’s root folder.

Every time you try to install a Let’s Encrypt certificate, the process is the following :

  1. You make a request for a domain
  2. Let’s Encrypt try to authorize the domain by reaching a certain file located in the folders .well-known/acme-challenge/

If it reaches the said files it’s authorized, if it doesn’t find the file than it doesn’t issue a certificate.

Now when you try to install Let’s Encrypt from let’s say Certbot, it automatically adds the said folders and necessary file. Make sure you have your subdomain added to the droplet you are trying to install the certificate on and have it pointed to the same droplet.

Regards,
KFSys

Hi @AaronEsteban1,

Let’s start with the DNS settings. You have added two A records for your main domain ebaykeywordsniperpro.com pointing to different IP addresses. To work properly, you can have only one A record for your root domain, in this case - ebaykeywordsniperpro.com. Decide which one you need and remove the second.

The same principle can be said for the wildcard *.ebaykeywordsniperpro.com. Again, it’s being pointed to two IP addresses. You need to point it only to one otherwise it creates a DNS conflict.

Now that you have fixed the DNS conflicts, you’ll need to SSH to the droplet you’ve chosen your domain to ping from and configure your website/application on it. After the website/application has been configured to have a DocumentRoot and to actually load something from there, you should be able to install Let’s Encrypt.

As for a tool to check if your records have been added correctly, I’m not sure. The main thing is to always point one domain to one IP address.

Regards,
KFSys

Submit an Answer