How to issue letsencrypt license

Discussion in 'General OpenLiteSpeed Discussion' started by cyberpersons, Jul 27, 2017.

  1. cyberpersons

    cyberpersons New Member

    Hi,

    How can I get around this issue ?

    #################################
    Note that to use the webroot plugin, your server must be configured to serve files from hidden directories. If /.well-known is treated specially by your webserver configuration, you might need to modify the configuration to ensure that files inside /.well-known/acme-challenge are served by the webserver.

    #################################

    Regards
     
  2. lsfoo

    lsfoo Administrator

    That looks more like a warning than an issue - did you encounter any problems?
     
  3. cyberpersons

    cyberpersons New Member

    IMPORTANT NOTES:
    - The following errors were reported by the server:

    Domain: example.com
    Type: connection
    Detail: Fetching
    http://example.com/.well-known/acme-challenge/dZdskVv8_w-QC8A6UeGvfAy1ndexfgYq6cllPiBwjP8:
    Timeout

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
     
  4. cyberpersons

    cyberpersons New Member

    This error occured, even though the /.well-know folder is present but litespeed was not able to read it because its hidden.

    Litespeed reads everything else
     
  5. lsfoo

    lsfoo Administrator

    Do you have some rules that may be blocking the request? I just created a test script within a hidden folder and it was fine.
     
  6. cyberpersons

    cyberpersons New Member

    No thing, simple virtual host created from console, are you able to use certbot ?
     
  7. ckissi

    ckissi Member

    Double check your DNS records for that domain and also redirects in rewrite rules.
     
  8. cyberpersons

    cyberpersons New Member

    DNS is working because domain is serving other files normally.


    only letsencrypt verification test failed. Any specifc info i need to add in rewrites to make it work?
     
  9. ckissi

    ckissi Member

    post your certbot command here and your rewrite rules
     
  10. cyberpersons

    cyberpersons New Member

    I dont use any rewrite rules.

    certbot command used:
    certbot certonly --webroot -w /var/htm -d example.com
     
  11. lsfoo

    lsfoo Administrator

    @cyberpersons

    A couple questions:

    1. What OS are you using?
    2. Is the webroot directory correct? In that is .well-known created in the correct subdirectory? Using our default vhost as an example, it is located at /usr/local/lsws/Example/, but files are served from /usr/local/lsws/Example/html/, so .well-known should be created at /usr/local/lsws/Example/html/.well-known/ in order to be served as example.com/.well-known/
     
  12. cyberpersons

    cyberpersons New Member

    Thank you I was able to fix it.

    Problem that it was not able to verify behind NAT. I had to use VPS.
     
    lsfoo likes this.
  13. lsfoo

    lsfoo Administrator

    Aha, glad you were able to figure it out!

    Good to know.
     
  14. cyberpersons

    cyberpersons New Member

    Just asking it should work behind NAT as well, because normal files are being served fine, only certbot is not able to perform verification.
     
  15. lsfoo

    lsfoo Administrator

    CertBot compares the IP of the server with the IP of the hostname - is it possible that the NAT is not forwarding the IP?
     

Share This Page