Author Topic: Acme problem  (Read 5058 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Acme problem
« on: March 05, 2021, 01:01:32 PM »
Hi all,

Since a couple of weeks i get every day a mail from my server with this:

[Fri Mar  5 00:14:12 CST 2021] www.mydomain.com:Verify error:Invalid response from https://www.mydomain.com/.well-known/acme-challenge/dVZq4P_6ZYw7hf7nzgV6KAj9Tj9EX-jMKOzS3HfVioI [2606:4700::6810:29c4]:
[Fri Mar  5 00:14:12 CST 2021] Please check log file for more details: /root/.acme.sh/cwp_certs//acme.sh.log

I get this for every domain that has a website on non www, and on www it's forwarded by DNS to another site. All non www sites have a Let's Encrypt certificate on my Centos 7 server.

Can someone tell me what is going on or/and how to solve this?

Thnx in advance and kind regards

Offline
****
Re: Acme problem
« Reply #1 on: March 05, 2021, 04:47:57 PM »
If www is forwarded to another server, acme will fail.  CWP generates for domain and www.domain, and they both must reside on the CWP server for acme to work.  Unless you remove letsencrypt from the account, acme will try daily to renew any expired/expiring certificates.  If at any point it fails, the whole process fails.  I'd suggest you point www back to CWP, and use a different subdomain at the alternate server such as w3.

If i'm off base, please let me know, and describe with more detail.  Ex:
@ points to 1.1.1.1
www. points to 2.2.2.2
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: Acme problem
« Reply #2 on: March 05, 2021, 08:24:41 PM »
If www is forwarded to another server, acme will fail.  CWP generates for domain and www.domain, and they both must reside on the CWP server for acme to work.  Unless you remove letsencrypt from the account, acme will try daily to renew any expired/expiring certificates.  If at any point it fails, the whole process fails.  I'd suggest you point www back to CWP, and use a different subdomain at the alternate server such as w3.

If i'm off base, please let me know, and describe with more detail.  Ex:
@ points to 1.1.1.1
www. points to 2.2.2.2

Hello,

Thnx for your reply!

We think it's not possible to point www back to CWP (we are not really server specialists).
The www is pointing to a whitelabel of a site, and everything is working OK except for the mails that i get from the server like in my example.
We get that mail with 18 sites in it, but that's only for the past couple of weeks, i never got them before while the server with this sites  is running for almost 3 month's now.

Because everything works fine I think to leave it this way and ignore the emails with the acme error.

Kind regards

Offline
*
Re: Acme problem
« Reply #3 on: March 12, 2021, 09:38:21 AM »
If www is forwarded to another server, acme will fail.  CWP generates for domain and www.domain, and they both must reside on the CWP server for acme to work.  Unless you remove letsencrypt from the account, acme will try daily to renew any expired/expiring certificates.  If at any point it fails, the whole process fails.  I'd suggest you point www back to CWP, and use a different subdomain at the alternate server such as w3.

If i'm off base, please let me know, and describe with more detail.  Ex:
@ points to 1.1.1.1
www. points to 2.2.2.2

Hello,

I have done a search and found why that mails where send.
In filemanager:  root/.acme.sh/cwp_certs  i see all my domains, but the domains where set on www.mydomain.com
Now i removed the www. from the domains that have another DNS target on www and i don't get that acme mails anymore.

Only i don't understand why i got these mails the past 3 weeks while the server is already running 3 month's with all the domains.

Kind regards