Fli
08-01-2024, 11:36 AM
The shared hosting control panel DirectAdmin told me in the report of a LetsEncrypt SSL setup attempt:
[*.mydom.com] propagation: time limit exceeded: last error: NS ns3.myns.com. returned SERVFAIL for _acme-challenge.mydom.com.
I can not find any _acme-challenge DNS record, I hope that it is not a problem (despite stupid ChatGPT says "Make sure that the `_acme-challenge.yourdomain.com` record exists"). When I check my domain on a https://intodns.com/, it shows no error, so I assume that the ns3 nameserver has correct IP set to point to correct hosting server. ("dig +short a mydomain.com @ns3.myns.com" command returns proper IP of the hosting server)
On the server, unlike other services, "named 9.11.4" shows as "stopped" on directadminhostname:2222/evo/user/system-info
Cause:
So I guess this is the cause of the issue (not running/not setup named service)... The wildcard SSL can be set inside a DirectAdmin to use non local DNS provider, one needs to enter API key of an external provider. Other option is to use non-wildcard certificate and manually select all hosts/subdomains of the domain to include in a certificate. Then the SSL setup worked.
[*.mydom.com] propagation: time limit exceeded: last error: NS ns3.myns.com. returned SERVFAIL for _acme-challenge.mydom.com.
I can not find any _acme-challenge DNS record, I hope that it is not a problem (despite stupid ChatGPT says "Make sure that the `_acme-challenge.yourdomain.com` record exists"). When I check my domain on a https://intodns.com/, it shows no error, so I assume that the ns3 nameserver has correct IP set to point to correct hosting server. ("dig +short a mydomain.com @ns3.myns.com" command returns proper IP of the hosting server)
On the server, unlike other services, "named 9.11.4" shows as "stopped" on directadminhostname:2222/evo/user/system-info
Cause:
So I guess this is the cause of the issue (not running/not setup named service)... The wildcard SSL can be set inside a DirectAdmin to use non local DNS provider, one needs to enter API key of an external provider. Other option is to use non-wildcard certificate and manually select all hosts/subdomains of the domain to include in a certificate. Then the SSL setup worked.