LetsEncrypt says “DNS validation failed”. Site is behind Cloudflare

Hello, i tried to disable FULL SSL option in my cloudflare account to become "Off" and then attempt to setup wildcard free LetsEncrypt certificate from within DirectAdmin control panel. But it continue to fail. "DNS validation failed"
I would rather think it is problem related to Cloudflare. Maybe i have to "Pause" cloudflare for that domain entirely and retry?

This issue is interesting because also the Gmail is unable to connect mail.mydomain.com using SSL even the "Full SSL" is enabled in…

LetsEncrypt says "DNS validation failed". Site is behind Cloudflare

How to avoid restarting nginx to renew letsencrypt certificate?

I have installed a Nginx server to host my website, and added HTTPS with LetsEncrypt.

The problem is every time the certificate expire, my site become inaccessible and I need to manually restart the service using So every two months or so I am forced to manually do a:

sudo service nginx restart 

I tried automating that several time already but failed. My last attempt was using this:

sudo crontab -e   0 0,12 * * * letsencrypt renew >/dev/null 2>&1  1 0,12 * * * root /etc/init.d/nginx reload 

Is this the wrong way? How can I validate this job works without waiting my site to be inacessible again?

OpenSSL “hangs” after Client Hello – after renewing LetsEncrypt certificate

I am running a Linux CentOS 7.6 based Apache on a virtual linux machine. I use LetsEncrypt certificates for HTTPS. This worked fine for half a year now. Lately I had to renew certificates again. This also went smooth.

I can still connect via HTTPS and view web pages. But as soon as I start a download via HTTPS (does not depend on client), the downloads stalls after some megabytes. From this moment on, I cannot make any SSL based connection, since the TLS handshake fails – the Client Hello is not answered anymore, neither via HTTPS, nor via SSH. Also the Apache is completely unresponsive, even on HTTP.

I tried different ports and downloads from different networks to rule out eventually existing network proxies. I even triggered the problem, when downloading from localhost.

I traced via wireshark outgoing packets on the network interface and I can confirm, that the server hello is not being sent.

If I stop the client from downloading via HTTPS, it takes a few minutes and then the Server Hello packet from the TLS handshake is sent!!

So from my perspective, the TLS-secured connection with the new certificate blocks after having encrypted a low amount of megabytes en bloc. It seems to come alive some minutes afterwards. I have absolutely no idea, what to do now and I don’t find any hints in the kernel or Apache logs that would give me a clue.

Do yo have any ideas?

Unable to install LetsEncrypt SSL on CentOS 6.1

A client has a website hosted on a CentOS 6.1 server. When the hosting was first setup it was done using cpanel during the 30 day trial. The client didn’t pay for cpanel after this initial trial period.

That was 3 years ago. everything has been running fine.

Now they want me to install a SSL certificate for them from LetsEncrypt.

I recently did this for my own server (running linux2) and the process was simple and smooth using certbot.

i’m running into a lot of difficulties trying to set it up on CentOS.

I ran through some guides, updated python as suggested and ran certbot. When it tried to create the SSL and edit the conf files it gave me an error saying it couldn’t update the conf file.

I then ran certbot with certonly and successfully created the certificate.

Unfortunately I’ve not succeeded in manually editing the conf files to make use of the SSL.

I’ve tried editing /etc/httpd/conf/http.conf and adding

SSLEngine on SSLCertificateFile  /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem 

to the virtualhost section of the main conf file but that doesn’t seem to do anytihng… there are no errors when i restart apache, but if i try https://www.example.com i get redirected to https://www.example.com/cgi-sys/defaultwebpage.cgi .

I’m quite new to Unix servers, coming from a windows IIS background so it’s possible I’ve missed something obvious, or it could be that having cpanel on the server but not having access to it is making this more difficult than it should be.

The server is a live government site so i’m a little nervous about experimenting too much and killing the server.

Can anyone offer me any advice for getting this SSL working?

Nginx letsencrypt certbot ssl page will not load over https but will load over http [on hold]

I am trying to set up a digital ocean server using this tutorial https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04

The site is served just fine over HTTP but will not load from https.

Here is my sites-enabled/api virtualhosts file.

server {     server_name 134.209.170.122 kronoswebsolutions.com www.kronoswebsolutions.com;     location / {       include proxy_params;       proxy_pass http://unix:/home/www/sprycyclesapi/server/api/api.sock;      }     # return 301 https://$  host$  request_uri; }  server {   listen 443 ssl; # managed by Certbot   ssl_certificate /etc/letsencrypt/live/kronoswebsolutions.com/fullchain.pem; # managed by Certbot   ssl_certificate_key /etc/letsencrypt/live/kronoswebsolutions.com/privkey.pem; # managed by Certbot   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Ce   server_name 134.209.170.122 kronoswebsolutions.com www.kronoswebsolutions.com;    location = /favicon.ico { access_log off; log_not_found off; }   location /static/ {         root /home/www/sprycyclesapi/server/api;   }    location / {  if ($  request_method = 'OPTIONS') {         add_header 'Access-Control-Allow-Origin' 'https://websitesbydallan.com' always;     add_header 'Access-Control-Allow-Credentials' 'true' always;         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';         #         # Custom headers and headers various browsers *should* be OK with but aren't         #         add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';         #         # Tell client that this pre-flight info is valid for 20 days         #         add_header 'Access-Control-Max-Age' 1728000;         add_header 'Content-Type' 'text/plain; charset=utf-8';         add_header 'Content-Length' 0;         return 204;      }      if ($  request_method = 'POST') {         add_header 'Access-Control-Allow-Origin' 'https://websitesbydallan.com' always;         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';         add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';         add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';      }      if ($  request_method = 'GET') {         add_header 'Access-Control-Allow-Origin' 'https://websitesbydallan.com' always;         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';         add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';         add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';      }      include proxy_params;     proxy_pass http://unix:/home/www/sprycyclesapi/server/api/api.sock;   } } 

I am using Debian stretch rather than Ubuntu. Gunicorn is the socket service. python version 3.7.2

LetsEncrypt for SQL Server on Linux

I have found information on

  • how to install LetsEncrypt on Linux for NGINX (which works)
  • how to install LetsEncrypt for SQL Server on Windows (which relies on GUI tools so is of no use), and
  • how to install other certificates for SQL Server on Linux

but I can’t find ANYTHING about LetsEncrypt for SQL Server on Linux. No matter what I try I get this error message:
Error: 49940, Severity: 16, State: 1.Unable to open one or more of the user-specified certificate file(s). Verify that the certificate file(s) exist with read permissions for the user and group running SQL Server. It seems this should be possible, can anyone provide some tips?

LetsEncrypt TLS Cert invalid? “EVP_MD_size:message digest is null”

I am finding this in my logs for postfix, I’m using a LetsEncrypt certificate but I’m unable to find any useful information online about it. Does anybody know if this is a problem or something that isn’t important?

postfix/smtpd[526]: warning: TLS library problem: error:060A209F:digital envelope routines:EVP_MD_size:message digest is null:crypto/evp/evp_lib.c:316: