githubRover
githubRover
@polatsinan You have requested a certificate from the staging CA. Staging is only for testing so you do not run into rate limits. You need to change your CA variable...
Just a couple things. One, I am not the author of getssl but I use getssl and I also volunteer at Let's Encrypt support. That said: getssl does not check...
The "possible firewall" problem was not related to an invalid cert. As I said, the LE server does not validate the cert you send it. There must have been some...
@tsufz Technically, Certbot is changing its default. Certbot is just one of many ACME clients (including getssl) Let's Encrypt Certificate Authority does not create ACME clients - only the ACME...
> DNS problem: SERVFAIL looking up CAA The DNS Server is not responding correctly to requests for the CAA record. The DNS server can say "I dont have one" or...
Did dnsviz point to any other problems? [unboundtest.com ](https://unboundtest.com/) mimics what Let's Encrypt servers do to get DNS records (CAA, TXT, ...). It requires DNS experience to understand but perhaps...
I am sure Tim will respond at some point. Do you get any helpful info using `-d` (debug) on the command line? I could only guess it is related to...
Should not be too difficult to find the underlying reason. That ionos script is really small: https://github.com/srvrco/getssl/blob/master/dns_scripts/dns_del_ionos Their docs: https://developer.hosting.ionos.com/docs/dns Another acme client, acme.sh, has a lot of DNS API...
@respencer The Lets Encrypt servers need the same response from any server which might respond to its challenges. So, if I understand your setup correctly, when LE sends a challenge...
@szolnokit The default chain from Let's Encrypt is the "long chain" and looks like this: ``` Certificate chain 0 s:/CN=lencr.org i:/C=US/O=Let's Encrypt/CN=R3 1 s:/C=US/O=Let's Encrypt/CN=R3 i:/C=US/O=Internet Security Research Group/CN=ISRG Root...