How to fix letencrypt's "domain.com inaccessible, please verify" issue?

#1
I have pointed the domain to digital ocean wp openlitespeed droplet but I get this error when I try to install letsencrypt

"Do you wish to issue a Let's encrypt certificate for this domain? [y/N]y
domain.com inaccessible, please verify." (domain = my domain changed it here)
I even bypassed cloudflare's privacy. My server IP is visible via DNS everywhere. I have set IP via A records.

Can one say how to fix this issue?
 
Last edited by a moderator:

Unique_Eric

Administrator
Staff member
#3
LiteSpeed's Images have all been updated and published on DigitalOcean's Marketplace.
The updates include the latest version and a patch for the Intel CPU MDS vulnerability issue.
If you previously encountered a WordPress 404 issue, please launch and try again. Thank you.
 
#4
Hello,
I am having the same issue. I can actually access the site by both IP and domain name, but the prompt to set domain pops up every time I ssh in to a new session. It fails identically to OP, however. I just created the droplet yesterday, so I believe I am using the most recent version. Any advice @Unique_Eric ?
 

Unique_Eric

Administrator
Staff member
#6
No problem, if your domain not support www, then you should just use mydomain.com only.
Feel free to open new post with new issues.
 
#7
Same problem. I try to enter my site using any syntax (http, https, www, without www ...), but I always get an error:

"Connection is not secure
Attackers may try to steal your data from shigaev.com (for example, passwords, messages or bank card numbers).
NET :: ERR_CERT_AUTHORITY_INVALID "

However, I can log in using IP. In this case, everything works.

Could you help me in solving this problem?

P.S. hmmm... A little later I tried to refuse SSL during installation. But the problem has remained the same.
 
Last edited:

Unique_Eric

Administrator
Staff member
#8
Hi @Shigaev ,

Please clarify if you have
1. Pointing your domain to the server?
2. Using the auto setup script to add the domain?
3. Did you apply for the Let's encrypt during the script?

By default image will auto add the server IP to the listener only, that's why you can access with IP.

Best
 
#9
1. I entered my domain name with "www".
2. To add a domain, I used a DigitalOcean droplet "OpenLiteSpeed WordPress" and its script proposed to me in SSH.
3. I agreed with the proposal to enable Let's Encrypt while the script is running. But was refused.

A few minutes ago I checked the site’s work from a mobile phone - the site was available. As expected - without a secure protocol.

Can you help me by suggesting what I should do to activate Let's Encrypt and get rid of the "NET :: ERR_CERT_AUTHORITY_INVALID" problem in my browsers on my home computer?
 
#13
Litespeed sounds like an oxymoron since I cannot get past the Let's Encrypt error

"Do you wish to issue a Let's encrypt certificate for this domain? [y/N]y
domain.com inaccessible, please verify." (domain = my domain changed it here)
 

Unique_Eric

Administrator
Staff member
#14
It maybe take a while to update the DNS after pointing the domain to the new server/IP.
@strunk let us know if you need any help to verify why domain failed to access.
 
#15
Code:
Do you wish to issue a Let's encrypt certificate for this domain? [y/N] y
[OK] ekapines.lt is accessible.
[OK] www.ekapines.lt is accessible.
Please enter your E-mail: ***@gmail.com
The E-mail you entered is: ***@gmail.com
Please verify it is correct: [y/N] y
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ekapines.lt
http-01 challenge for www.ekapines.lt
Using the webroot path /usr/local/lsws/Example/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ekapines.lt (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge "****" != "Hello World! From OpenLiteSpeed NodeJS", www.ekapines.lt (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge "****" != "Hello World! From OpenLiteSpeed NodeJS"

IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: ekapines.lt
   Type:   unauthorized
   Detail: The key authorization file from the server did not match
   this challenge
   "****"
   != "Hello World! From OpenLiteSpeed NodeJS"

   Domain: www.ekapines.lt
   Type:   unauthorized
   Detail: The key authorization file from the server did not match
   this challenge
   "***"
   != "Hello World! From OpenLiteSpeed NodeJS"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
Oops, something went wrong...
and if i check lestencrypt logs i see the same
Code:
2020-02-16 19:58:00,884:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/*** HTTP/1.1" 200 1053
2020-02-16 19:58:00,885:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 16 Feb 2020 19:58:00 GMT
Content-Type: application/json
Content-Length: 1053
Connection: keep-alive
Boulder-Requester: 78326959
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: ***
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.ekapines.lt"
  },
  "status": "invalid",
  "expires": "2020-02-23T19:57:56Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "The key authorization file from the server did not match this challenge \"***\" != \"Hello World! From OpenLiteSpeed NodeJS\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/***/***",
      "token": "***",
      "validationRecord": [
        {
          "url": "http://www.ekapines.lt/.well-known/acme-challenge/***",
          "hostname": "www.ekapines.lt",
          "port": "80",
          "addressesResolved": [
            "35.207.71.7"
          ],
          "addressUsed": "35.207.71.7"
        }
      ]
    }
  ]
}
2020-02-16 19:58:00,885:DEBUG:acme.client:Storing nonce: ***
2020-02-16 19:58:00,886:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: ekapines.lt
Type:   unauthorized
Detail: The key authorization file from the server did not match this challenge "***" != "Hello World! From OpenLiteSpeed NodeJS"
Im using google cloud platform and installed using template. As i understand all links are pointing to the same Hello World message and letsencrypt cant verify owner of request
 

Unique_Eric

Administrator
Staff member
#17
Hi @FDisk ,

Can you try to update the /.well-known/ context's Location from /usr/local/lsws/Example/html/ to /usr/local/lsws/Example/html/.well-known/
See if it helps? You can update it either via web admin or console to /usr/local/lsws/conf/vhosts/Example/vhconf.conf

And make sure you have a `/.well-known/` folder under the /usr/local/lsws/Example/html/

You can also launch it again from marketplace and it should works.

Best
 
Last edited:
#18
Working with a droplet on Digital Ocean and failing out. The site is accessible by IP, but get a privacy error from the actual domain name. The A records are all updated and verified.

Code:
Domain has been added into OpenLiteSpeed listener.

Do you wish to issue a Let's encrypt certificate for this domain? [y/N] y

****.com is inaccessible, please verify!
 
#20
I also repeatedly ran into this issue. I made sure that the firewall on Ubuntu 18.04 is stopped
Bash:
sudo ufw disable
# installed all necessary packages for certbot to run
sudo certbot certonly --webroot
# entered domain lister.lister-studios.com
# entered path /usr/local/lsws/lister/html/
Attached is the debug log from letsencrypt. Any pointers are greatly appreciated!
 

Attachments

Top