Error code 2 LetsEncrypt

[mugaintus09]

I was having this same issue of "error code: 2" where some domains were being SSL signed without a problem while others weren't. But in my case, it was caused by my DNS setting where that broken my domain was being configured to use the floating IP instead of the direct IP. I think that's what was messing up the signing/verification process a

SOLUTION: Go in DNS setting of the domain in question then replace every floating IP by the direct one. Also like deadbeef said, noting that a typo in the IP/domain can also cause the same error.


Refer: https://www.digitalocean.com/community/ ... gitalocean

[noogen]

With so much DNS issue, maybe VESTA should try to DNS validate first before trying with Letsencrypt? Something like below:

Code: Select all

    # note, this script does not support IPv6 or machine with multiple IPs
    # get the ip
    DOMAINIP=$( dig +short ${domain}  | grep -v "\.$" | head -n 1 )
    MYIP=$( dig +short myip.opendns.com @resolver1.opendns.com | grep -v "\.$" | head -n 1 )

    # create the website under admin for Letsencrypt SSL
    if [[ $DOMAINIP != $MYIP ]]; then
        echo "[err] Domain '$domain' IP '$DOMAINIP' does not match Host IP '$MYIP'"

        # only error message to prevent error in app startup
        exit 0
    fi

Maybe, a better check is to CURL the various domains that VESTA try to get the cert for to verify that it does have the correct IP. Display valid error message if CURL fails.

[sun]

For me, the error occurred while attempting to obtain SSL for an existing website.
After some repeated error I realized that I need to provide password for the existing ftp account. once that was filled, it worked alright.

So, here is a potential solution: fill up all the information, even though it was already filled during domain creation.

[mobtech]

Not only mistake on typo error will cause this error, Vesta will set [email protected] as alias of website by default, please check on your domain DNS management, is this alias was created? If didn't, delete alias from the edit website page or add www as alias in DNS Management of your domain, then check SSL Support checkbox and click to save. Cert may success to create if the error same like the situation I was described.

also i was reciveng this error for subdomains but then i read this and i did something like this:

-i just add 2 Cname on my cloudflare dns settings*:

type record: CNAME name: www.yoursubdomain domain name: yourdomain.com
type record: CNAME name: yoursubdomain domain name: yourdomain.com

-on VestaCP i just ad a new domain in websites:

subdomain.yourdomain.com

-i added dns support
-SSL support with let's encrypt

hope can help someone.


*because without cloudflare i get some problems like in some country cant see my website or DNS have problems. so i just put my domain on cloudflare and then in DNS section i copy and paste the dns records i have on VestaCP, and it works, if you want to use your own SSL then you have to choose Only DNS pass throug Cloudflare.

[bravo]

In my case, this error was due to one of the aliases that did not exist any more in DNS. Once I corrected the aliases list, the error went away.

[matolog]

i my case it was missing:
- in DNS missing A *.domain (when alias www. was in vesta)
So I removed alias www.domain from vesta, then add to DNS A *.domain and now I think I can add also alias www.domain back in vesta.