Problem Provisioning SSL with Let's Encrypt

I upgraded Trellis on one of my sites today.

I decided to refresh the droplets for Staging and Production at the same time.

The staging provisioning worked first time, but when I tried to provision production, I kept getting an error that the acme challenge file was not found.

When I looked more closely, I can see that let’s encrypt is trying to load:

Instead of:

without the leading ‘www’.

I tried removing the ‘redirects: -’ from my production wordpress_sites.yml but then I get more errors.

I’ve never run in to this problem before. Does anyone know what might be causing it?

One less known issue is an incorrect IPv6 AAAA DNS record.

Let’s Encrypt prefers IPv6 AAAA over IPv4 A DNS records.
When the IPv6 AAAA record is incorrect or the HTTP server doesn’t correctly listen on IPv6,
validation will fail, even when it is possible over IPv4.

So better have no IPv6 AAAA DNS record than an incorrect one.

SSL requires a certificate for each host which means and are considered different. This also means Trellis creates challenges for each one.

You didn’t post the exact error message, but I’m assuming there’s an issue with your DNS entries (as @strarsis hinted). might be succeeding so you’re only seeing the failure for

1 Like

thanks for the awesome information.

Thanks Scott, and sorry I missed this before. I will give it another try.