Skip to main content

Troubleshooting with Let’s Encrypt

To speed up the debugging process, we recommend you to start by checking your site with the Let’s Debug service and, if any problems are detected, to fix them.

In order to correctly issue a Let’s Encrypt SSL certificate for your site you will need to make sure that:

  1. All domains and aliases use same DNS servers and are directed to the IP address of the server from which the certificate is attempted to be issued. You can check the aliases that are set for the site using FASTPANEL in the site settings, as shown in the screenshot:

    Website aliases in FASTPANEL

    You can check the DNS servers used and the directionality for each individual domain using the following console commands:

    nslookup -q=NS example.com 8.8.8.8

    Example of the expected command execution result:

    First example of nslookup

    nslookup example.com 8.8.8.8

    Second example of nslookup

    info

    If you use DDoS protection services (for example, CloudFlare) or other services that proxy requests to the server, then you will need to check the directionality of the domain through the settings panel of that service.

  2. Your site is available on the network and opens correctly, you can check this by opening it in the browser.

  3. The domain name of the site on the server where it is located resolves to the correct IP address.

    Connect to your server via SSH using the command template below and enter your password:

    ssh [email protected]

    To check this item, it is important to execute the command on the server where the site is located:

    host example.com

    Example of the expected command execution result:

    Example of host command

  4. If the server uses the NAT technology, make sure that your server can access its own external IP address.

    Connect to your server via SSH using the command template below and enter your password:

    ssh [email protected]

    To check on the server where your site is located, run the following command:

    curl -IL example.com

    Example of the expected command execution result:

    First example of curl command

  5. If the site's domains have AAAA DNS records, make sure the site has ipv6 enabled and that the IP address matches the one listed in the AAAA record.

    You can enable IPv6 in the site settings, as shown in the screenshot:

    IPv6 site setting in FASTPANEL

  6. After checking the previous paragraphs and, if necessary, troubleshooting, you can check using the verification file.

    Create a check file by running the following command:

    echo "Let's Encrypt creation test" > /usr/local/fastpanel2/web/letsencrypt/LE.txt

    And check; you can do it in any convenient way, for example, by executing the command on the template:

    curl example.com/.well-known/acme-challenge/LE.txt

    Example of the expected command execution result:

    Second example of curl command

    You can also check through the browser by going to a similar address.