Manually debugging /.well-known/acme-challenge/letsencrypt_12345


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » SSL » Let's Encrypt

Manually debugging /.well-known/acme-challenge/letsencrypt_12345Last Modified: Sep 21, 2016, 1:24 am
When trying to install a LetsEncrypt certificate, if you're hitting this error for :

Getting challenge for domain.com from acme-server...
Error:
http://domain.com/.well-known/acme-challenge/letsencrypt_1472046285
is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.

we can manually test this to see what's going on.
  1. First, ensure that you have letsencrypt=1 in your directadmin.conf.
    You can use this guide to help you do this.

  2. Next, we'll want to confirm the Alias /.well-known has been added to the file

    /etc/httpd/conf/extra/httpd-alias.conf

    If this is not set, add it using

    cd /usr/local/directadmin/custombuild
    ./build update
    ./build rewrite_confs

    and the build script should add it into the httpd-alias.conf file for you.

  3. To manually test things, create a file like this:

    echo "test" >> /var/www/html/.well-known/acme-challenge/test.txt

    and then test it via:

    http://domain.com/.well-known/acme-challenge/test.txt

    which should show you "test" in the output if all is working.

  4. If that works, but you still get the error, then try out exactly what curl is running.  Login to ssh as root, and type:

    /usr/local/bin/curl -I -L -k -X GET http://domain.com/.well-known/acme-challenge/test.txt

    where we'd be testing with the test.txt, while the letsencrypt.sh is testing on the letsencrypt_12345678, which is just a unix timestamp, to keep it moderately unique for the test.

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST