Cannot SSL certs for edge.a1z.us

Tested a1z.us in both mxtoolbox and dnstruff: No errors. Only SMTP warnings.

I am able ping this GCP VM (CentOS 8) from home: shows the correct public IP.

Tested for A record from windows/home pc: Seems ok.

PS C:\Users\user> resolve-dnsname -name edge.a1z.us -server edge.a1z.us -type A Name Type TTL Section IPAddress ---- ---- --- ------- --------- edge.a1z.us A 38400 Answer 35.184.118.13 Name : edge.a1z.us QueryType : NS TTL : 38400 Section : Authority NameHost : edge.a1z.us Requesting a certificate for edge.a1z.us from Let's Encrypt .. .. request failed : Web-based validation failed : Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for edge.a1z.us Using the webroot path /home/edge/public_html for all unmatched domains. Waiting for verification... Challenge failed for domain edge.a1z.us http-01 challenge for edge.a1z.us Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: edge.a1z.us Type: unauthorized Detail: Invalid response from http://edge.a1z.us/.well-known/acme-challenge/oumfWyyQxe15okVaM_OgD-EIL5VzwYqf4f-kxXJZt4A [35.184.118.13]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. , DNS-based validation failed : Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Obtaining a new certificate Performing the following challenges: dns-01 challenge for edge.a1z.us Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl Waiting for verification... Challenge failed for domain edge.a1z.us dns-01 challenge for edge.a1z.us Cleaning up challenges Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: edge.a1z.us Type: dns Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.edge.a1z.us - check that a DNS record exists for this domain [edge@edge public_html]$ cat /etc/hostname edge.a1z.us [edge@edge public_html]$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 35.184.118.13 edge.a1z.us 35.184.118.13 edge.hostlawn.com 10.128.0.17 edge.a1z.us edge # Added by Google 169.254.169.254 metadata.google.internal # Added by Google [edge@edge public_html]$ cat /etc/resolv.conf nameserver 169.254.169.254 nameserver 127.0.0.1 search us-central1-c.c.eng-contact-245618.internal c.eng-contact-245618.internal google.internal a1z.us # Generated by NetworkManager [edge@edge public_html]$
Status: 
Active

Comments

bislinks's picture
Submitted by bislinks on Mon, 05/18/2020 - 21:32 Pro Licensee

Update:

Permissions for public_html : 755

bislinks's picture
Submitted by bislinks on Tue, 05/19/2020 - 08:45 Pro Licensee

Update 3:

I do not have neither problem (ssl/curl) on (an)other site(s) hosted on the same VM

bislinks's picture
Submitted by bislinks on Tue, 05/19/2020 - 09:05 Pro Licensee

Got SSL from Lets Encrypt for edge.a1z.us (but not for *.edge.a1z.us) after

manually creating ./well-known/acme-challenge directories. There might be other reasons I am probably unaware of...
bislinks's picture
Submitted by bislinks on Tue, 05/19/2020 - 09:10 Pro Licensee

Also, cURL did not show errors.