Workaround for Letsencrypt error "Unable to setup, Let's Encrypt"


#1

A workaround, thanks to EE support, at least for subdomains (My system is latest stable Debian, Linode)

This is the error message: " Unable to setup, Let’s Encrypt Please make sure that your site is pointed to same server on which you are running Let’s Encrypt Client to allow it to verify the site automatically"

  1. Use the script manually sudo -H /opt/letsencrypt/letsencrypt-auto certonly --standalone -d sub.example.com

  2. Add SSL configuration in nginx conf files. I added an “ssl.conf” file, under /var/www/sub.example.com/conf/nginx (already existed by EE installation) with the following lines " listen 443 ssl http2; ssl on; ssl_certificate /etc/letsencrypt/live/sub.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sub.example.com/privkey.pem; "

nginx is already configured to include all conf files under the “live” directory with the keys already created by the script, so it’s good to go.


Letsencrypt failure
#2

seems like it works only for one domain?


#3

You don’t need all those. Read this:

It is simply a matter of adding an A record for the subdomain you wish to install LE on.


#4

Thanks!


#5

My Domain had CAA records that did not allow Let’s Encrypt issue the certificate. By using the following commands, I found out:

sudo service nginx stop sudo -H /opt/letsencrypt/letsencrypt-auto certonly --standalone -d example.com

This gave me the following result:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. example.com (http-01): urn:acme:error:caa :: CAA record for example.com prevents issuance

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: example.com
   Type:   None
   Detail: CAA record for example.com prevents issuance`

By adding a CAA record to my DNS host, I was able to use the command:

sudo ee site update example.com --letsencrypt

This is just to help other that might use CAA


#6

Just in case someone else is also having this problem while trying to setup letsencrypt on a subdomain, this is the answer: Easyengine and Letsencrypt setup