# Issue with SSL challenges while provisioning production **URL:** https://discourse.roots.io/t/issue-with-ssl-challenges-while-provisioning-production/22563 **Category:** trellis **Created:** 2022-03-14T02:05:43Z **Posts:** 2 ## Post 1 by @Jack_Kudla — 2022-03-14T02:05:43Z Cant get past the letsencrypt challenge. This is a new google domain so this may just be a propagation issue but I have an a DNS record with www pointing to my server on digitalocean. I provisioned without the www redirect in my wordpress\_sites.yml file without a problem. ``` TASK [letsencrypt : Test Acme Challenges] ************************************** System info: Ansible 2.10.16; Darwin Trellis 1.14.0: February 16th, 2022 --------------------------------------------------- failed: [159.203.12.179] (item=walkswithgrace.com) => {"ansible_loop_var": "item", "changed": false, "failed_hosts": ["www.walkswithgrace.com"], "item": {"key": "walkswithgrace.com", "value": {"branch": "master", "cache": {"enabled": true}, "local_path": "../site", "multisite": {"enabled": false}, "repo": "git@github.com:mindstomedia/walkswithgrace.git", "repo_subtree_path": "site", "site_hosts": [{"canonical": "walkswithgrace.com", "redirects": ["www.walkswithgrace.com"]}], "ssl": {"enabled": true, "provider": "letsencrypt"}}}, "rc": 1} ...ignoring TASK [letsencrypt : Notify of challenge failures] ****************************** System info: Ansible 2.10.16; Darwin Trellis 1.14.0: February 16th, 2022 --------------------------------------------------- Could not access the challenge file for the hosts/domains: www.walkswithgrace.com. Let's Encrypt requires every domain/host be publicly accessible. Make sure that a valid DNS record exists for www.walkswithgrace.com and that they point to this server's IP. If you don't want these domains in your SSL certificate, then remove them from `site_hosts`. See https://roots.io/trellis/docs/ssl for more details. failed: [159.203.12.179] (item=walkswithgrace.com) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": false, "failed": true, "failed_hosts": ["www.walkswithgrace.com"], "invocation": {"module_args": {"file": "ping.txt", "hosts": ["walkswithgrace.com", "www.walkswithgrace.com"], "path": ".well-known/acme-challenge"}}, "item": {"key": "walkswithgrace.com", "value": {"branch": "master", "cache": {"enabled": true}, "local_path": "../site", "multisite": {"enabled": false}, "repo": "git@github.com:mindstomedia/walkswithgrace.git", "repo_subtree_path": "site", "site_hosts": [{"canonical": "walkswithgrace.com", "redirects": ["www.walkswithgrace.com"]}], "ssl": {"enabled": true, "provider": "letsencrypt"}}}, "rc": 1}} ``` --- ## Post 2 by @strarsis — 2022-03-14T13:17:07Z How long was the DNS record addition/modification? DNS information needs some time to propagate (I know, some don’t want to call it “propagation”). You can test it with a tool like this one: [https://www.whatsmydns.net/](https://www.whatsmydns.net/)