61
edits
Changes
Jump to navigation
Jump to search
Line 332:
Line 332: + Line 340:
Line 341: + + + + + + + + + + + + + + + + +
→Errors
See above for removing private keys and regenerating
See above for removing private keys and regenerating
==========
If you see something like this you may have hit the rate limit:
If you see something like this you may have hit the rate limit:
https://letsencrypt.org/docs/rate-limits/
https://letsencrypt.org/docs/rate-limits/
==========
If you see some of your challenges returned without error but some fail, you need to make sure that you have Public DNS A records for all the host names that you are adding to your certificate. Using the command:
config setprop letsencrypt configure all
Is likely to cause this to happen. When a domain is added to an SME server, several host names are created automatically. these include ftp.your-domain.com, wpad.your-domain.com, proxy.your-domain.com, mail.your-domain.com, www.your-domain.com. Most of us do not create public DNS records for all these host names. When letsencrypt issues a challenge for a list of host names and '''ONE''' does not resolve, the challenge will fail and the certificate will not generate at all.
To resolve this, issue the following command:
config setprop letsencrypt configure none
Then follow up with the commands to enable letsencrypt for each PUBLIC resolvable domain and hostname:
db domains setprop domain1.com letsencryptSSLcert enabled
and for each hostname:
db hosts setprop www.domain1.com letsencryptSSLcert enabled
followed by:
signal-event console-save
==Advanced Topics==
==Advanced Topics==