Let's Encrypt: Could not access the challenge file for the hosts/domain

I am trying to add Let’s Encrypt to my production environment.

Here is my setup. I enabled Let’s Encrypt by setting the following variables:

[code]example.nl:

rest of site config

ssl:
enabled: true
provider: letsencrypt
env:
wp_home: https://example.nl
wp_siteurl: https://example.nl/wp[/code]

I set the following record types in my DigitalOcean setup:

example.nl. 1800 IN A xx.xxx.x.xxx
www.example.nl. 1800 IN A xx.xxx.x.xxx

The error I am receiving:

Could not access the challenge file for the hosts/domains: example.nl, www.example.nl. Let's Encrypt requires every domain/host be publicly accessible. Make sure that a valid DNS record exists for example.nl, www.example.nl and that they point to this server's IP. If you don't want these domains in your SSL certificate, then remove them from `site_hosts`. See https://roots.io/trellis/docs/ssl for more details.

It would be great if someone can assist me!

Best regards,

Tim

Letsencrypt is basically saying your domain is not pointing to your server. You need a real domain pointing to your server in order to letsencrypt to validate that you own this domain, and give you the certificate.

If you setup your domain correctly, this may be a DNS propagation problem, in this case you just have to wait.

1 Like

I’m having this exact same problem. DNS is pointed correctly, all dns propagation sites show the correct ip, pinging the domain from different locations results in the correct IP, yet LE says it cannot find my site(s).

I’m getting this as well. I’ve even rebuilt my droplet and re-provisioned to no avail.

No idea what the hell happened this time - reprovisioned my 4th? server, and it worked.

Hmm what commands did you run? Maybe I have overlooked something.

I didn’t change anything. The new server provision I had the site and home url set as https, and ssl set as true using letsencrypt. It just worked this time. I would recommend a fresh server provision, and go from there?

Mine just worked, too. I changed nothing. Maybe there was a problem at LetsEncrypt?

Strange strange. I just build a new droplet and setup everything “properly”… But I still receive the same error!

roots/trellis#565 enables Trellis to transition existing http sites to https. This update may resolve some issues that led to the error message Could not access the challenge file

Existing servers. If you try the Trellis update above on a server that has already been provisioned with the prior version of Trellis (i.e., on a server that already has an Nginx conf set up), you should first run:

ansible-playbook server.yml -e env=<environment> --tags wordpress

That sets up an Nginx conf that will help with the next step of running the letsencrypt role:

ansible-playbook server.yml -e env=<environment> --tags letsencrypt

New servers. Just to be clear, for fresh/new servers, you can just run the regular command once:

ansible-playbook server.yml -e env=<environment>
8 Likes

One thing to note if using AWS EC2, make sure you add HTTP and HTTPS to the Security Group for inbound traffic. It will show you the same error if not.

4 Likes

So obvious, yet it still escaped me. Thanks!

That really needs to be in the docs. Thanks!

Docs are on GitHub, please submit a pull request

3 Likes

Wow, you saved my day!