Manually debugging /.well-known/acme-challenge/letsencrypt_12345

Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"

Top Level » SSL » Let's Encrypt

Manually debugging /.well-known/acme-challenge/letsencrypt_12345Last Modified: Mar 9, 2020, 3:28 pm
When trying to install a LetsEncrypt certificate, if you're hitting this error for :

Getting challenge for from acme-server...
is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.

we can manually test this to see what's going on.
  1. First, ensure that you have letsencrypt=1 in your directadmin.conf.
    You can use this guide to help you do this.
  2. Next, we'll want to confirm the Alias /.well-known has been added to the file


    If this is not set, add it using

    cd /usr/local/directadmin/custombuild
    ./build update
    ./build rewrite_confs

    and the build script should add it into the httpd-alias.conf file for you.
  3. To manually test things, create a file like this:

    echo "test" >> /var/www/html/.well-known/acme-challenge/test.txt

    and then test it via:

    which should show you "test" in the output if all is working.
  4. If that works, but you still get the error, then try out exactly what curl is running.  Login to ssh as root, and type:

    /usr/local/bin/curl -I -L -k -X GET

    where we'd be testing with the test.txt, while the is testing on the letsencrypt_12345678, which is just a unix timestamp, to keep it moderately unique for the test.
  5. Another testing tool is to run bash in -x mode, eg:

    staging=yes bash -x ./ request

    which will dump all calls, which helps in the debug process.

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST