Welcome to Centmin Mod Community
Register Now

Letsencrypt let'sencrypt dns verification

Discussion in 'Domains, DNS, Email & SSL Certificates' started by narji, Oct 25, 2016.

  1. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:00 AM
    i have been searching for using let'sencrypt verification for multi ip subdomain with diffrent ip (server) using same domain

    so far find in the forum and community
    Support for sub-domains and wildcard certificates - Server - Let's Encrypt Community Support

    let'sencrypt client
    GitHub - xenolf/lego: Let's Encrypt client and ACME library written in Go

    there several dns provider including dnsmadeeasy for lego
    lego/providers/dns at master · xenolf/lego · GitHub

    i do not know how to implement lego to centminmod
    anyone willing to help ?
     
  2. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:00 AM
  3. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:00 AM

    thank you for answer

    i was very interested finding a way to adding certificate for another ip or 2 ip same domain by dns verification

    is this working for adding certificate to another ip server in same domain ?
    or different ip server for subdomain in same domain

    if working then will the same certificate can be use for two ip ?
    one is www my domain.com mydomain.com
    and the other for sub1.mydomain.com (different ip or different server) mapping by dnsmadeeasy in A record
     
  4. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    dns mode works on the domain at dns level not the ip of the server so works with any domain regardless if it's on same or different server

    so the issued ssl cert works on the domain regardless of where you install the domain to. Though you'd have to manually install the ssl issued cert on all servers
     
  5. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:00 AM
    yesterday i already test but with http verification with staging or fake cert

    now is skipping dns verification
    Code:
    ./acmetool.sh certonly-issue sub1.mydomain.com
    
    ------------------------------------------------------------------------------
    Version Check:
    ------------------------------------------------------------------------------
    !!!  there maybe a newer version of ./acmetool.sh available  !!!
    https://community.centminmod.com/posts/34492/
    update using centmin.sh menu option 23 submenu option 2
    
    Always ensure Current Version is higher or equal to Latest Version
    ------------------------------------------------------------------------------
    Current acmetool.sh Version: 1.0.11
    Latest acmetool.sh Version: 1.0.1
    ------------------------------------------------------------------------------
    
    
    -------------------------------------------------
    acmetool.sh is in beta testing phase
    please read & provide bug reports &
    feedback for this tool via the forums
    https://community.centminmod.com/posts/34492/
    -------------------------------------------------
    
    continue [y/n] ? y
    
    -----------------------------------------------------
    updating acme.sh client...
    -----------------------------------------------------
    [Tue Oct 25 23:33:18 WIB 2016] Installing to /root/.acme.sh
    [Tue Oct 25 23:33:18 WIB 2016] Installed to /root/.acme.sh/acme.sh
    [Tue Oct 25 23:33:18 WIB 2016] Installing alias to '/root/.bashrc'
    [Tue Oct 25 23:33:18 WIB 2016] OK, Close and reopen your terminal to start using acme.sh
    [Tue Oct 25 23:33:19 WIB 2016] Installing alias to '/root/.cshrc'
    [Tue Oct 25 23:33:19 WIB 2016] Installing alias to '/root/.tcshrc'
    [Tue Oct 25 23:33:19 WIB 2016] Installing cron job
    0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    [Tue Oct 25 23:33:19 WIB 2016] Good, bash is found, so change the shebang to use bash as prefered.
    [Tue Oct 25 23:33:19 WIB 2016] OK
    https://github.com/Neilpang/acme.sh
    v2.6.2
    -----------------------------------------------------
    acme.sh updated
    -----------------------------------------------------
    
    -----------------------------------------------------------
    [DNS mode] issue & install letsencrypt ssl certificate for sub1.mydomain.com
    -----------------------------------------------------------
    testcert value =
    /root/.acme.sh/acme.sh --staging --issue --force --dns -d sub1.mydomain.com -k 2048 --useragent centminmod-centos7-acmesh-dns --log /root/centminlogs/acmetool.sh-debug-log-251016-233314.log --log-level 2
    [Tue Oct 25 23:33:19 WIB 2016] Using stage api:https://acme-staging.api.letsencrypt.org
    [Tue Oct 25 23:33:21 WIB 2016] Registering account
    [Tue Oct 25 23:33:23 WIB 2016] Already registered
    [Tue Oct 25 23:33:26 WIB 2016] Update success.
    [Tue Oct 25 23:33:26 WIB 2016] Single domain='sub1.mydomain.com'
    [Tue Oct 25 23:33:26 WIB 2016] Verify each domain
    [Tue Oct 25 23:33:26 WIB 2016] Getting webroot for domain='sub1.mydomain.com'
    [Tue Oct 25 23:33:26 WIB 2016] _w='dns'
    [Tue Oct 25 23:33:26 WIB 2016] Getting new-authz for domain='sub1.mydomain.com'
    [Tue Oct 25 23:33:28 WIB 2016] sub1.mydomain.com is already verified, skip.
    [Tue Oct 25 23:33:28 WIB 2016] sub1.mydomain.com is already verified, skip dns-01.
    [Tue Oct 25 23:33:28 WIB 2016] sub1.mydomain.com is already verified, skip dns-01.
    [Tue Oct 25 23:33:28 WIB 2016] Dns not added, skip.
    [Tue Oct 25 23:33:28 WIB 2016] Verify finished, start to sign.
    [Tue Oct 25 23:33:31 WIB 2016] Cert success.
    -----BEGIN CERTIFICATE-----
    MIIE4zCCA8ugAwIBAgITAPparbsIYMWt9Ch4GRlKbiNDeDANBgkqhkiG9w0BAQsF
    ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjEwMjUx
    NTM0MDBaFw0xNzAxMjMxNTM0MDBaMBoxGDAWBgNVBAMTD3Nob3Aua2VlcC5jby5p
    ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANgYnqZzaSjlglhZBcmn
    3+Mtqbm1lCvES+JpNc149cCZclDC60812aEKXGYrenAHmM3daZRlVm8PVynm3qO1
    w6pLj95VMKA5DKmVaK+HhjW+jiYZR1rxk+bAUpWWZxB9dgdgHJ5DUDvBkbwtsS+0
    2PcVqiRf0cbkpFWqCaRaFfiJOpjjDyBjTfTs3JicMjNU8BS9AK52mhImscq7Iz4g
    IaaDrlKzoCwtR2QYcCf5NvRXliPyBlvQg2zcl4G2nRJJUq8YIp1/0bqeDGJHnlCb
    iryhbsDMHsnnuoXzR9GNzv/xW/g33EsGJGUIt/sd77vlsaRKWydnBkhwJIUXbU7y
    Ik8CAwEAAaOCAhgwggIUMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
    BQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUVW9KYvifd+cb
    sXYCGwELdAe7p+cwHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7LIKb1aDoweAYI
    KwYBBQUHAQEEbDBqMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5zdGctaW50LXgx
    LmxldHNlbmNyeXB0Lm9yZy8wMwYIKwYBBQUHMAKGJ2h0dHA6Ly9jZXJ0LnN0Zy1p
    bnQteDEubGV0c2VuY3J5cHQub3JnLzAaBgNVHREEEzARgg9zaG9wLmtlZXAuY28u
    aWQwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYG
    CCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUH
    AgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9u
    IGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGgg
    dGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNy
    eXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAZw+pZnImdL5U
    gn3euTgkY3sDOnWxK2cYXyyMZdlpbHuw5fhsEAPX05WPWN/0GLdCMtbcqwQ1NsUV
    Lh1zboEMn95jedJPDw8xrpfj2gsAc6F7mUZeyyQwzLz8jq+ucIycC38OoKGQ6wwF
    4qj8LKAsvqw/OF0MWHW0cYuw75HIR293BcelRLmcxxAMs6Bw0QBls2WKmEhbnwU4
    yyAQwWQsXEIkm8UqomB2CytNGsNY9GKTgW4HIVJ04JF8td/kQegTYfPCIom3lRUV
    1ELdqyB3F3QbISdtlnxg6i1Ju+e2ZCr44b6Dov6TguArexbms4JbZnbMjyy7YPXn
    o0giXeICiA==
    -----END CERTIFICATE-----
    [Tue Oct 25 23:33:31 WIB 2016] Your cert is in  /root/.acme.sh/sub1.mydomain.com/sub1.mydomain.com.cer
    [Tue Oct 25 23:33:31 WIB 2016] Your cert key is in  /root/.acme.sh/sub1.mydomain.com/sub1.mydomain.com.key
    [Tue Oct 25 23:33:31 WIB 2016] The intermediate CA cert is in  /root/.acme.sh/sub1.mydomain.com/ca.cer
    [Tue Oct 25 23:33:31 WIB 2016] And the full chain certs is there:  /root/.acme.sh/sub1.mydomain.com/fullchain.cer
    
    ---------------------------------
     DNS mode requires manual steps below
    ---------------------------------
    
    
    how to remove staging of fake certificate ?
    i try this code in ssh
    acme.sh --renew -d sub1.mydomain.com
    but Skip, Next renewal time is: Sat Dec 24 16:33:31 UTC 2016
    Code:
    [sub1@mydomain addons]# /root/.acme.sh/acme.sh --renew -d sub1.mydomain.com
    [Tue Oct 25 23:35:01 WIB 2016] Renew: 'sub1.mydomain.com'
    [Tue Oct 25 23:35:01 WIB 2016] Skip, Next renewal time is: Sat Dec 24 16:33:31 UTC 2016
    [Tue Oct 25 23:35:01 WIB 2016] Add '--force' to force to renew.
     
  6. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    the --force flag show cause reissue a new cert so could be a bug in acme.sh
    but you also running outdated acmetool.sh which means you're running outdated 123.09beta01 that needs updating
    Code (Text):
    Always ensure Current Version is higher or equal to Latest Version
    ------------------------------------------------------------------------------
    Current acmetool.sh Version: 1.0.11
    Latest acmetool.sh Version: 1.0.1
    ------------------------------------------------------------------------------
    


    edit: sorry seems like a bug on my end for reported version !
     
  7. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    oh it's only skipping dns verification because you already verified the domain previously and is valid for 90 days the verification

    for issuance part need to change
    Code (Text):
    acme.sh --renew -d sub1.mydomain.com

    to
    Code (Text):
    acme.sh --force --renew -d sub1.mydomain.com
     
  8. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    acmetool.sh 1.0.13 released to update DNS mode to always use --force for issue/renew.
     
  9. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:00 AM
    it is valid because i already add live for mydomain.com throught http verification
    the problem now i want to add sub1.mydomain.com and it's different ip or map with A record in dnsmadeesy

    what ssh code to use ?

    to update dns in acme.sh
    Code:
    acme.sh --issue --dns -d mydomain.com -d www.mydomain.com -d sub1.mydomain.com
    for acmetool.sh certonly-issue how do i add mydomain.com , www mydomain.com , sub1.mydomain.com ?
     
  10. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    should be similar to SANS Multi-Domain SSL Certificates method, you add additional domains via comma separate syntax minus main domain www version as that is automatically added
    Code (Text):
    ./acmetool.sh certonly-issue mydomain.com,sub1.mydomain.com

    that covers mydomain.com, www.mydomain.com and sub1.mydomain.com
     
  11. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:00 AM
    first part ssh code
    Code:
    ./acmetool.sh certonly-issue  mydomain.com,sub1.mydomain.com
    
    Version Check:
    ------------------------------------------------------------------------------
    !!!  there maybe a newer version of ./acmetool.sh available  !!!
    https://community.centminmod.com/posts/34492/
    update using centmin.sh menu option 23 submenu option 2
    
    Always ensure Current Version is higher or equal to Latest Version
    ------------------------------------------------------------------------------
    Current acmetool.sh Version: 1.0.13
    Latest acmetool.sh Version: 1.0.12
    ------------------------------------------------------------------------------
    
    
    -------------------------------------------------
    acmetool.sh is in beta testing phase
    please read & provide bug reports &
    feedback for this tool via the forums
    https://community.centminmod.com/posts/34492/
    -------------------------------------------------
    
    continue [y/n] ? y
    
    -----------------------------------------------------
    updating acme.sh client...
    -----------------------------------------------------
    [Wed Oct 26 01:08:21 WIB 2016] Installing to /root/.acme.sh
    [Wed Oct 26 01:08:21 WIB 2016] Installed to /root/.acme.sh/acme.sh
    [Wed Oct 26 01:08:21 WIB 2016] Installing alias to '/root/.bashrc'
    [Wed Oct 26 01:08:21 WIB 2016] OK, Close and reopen your terminal to start using acme.sh
    [Wed Oct 26 01:08:21 WIB 2016] Installing alias to '/root/.cshrc'
    [Wed Oct 26 01:08:21 WIB 2016] Installing alias to '/root/.tcshrc'
    [Wed Oct 26 01:08:21 WIB 2016] Installing cron job
    0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    [Wed Oct 26 01:08:21 WIB 2016] Good, bash is found, so change the shebang to use bash as prefered.
    [Wed Oct 26 01:08:21 WIB 2016] OK
    https://github.com/Neilpang/acme.sh
    v2.6.2
    -----------------------------------------------------
    acme.sh updated
    -----------------------------------------------------
    mydomain.com,sub1.mydomain.com
    
    -----------------------------------------------------------
    [DNS mode] issue & install letsencrypt ssl certificate for mydomain.com
    -----------------------------------------------------------
    testcert value =
    /root/.acme.sh/acme.sh --staging --issue --force --dns -d mydomain.com -d sub1.mydomain.com -d www.mydomain.com -k 2048 --useragent centminmod-centos7-acmesh-dns --log /root/centminlogs/acmetool.sh-debug-log-261016-010816.log --log-level 2
    [Wed Oct 26 01:08:21 WIB 2016] Using stage api:https://acme-staging.api.letsencrypt.org
    [Wed Oct 26 01:08:21 WIB 2016] mv /root/.acme.sh/account.key to /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
    [Wed Oct 26 01:08:21 WIB 2016] mv /root/.acme.sh/account.json to /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.json
    [Wed Oct 26 01:08:22 WIB 2016] Registering account
    [Wed Oct 26 01:08:23 WIB 2016] Registered
    [Wed Oct 26 01:08:24 WIB 2016] Update success.
    [Wed Oct 26 01:08:24 WIB 2016] Multi domain='DNS:sub1.mydomain.com,DNS:www.mydomain.com'
    [Wed Oct 26 01:08:25 WIB 2016] Verify each domain
    [Wed Oct 26 01:08:25 WIB 2016] Getting webroot for domain='mydomain.com'
    [Wed Oct 26 01:08:25 WIB 2016] _w='dns'
    [Wed Oct 26 01:08:25 WIB 2016] Getting new-authz for domain='mydomain.com'
    [Wed Oct 26 01:08:26 WIB 2016] Getting webroot for domain='sub1.mydomain.com'
    [Wed Oct 26 01:08:26 WIB 2016] _w='dns'
    [Wed Oct 26 01:08:26 WIB 2016] Getting new-authz for domain='sub1.mydomain.com'
    [Wed Oct 26 01:08:27 WIB 2016] Getting webroot for domain='www.mydomain.com'
    [Wed Oct 26 01:08:27 WIB 2016] _w='dns'
    [Wed Oct 26 01:08:27 WIB 2016] Getting new-authz for domain='www.mydomain.com'
    [Wed Oct 26 01:08:28 WIB 2016] Add the following TXT record:
    [Wed Oct 26 01:08:28 WIB 2016] Domain: '_acme-challenge.mydomain.com'
    [Wed Oct 26 01:08:28 WIB 2016] TXT value: 'swjKVy2_JYd5IN6YlUaP--7EadogNGJVxzI9wWJtskM'
    [Wed Oct 26 01:08:28 WIB 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Wed Oct 26 01:08:28 WIB 2016] so the resulting subdomain will be: _acme-challenge.mydomain.com
    [Wed Oct 26 01:08:28 WIB 2016] Add the following TXT record:
    [Wed Oct 26 01:08:28 WIB 2016] Domain: '_acme-challenge.sub1.mydomain.com'
    [Wed Oct 26 01:08:28 WIB 2016] TXT value: 'Unj0wVEP-3B22218KCs4wsHtrHSEVmr0D5a6M1GFQSI'
    [Wed Oct 26 01:08:28 WIB 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Wed Oct 26 01:08:28 WIB 2016] so the resulting subdomain will be: _acme-challenge.sub1.mydomain.com
    [Wed Oct 26 01:08:28 WIB 2016] Add the following TXT record:
    [Wed Oct 26 01:08:28 WIB 2016] Domain: '_acme-challenge.www.mydomain.com'
    [Wed Oct 26 01:08:28 WIB 2016] TXT value: 'E7BOWaXzSmOjA3KP-22_MfjS4WWFTtLiYHzngkCV9gk'
    [Wed Oct 26 01:08:28 WIB 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Wed Oct 26 01:08:28 WIB 2016] so the resulting subdomain will be: _acme-challenge.www.mydomain.com
    [Wed Oct 26 01:08:28 WIB 2016] Please add the TXT records to the domains, and retry again.
    [Wed Oct 26 01:08:28 WIB 2016] Dns not added, skip.
    [Wed Oct 26 01:08:28 WIB 2016] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-261016-010816.log
    
    ---------------------------------
     DNS mode requires manual steps below
    ---------------------------------
     Add the following TXT record:
     Domain: '_acme-challenge.mydomain.com'
     TXT value: 'swjKVy2_JYd5IN6YlUaP--7EadogNGJVxzI9wWJtskM'
     Please be aware that you prepend _acme-challenge. before your domain
     Add the following TXT record:
     Domain: '_acme-challenge.sub1.mydomain.com'
     TXT value: 'Unj0wVEP-3B22218KCs4wsHtrHSEVmr0D5a6M1GFQSI'
     Please be aware that you prepend _acme-challenge. before your domain
     Add the following TXT record:
     Domain: '_acme-challenge.www.mydomain.com'
     TXT value: 'E7BOWaXzSmOjA3KP-22_MfjS4WWFTtLiYHzngkCV9gk'
     Please be aware that you prepend _acme-challenge. before your domain
     Dns not added, skip.
     Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-261016-010816.log
     Once DNS updated for mydomain.com, run SSH command:
    ---------------------------------
      /root/.acme.sh/acme.sh --force --renew -d mydomain.com -d sub1.mydomain.com -d www.mydomain.com
    ---------------------------------
     SSL certs will be located : /root/.acme.sh/mydomain.com
    
     If want to install cert into Nginx vhost, run SSH command:
    ---------------------------------
      /root/.acme.sh/acme.sh --installcert -d mydomain.com -d sub1.mydomain.com -d www.mydomain.com --certpath /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.cer --keypath /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.key --capath /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-fullchain-acme. key
    ---------------------------------
     SSL certs will be installed at : /usr/local/nginx/conf/ssl/mydomain.com/
    
    add txt record in domain
    Code:
    name
    _acme-challenge.mydomain.com
    value
    swjKVy2_JYd5IN6YlUaP--7EadogNGJVxzI9wWJtskM
    ttl 1800
    name
    _acme-challenge.sub1.mydomain.com
    value
    Unj0wVEP-3B22218KCs4wsHtrHSEVmr0D5a6M1GFQSI
    ttl 1800
    name
    _acme-challenge.www.mydomain.com
    value
    E7BOWaXzSmOjA3KP-22_MfjS4WWFTtLiYHzngkCV9gk
    ttl 1800
    re run code ssh
    Code:
    /root/.acme.sh/acme.sh --force --renew -d mydomain.com -d sub1.mydomain.com -d www.mydomain.com
    
    [Wed Oct 26 01:33:27 WIB 2016] Renew: 'mydomain.com'
    [Wed Oct 26 01:33:27 WIB 2016] Creating account key
    [Wed Oct 26 01:33:27 WIB 2016] Registering account
    [Wed Oct 26 01:33:29 WIB 2016] Registered
    [Wed Oct 26 01:33:30 WIB 2016] Update success.
    [Wed Oct 26 01:33:30 WIB 2016] Multi domain='DNS:sub1.mydomain.com,DNS:www.mydomain.com'
    [Wed Oct 26 01:33:30 WIB 2016] Verify each domain
    [Wed Oct 26 01:33:30 WIB 2016] Verifying:mydomain.com
    [Wed Oct 26 01:33:31 WIB 2016] mydomain.com:Challenge error: {"type":"urn:acme:error:unauthorized","detail":"User registration ID doesn't match registration ID in authorization","status": 403}
    [Wed Oct 26 01:33:31 WIB 2016] Dns not added, skip.
    [Wed Oct 26 01:33:31 WIB 2016] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-261016-010816.log
    gist github
     
  12. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
  13. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    the full debug log might have a clue too it lists one of the domains doesn't have TXT record yet detected

    Code (Text):
    [Wed Oct 26 01:08:28 WIB 2016] Add the following TXT record:
    [Wed Oct 26 01:08:28 WIB 2016] Domain: '_acme-challenge.mydomain.com'
    [Wed Oct 26 01:08:28 WIB 2016] TXT value: 'swjKVy2_JYd5IN6YlUaP--7EadogNGJVxzI9wWJtskM'
    [Wed Oct 26 01:08:28 WIB 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Wed Oct 26 01:08:28 WIB 2016] so the resulting subdomain will be: _acme-challenge.mydomain.com
    [Wed Oct 26 01:08:28 WIB 2016] txtdomain='_acme-challenge.sub1.mydomain.com'
    [Wed Oct 26 01:08:28 WIB 2016] txt='Unj0wVEP-3B22218KCs4wsHtrHSEVmr0D5a6M1GFQSI'
    [Wed Oct 26 01:08:28 WIB 2016] d_api
    [Wed Oct 26 01:08:28 WIB 2016] Add the following TXT record:
    [Wed Oct 26 01:08:28 WIB 2016] Domain: '_acme-challenge.sub1.mydomain.com'
    [Wed Oct 26 01:08:28 WIB 2016] TXT value: 'Unj0wVEP-3B22218KCs4wsHtrHSEVmr0D5a6M1GFQSI'
    [Wed Oct 26 01:08:28 WIB 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Wed Oct 26 01:08:28 WIB 2016] so the resulting subdomain will be: _acme-challenge.sub1.mydomain.com
    [Wed Oct 26 01:08:28 WIB 2016] txtdomain='_acme-challenge.www.mydomain.com'
    [Wed Oct 26 01:08:28 WIB 2016] txt='E7BOWaXzSmOjA3KP-22_MfjS4WWFTtLiYHzngkCV9gk'
    [Wed Oct 26 01:08:28 WIB 2016] d_api
    [Wed Oct 26 01:08:28 WIB 2016] Add the following TXT record:
    [Wed Oct 26 01:08:28 WIB 2016] Domain: '_acme-challenge.www.mydomain.com'
    [Wed Oct 26 01:08:28 WIB 2016] TXT value: 'E7BOWaXzSmOjA3KP-22_MfjS4WWFTtLiYHzngkCV9gk'
    [Wed Oct 26 01:08:28 WIB 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Wed Oct 26 01:08:28 WIB 2016] so the resulting subdomain will be: _acme-challenge.www.mydomain.com
    [Wed Oct 26 01:08:28 WIB 2016] 21:Le_Vlist="mydomain.com#6WCEihg0kQemKkv7BS7Tt0Tw6Zp2hZaqHEj5eptFCLs.emzJaxyLD5z3RjYjDIsw5ibnya3LoEv86Wh8h_0Id14#https://acme-staging.api.letsencrypt.org/acme/challenge/MKps4uZwW-mEZrF4RzJZ0p9NmVGAo0zQaM5eD5wJ2T8/16219299#dns-01#dns,sub1.mydomain.com#sjCPEMCYrhwdlPmhdCvZH_QGKo-xHQlAZ0_0fdXgu-k.emzJaxyLD5z3RjYjDIsw5ibnya3LoEv86Wh8h_0Id14#https://acme-staging.api.letsencrypt.org/acme/challenge/ejw7az7hMFGAy12NxGbBJgIvPF4s3VuM-I68VxM5f3E/16219301#dns-01#dns,www.mydomain.com#iG22sL-lkvauVHxwOB7eqXhrHOTMF5QQx5ScIAfg_ko.emzJaxyLD5z3RjYjDIsw5ibnya3LoEv86Wh8h_0Id14#https://acme-staging.api.letsencrypt.org/acme/challenge/a4nAS0C2IbAjSqKYhXrbsl4xARRL-LPwpstQkTjwMbs/16219305#dns-01#dns,"
    [Wed Oct 26 01:08:28 WIB 2016] Dns record not added yet, so, save to /root/.acme.sh/mydomain.com/mydomain.com.conf and exit.
    [Wed Oct 26 01:08:28 WIB 2016] Please add the TXT records to the domains, and retry again.

    seems it's for www.mydomain.com
    Code (Text):
    [Wed Oct 26 01:08:28 WIB 2016] Add the following TXT record:
    [Wed Oct 26 01:08:28 WIB 2016] Domain: '_acme-challenge.www.mydomain.com'
    [Wed Oct 26 01:08:28 WIB 2016] TXT value: 'E7BOWaXzSmOjA3KP-22_MfjS4WWFTtLiYHzngkCV9gk'
    [Wed Oct 26 01:08:28 WIB 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Wed Oct 26 01:08:28 WIB 2016] so the resulting subdomain will be: _acme-challenge.www.mydomain.com
    [Wed Oct 26 01:08:28 WIB 2016] 21:Le_Vlist="mydomain.com#6WCEihg0kQemKkv7BS7Tt0Tw6Zp2hZaqHEj5eptFCLs.emzJaxyLD5z3RjYjDIsw5ibnya3LoEv86Wh8h_0Id14#https://acme-staging.api.letsencrypt.org/acme/challenge/MKps4uZwW-mEZrF4RzJZ0p9NmVGAo0zQaM5eD5wJ2T8/16219299#dns-01#dns,sub1.mydomain.com#sjCPEMCYrhwdlPmhdCvZH_QGKo-xHQlAZ0_0fdXgu-k.emzJaxyLD5z3RjYjDIsw5ibnya3LoEv86Wh8h_0Id14#https://acme-staging.api.letsencrypt.org/acme/challenge/ejw7az7hMFGAy12NxGbBJgIvPF4s3VuM-I68VxM5f3E/16219301#dns-01#dns,www.mydomain.com#iG22sL-lkvauVHxwOB7eqXhrHOTMF5QQx5ScIAfg_ko.emzJaxyLD5z3RjYjDIsw5ibnya3LoEv86Wh8h_0Id14#https://acme-staging.api.letsencrypt.org/acme/challenge/a4nAS0C2IbAjSqKYhXrbsl4xARRL-LPwpstQkTjwMbs/16219305#dns-01#dns,"
    [Wed Oct 26 01:08:28 WIB 2016] Dns record not added yet, so, save to /root/.acme.sh/mydomain.com/mydomain.com.conf and exit.
    [Wed Oct 26 01:08:28 WIB 2016] Please add the TXT records to the domains, and retry again.


    Check your dns taxt records are propagated at Global DNS Propagation Checker - What's My DNS?
     
  14. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:00 AM
  15. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    you need to test domain = _acme-challenge.mydomain.com for TXT record and so forth
     
  16. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:00 AM
    command line in ssh ? or through whatsmydns.net in txt record

    only appear first line txt record in whatsmydns.net txt record
    v=spf1 a include:_spf.google.com ~all
    second line not appear in whatsmydns.net txt record
    _acme-challenge.mydomain.com
    third line not appear
    _acme-challenge.sub1.mydomain.com
    fourth line not appear
    _acme-challenge.www. mydomain.com
     
  17. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    at whatsmydns.net enter domain = _acme-challenge.mydomain.com drop down menu = TXT
     
  18. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    8:00 AM
    already check
    only first line appear at txt record at whatsmydns.net
    Code:
    v=spf1 a include:_spf.google.com ~all
    second line , third line and fourth line not appear , where i put letsencrypt challenge there
    both ip are fine in A record check
     
  19. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    example

    upload_2016-10-26_12-38-53.png

    so if you entered _acme-challenge.mydomain.com should get something similar if not, then you entered your TXT dns records incorrectly