Letsencrypt SSL Installation errors and how to fix them

One of our clients had this challenge, not able to install letsencrypt SSL provided by the web host. It was very serious, her e-commerce website stopped working, and she was in a dilemma. This would make it about the 7th client coming to us to help fix SSL installation issue. We decided to make a post on it, so that if you follow our guide you can solve your SSL installation problems on your own.

In the world today, SSL is now a must for every online website or application. It could be very frustrating to not have it , or run on expired or self-signed SSL certificates now, as most browsers will not even allow people to visit your page without warnings of security risks.

Now you finally get a web host with Free SSL certificate and try installing SSL for your domain and you get errors, what will you do?

First things first, you need to be able to find out what your problems are in order to find a solution to them, check your error logs!

Let’s see some of the errors you may encounter.

Letsencrypt SSL installation errors and how to fix them

1.  Error issuing certificate
Failed to issue certificate
Updating challenge for cpanel.yourdomain.com: acme: error code 400 “urn:ietf:params:acme:error:dns”: DNS problem: SERVFAIL looking up A for cpanel.yourdomain.com – the domain’s nameservers may be malfunctioning (order URL: https://acme-v02.api.letsencrypt.org/acme/order/113054552/7980674169)

Possible causes

  • This may happen after domain transfer from one registrar, to another, without properly updating the records
  • Error in DNS configuration at the domain registrar
  • Changing nameservers, while DNSSEC is enabled.
READ ALSO  What's my twitter app callback url?

A. To further confirm that your problem is DNS issue as pointed out by the above error, try the DNS tracker in Cpanel, you may likely get an error like this, ” Host yourdomain.com not found: 3(NXDOMAIN)“.

You may contact your host and likely to get an error like this from their own end, “MASTER DCV: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: SERVFAIL looking up A for iluyoxgroup.com – the domain’s nameservers may be malfunctioning) 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: SERVFAIL looking up TXT for _acme-challenge.iluyoxgroup.com – the domain’s nameservers may be malfunctioning)”

solution

1. If everything is confirmed to be fine at your host , Go to your domain registrar and try check your DNS records, to be sure that they are pointing to the right nameservers.

2. Check DNSSEC. You may want to temporarily (or permanently) disable DNSSEC and recheck if your Letsencrypt SSL is installing. In the case of one of our clients, this fixed the problem and the SSL installation processed successfully.

2. Failed to issue certificate: The Let’s Encrypt™ HTTP challenge failed – is .well-known/acme-challenge accessible in your webroot?

solution

1. Try accessing files in http://your-domain.com/.well-known/acme-challenge/. If you are unable to gain access to them, your problem is likely an issue of .htaccess block. This you can resolve by adding the following code to your .htaccess file

RewriteEngine On
RewriteRule ^\.well-known - [L]

2. If that does not fix the problem then use this tool to check if there are any issues with your domain or server that may be responsible for the issue.

READ ALSO  How to update or re-install WordPress from Cpanel

3. Rate limit error – too many certificates for this domain

This can happen in a situation where you have installed and deleted the certificate for the domain too many times.

Solution

1.  It is advisable to contact your host if you have issues after one or two attempts, to avoid this error.

2. You can check which certificates have been installed on your domain using these tools:   crt.shlectl or letsdebug.net

3. Wait for a number of days, a week possibly and try again, by then the rate limits must have subsided. This wait is necessary as there is no way to reset the rates and force the issuance of the SSL certificate.

4. Error: “Could not add TXT record” when trying to use DNS validation

Solution

This is for the host. Make sure that Zone Editor (AAAA, CAA, SRV, TXT) is enabled for the hosting package in WHM feature manager.

 

Thank you for reading, if you have discovered other issues and solutions, please share with us in the comments section,  it might save someone a lot of depression.

Remember that if you have any issues with your website, you can always come to us, contact us using the chat button on our website.

Cheers.



3 Comments

Leave a Reply