Author Topic: Let's Encrypt AutoSSL SOLVED  (Read 18092 times)

0 Members and 1 Guest are viewing this topic.

Let's Encrypt AutoSSL SOLVED
« on: September 28, 2018, 03:37:10 AM »
So I struggled for far too long trying to get a Let's Encrypt AutoSSL certs setup on my CWP server, and finally figured it out.

For the hostname cert, when performing the Change Hostname function in Server Settings, I was getting the error:

Code: [Select]
AutoSSL: Issue Failed![Thu Sep 27 16:15:17 EDT 2018] Single domain='<host>.<domain>.<tld>'
[Thu Sep 27 16:15:17 EDT 2018] Getting domain auth token for each domain
[Thu Sep 27 16:15:17 EDT 2018] Getting webroot for domain='<host>.<domain>.<tld>'
[Thu Sep 27 16:15:17 EDT 2018] Getting new-authz for domain='<host>.<domain>.<tld>'
[Thu Sep 27 16:15:19 EDT 2018] The new-authz request is ok.
[Thu Sep 27 16:15:19 EDT 2018] Verifying:<host>.<domain>.<tld>
[Thu Sep 27 16:15:23 EDT 2018] <host>.<domain>.<tld>:Verify error:Fetching http://<host>.<domain>.<tld>/.well-known/acme-challenge/4TzVgHEbYhNIgT8YVSmEvVkp0RM5OyUfom1ZwJaAhXE: Connection refused
[Thu Sep 27 16:15:23 EDT 2018] Please check log file for more details: /root/

The problem is that apparently Let's Encrypt requires both www.<domain>... and <domain>... to resolve to the server's IP; at least the way it's implemented in CWP imposes this requirement, I'm not sure.

If using your registrar's nameservers for your domain, and assuming your CWP server hostname is <host>.<domain>.<tld>, add a A record for www.<host>.<domain>.<tld> with your domain registrar, in addition to the <host>.<domain>.<tld> record you probably already created.

If using the CWP server for your domain's nameservers, login to CWP.admin, go to DNS Functions -> List DNS Zones, chose Edit Records for your domain, and change the CNAME record for www to a A record pointing to the IP of the CWP server.

Give it time to propagate, then login to CWP.admin and initiate a hostname change in Server Settings -> Change Hostname. You don't have to actually change the hostname, you can leave the field as-is assuming it has the desired/correct <host>.<domain>.<tld> and just click Change Hostname to re-create the SSL cert.

The same requirement would apply to issuing AutoSSL certs for add-on domains for the user account(s) on your CWP server, so make sure you add the www A records for all domains in use that require AutoSSL. When trying to issue the Auto SSL cert for an add-on domain without the appropriate record, you would get the following error in a little red popup:

Code: [Select]
DNS of your domain doesn't point to this server or you have htaccess restrictions
For reference, my server is a VPS running CentOS 7.5.1804 with CWP version:

Re: Let's Encrypt AutoSSL SOLVED
« Reply #1 on: October 10, 2018, 07:13:25 AM »
Can you please explain this with example like, I'm having issues with this recently. Before it was working great. I have no idea what changed.

I have tried -'s-encrypt-autossl-solved/   also  and also't-point-to-this-server-or-you-have-htaccess-5490/msg19395/#msg19395   nothing worked. Here is how I solved my new user account which was not getting SSL.

01. Go To DNS Functions ->  List DNS Zones ->  (Affected Domain) Click Delete Zone.

02. From User Account -> New Account. Create a new User account (Using the Affected Domain and public IP address).

03. Again Go To DNS Functions ->  List DNS Zones ->  (Main Domain) Click Rebuild Zone.

04. Go To DNS Functions ->  List DNS Zones ->  (Main Domain) -> Edit Files. Now- Firstly, Delete line start with- www (it has a cname record). Secondly, paste these three lines below in the middle of the file-

ns1         14400   IN      A       (Public IP)
ns2         14400   IN      A       (Public IP)
www         14400   IN      A      (Public IP)

05. Go to Webserver Settings -> SSL Certificates -> Auto SSL. Install SSL for the Domain.

Re: Let's Encrypt AutoSSL SOLVED
« Reply #4 on: August 13, 2019, 03:43:21 AM »
 I have tried this but SSL is not installed for www.