Open blue-hound opened 8 years ago
blue-hound
commented
8 years ago Meant to include the debug command line:
exec: /root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@domain1.com --domains domain1.com --domains www.domain1.com --domains support.domain1.com --domains none.support.domain1.com --domains bugs.domain1.com --domains none.bugs.domain1.com --webroot-path /<to-domain1.com>/web
zenny
commented
8 years ago Maybe this post helps: https://github.com/alexalouit/ISPConfig-letsencrypt/issues/31#issuecomment-179942270
Cyberwizzard
commented
8 years ago I have the same issue: all alias domains the redirect in some manner fail to verify - I disabled them for one specific domain to get them to pass.
To be clear: I do not want that specific domain to get an SSL certificate.
For example: I have www.aa.com and home.aa.com, home.aa.com is a redirect to port 8080 where another program is running (so not Apache or nginx) - it makes no sense to try and verify home.aa.com since any HTTP request will end up at the program on port 8080 which will not have the ACME verification files.
Maybe we need a checkbox at the alias website page to exclude it from LetsEncrypt or maybe alias websites that are redirects of some kind should be excluded from the LetsEncrypt request?
I have a few alias domains left over from when I had just one SSL certificate. For example:
Both alias domains are setup as follows:
The script is trying to generate certs for domain1 but the client is presumably redirected to domain2 (and therefore authorization fails with a 404). It also tries to create a certificate for the None subdomain which should be ignored. Here is a snippet from the LetsEncrypt log file:
FailedChallenges: Failed authorization procedure. none.support.<domain>.com (http-01):The only way to get a certificate to renew is by disabling the subdomains and then re-enabling LetsEncrypt.