Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help. My domain is: tontze.com I ran this command: renew cert from manager It produced this output: error My web server is (include version):dont have one The...| Let's Encrypt Community Support - Latest posts
Hello. I have two domains NETEAST.ORG and CAPITALSKYEYE.COM. NETEAST also has .COM and .NET. CAPITALSKYEYE also has .NET and .ORG so I have all six domains. I renewed them all on the 27th, but somehow some of them got intermixed. CAPITALSKYEY.COM works fine but WWW.CAPITALSKYEYE.COM is showing as NETEAST.ORG. How can I fix this? Would it make sense to delete them all and reissue them? Thanks My domain is: neteast.org I ran this command: certbot certonly --standalone --preferred-challenge http...| Let's Encrypt Community Support - Latest posts
Thanks a bunch for the help! Sadly, I must report that the error resolved itself - and I don't exactly know why or how @MikeMcQ : I followed your suggestion and simplified the vhost-config for port 80. After some fiddling (mostly me failing to grasp how webroots and resulting paths work) I had to pause my efforts since other stuff came up. Today - some days later - I resumed troubleshooting, found out what I did wrong (forgot to create the subfolders under the webroot), and it worked as you p...| Let's Encrypt Community Support - Latest posts
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help. My domain is: whatssapp.contadigital.mx I ran this command: sudo certbot certonly --webroot -w /var/www/certbot -d whatssapp.contadigital.mx --dry-run I...| Let's Encrypt Community Support - Latest posts
I am quite new to Letsencrypt, and I wanted to selfhost my first website on a raspberry pi. First I wanted to get a hold of a TLS cert. So i exlcuded my nexjts app and only ran the nginx container + certbot This is the code for the docker.compose.yml: services: # nextjs: # container_name: WebApp # build: # context: . # dockerfile: Dockerfile # ports: # - '3000:3000' # privileged: true # image: website:latest # env_file: # - .env.local # restart: always nginx: container_name: nginx-proxy image...| Let's Encrypt Community Support - Latest posts
Hi My domain is: zlmar.com I have full access to WHM/cPanel and attempted to install an SSL certificate on my domain using AutoSSL, but encountered an error: Log for the AutoSSL run for “zlmar4”: Monday, September 29, 2025 1:24:48 PM GMT+0300 (Let’s Encrypt™) 1:24:48 PM AutoSSL’s configured provider is “Let’s Encrypt™”. Analyzing “zlmar4”’s domains … 1:24:48 PM Analyzing “zlmar.com” (website) … 1:24:48 PM ERROR TLS Status: Defective Certificate expiry: 9/20/26,...| Let's Encrypt Community Support - Latest posts
Hi all, I am using IBM Cloud Secrets Manager to request public TLS certificates from Let’s Encrypt. My certificates are being issued successfully. The certificate chain I currently get looks like this: End-entity certificate: RSA 2048 Intermediate certificate: RSA 2048 Root certificate: RSA 4096 When I try to use this certificate chain with AWS (Keycloak exposed on the internet), AWS rejects the chain. Their support explained that: “On further analysis, we understand that you have three c...| Let's Encrypt Community Support - Latest posts
Very interesting and well written article. Thanks for posting. I do use geo-blocking for SH, ZA, CN, IR, MY, KP, SA, SY, YE, & RU. But I don't think LE has servers there. Additionally, I subscribe to a number of IP blacklist feeds, and have 15,000 or so IPs that my servers have logged suspect traffic from. I am aware that LE does not publish a list of IPs/FQDNs that I can whitelist.| Let's Encrypt Community Support - Latest posts
Feedback for this topic now closed: My scenario is mail2.example.com is behind an Nginx reverse-proxy I followed this topic which helped me weed out my problem and hoping this saves someone else pain with this. After creating a certificate for the first time for a mail2 node bearing the full DNS node name of mail2.example.com (changed real domain for privacy of real domain) I found it would not renew the certificate despite working the first time. I followed topic 218002 for about 4 days of a...| Let's Encrypt Community Support - Latest posts
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help. My domain is:a-digitallife.com I ran this command: install ssl it It produced this output: see image My web server is (include version): plesk ubuntu Th...| Let's Encrypt Community Support - Latest posts
No. Don't put your vhost in ssl.conf.| Let's Encrypt Community Support - Latest posts
In my situation, the problem isn't Manual DNS domain validation in terms of getting the acme challenge token into the zone files. Automation is not an option in my situation.| Let's Encrypt Community Support
After learning about and remediating a bug in our CAA checking code [1] on 2020-02-29 UTC (the evening of Friday February 28, U.S. Eastern time), we announced that we would be revoking approximately 2.6% of our active certificates that were potentially affected by the bug, totalling approximately 3 million certificates [2]. We announced the plan to revoke because even though the vast majority of the certificates in question do not pose a security risk, industry rules require that we revoke ce...| Let's Encrypt Community Support
On 2020-02-29 UTC, Let’s Encrypt found a bug in our CAA code. Our CA software, Boulder, checks for CAA records at the same time it validates a subscriber’s control of a domain name. Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days. That means in some cases we need to check CAA records a second time, just before issuance. Specifically, we have to check CAA within 8 hours prior to issuance (per BRs §3.2.2.8), so...| Let's Encrypt Community Support
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help. My domain is: youthministry.rccghopmn.org I ran this command: sudo certbot --nginx It produced this output: ubuntu@ip-172-31-85-195:~$ sudo certbot --n...| Let's Encrypt Community Support
My domain is: bitcastle.lol I ran these commands: sudo certbot renew --nginx --cert-name bitcastle.lol --dry-run sudo certbot certonly --nginx --cert-name bitcastle.lol --dry-run They all failed the with same result: authenticator: nginx, Type: unauthorized, Detail: ... Invalid response from https://bitcastle.lol/.well-known ... 404 And I see 404 status codes in nginx access.logs and perhaps more notably i see in the error.logs No such file or directory looking for the acme-challenge/| Let's Encrypt Community Support
The word "only" is doing a lot of heavy lifting in your sentence, but yes I think that's what this thread is requesting. Maybe subsumed in your "extend ACME and CA/B" is that it'd take a lot of effort to get CAs on board. And I don't see commercial CAs getting excited about something unless they could charge a lot for it. And non-profit CAs like Let's Encrypt have enough on their plates just trying to keep HTTPS going. All of which is why I was suggesting someone would need to put together so...| Let's Encrypt Community Support
It would be useful to include instructions on upgrading CertSage.php as new versions are released. Maybe upgrading isn't necessary since it seems most improvements are to make it easier for getting the first certificate and not renewals? But, since I don't know, I have upgraded. Just finally figured out how to do that with less work than starting from scratch. With my multiple subdomains and renamed main directory, it just means editing the certsage.php directory line again within the new cop...| Let's Encrypt Community Support
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help. My domain is: wgvc.com I ran this command: sudo certbot certonly --apache It produced this output: Saving debug log to /var/log/letsencrypt/letsencryp...| Let's Encrypt Community Support
So I went to the router, to the WAN section, then went to the "Virtal Server/Port Forwarding" section, and then in the "Port Forwarding List" section, I made the settings that I showed in the screenshot.| Let's Encrypt Community Support
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help. My domain is: https://mobilise.alzheimersresearchuk.org/ I ran this command: certbot renew -v It produced this output: Saving debug log to /var/log/let...| Let's Encrypt Community Support
Hello, I have 2 ubuntu 24.04 LTS servers with Let's Encrypt on them - each with a web app, based on apache server, one with MariaDB the other with PostgreSQL databases. Everything is fine ... except the day the certificate is renewd, I saw a strange and not understandable behaviour - for me - let me give a bit of context. Each day, the following tasks are executed : 00:01 CET : backup of the database 00:11 CET : stop of the server (apache server, and database) 00:12 CET : renew certificate,...| Let's Encrypt Community Support
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help. My domain is: somedomain.com I ran this command: 40 23 * * * /usr/bin/certbot renew It produced this output: detected that the server is redire...| Let's Encrypt Community Support
on jellyfin installation i have some problems My domain is: ? I ran this command: sudo certbot certonly --agree-tos --email user@email.com --no-eff-email --webroot -w /var/www/html -d media.hwdomain.io It produced this output: Requesting a certificate for media.hwdomain.io Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: media.hwdomain.io Type: dns Detail: DNS problem: NXDOMAIN looking up A for media.hwdom...| Let's Encrypt Community Support
Let's Encrypt Community Support| Let's Encrypt Community Support
When entering the fullchain.pem certs, I'm getting BER: residual data after 'constructed' data That's in the GUI of the Communigate Mail Server. This used to work flawlessly in the past, but this seems to be an error preventing me from fullfilling the cert update. Any ideas?| Let's Encrypt Community Support
In the spirit of Web Hosting who support Let's Encrypt and CDN Providers who support Let's Encrypt, I wanted to compile a list of DNS providers that feature a workflow (e.g. an API and existing ACME client integrations) that is a good fit for Let's Encrypt's DNS validation. It should serve as a signpost for those who want to use DNS validation (wildcards, firewall problems) and are looking for an automatic solution. FYI: The DNS hosts listed here are ones that are confirmed to support automat...| Let's Encrypt Community Support
We're almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the shortlived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while. Please note: We have more work to do before we're ready to launch this feature for the public. We don't yet have a timeline, and aren't ready to accept allowlist requests. Here's a sample staging certificate, and a site using it: abadcafe.tx...| Let's Encrypt Community Support
[Update 2020-03-05: The most up-to-date summary is at 2020.02.29 CAA Rechecking Bug] Due to the 2020.02.29 CAA Rechecking Bug, we unfortunately need to revoke many Let’s Encrypt TLS/SSL certificates. We’re e-mailing affected subscribers for whom we have contact information. This post and thread will collect answers to frequently asked questions about this revocation, and how to avoid problems by renewing affected certificates early. If you’re affected, please: thoroughly read this threa...| Let's Encrypt Community Support
Let's Encrypt Community Support| Let's Encrypt Community Support
Let's Encrypt Community Support| Let's Encrypt Community Support
Developer of https://certifytheweb.com, a popular Let's Encrypt/ACME UI for Windows.| Let's Encrypt Community Support
Retired. 🙂 https://en.wikipedia.org/wiki/Tardigrade https://wildkratts.fandom.com/wiki/Tardigrade_Xtreme "Stand-up philosopher. I coalesce the vapors of human experience into a viable and logical comprehension."| Let's Encrypt Community Support
