Error at LetsEncrypt validation .well-known/acme-challenge

Hello,
I have a discourse forum installed on a server with the mydomain.com live domain
I have added the mydomain.com domain to a server that has cPanel in order to use the email service
I connected the domain through CloudFlare and it worked seamlessly for me a few months ago.
A SSLcertificate for the domain is also installed.

I transferred the forum from the old server to another server in order to change the location and the forum worked after restoring the backup copy without a problem about a week ago, and the mail service from the other server also works sending and receiving without any problem. I just changed A recorded from Cloudflare and from cPanel to the main domain and hostname server with a new IP address.

It’s almost time to renew the SSL certificate on the cPanel server, but I’m getting this mail every time the server tries to renew the SSL certificate automatically:

DNS DCV: No local authority: “mydomain.com”; HTTP DCV: The system queried for a temporary file at “https://mydomain.com/.well-known/acme-challenge/2JFFJN7I43FE00GR8G9WUMJZ95NV2_9O”, which was redirected from “http://mydomain.com/.well-known/ acme-challenge/2JFFJN7I43FE00GR8G9WUMJZ95NV2_9O". The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “mydomain.com” resolved to an IP address “Server IP” that does not exist on this server.

When browsing the following link:
http://mydomain.com/.well-known/acme-challenge/2JFFJN7I43FE00GR8G9WUMJZ95NV2_9O
I see the 404 error page of the site with the basic tools.

Any suggestions would be appreciated.

Is this related to Discourse?

2 Likes

I believe absolutely.
The problem is that the cpanel server is unable to renew the SSL certificate because A Recorded resolves to the primary domain server where the Discourse is installed.

The Discourse is installed directly on the domain, not as a subdomain.

To be more specific, the problem is related to DNS configuration. If I pointed A Recorded for the main domain to the cPanel server instead of the Discourse server, it will succeed in installing the SSL certificate immediately.
But this is not a practical solution because it will cause the Discourse to stop until A Recorded is returned again, in addition to that I need to change it manually every 3 months in order to renew the SSL certificate in the cPanel server so that I can have the mail encrypted.

If it were a standard install it would work. It’s impossible to guess whether it is something to do with cpanel, cloudflare, or whatever it is that cpanel is controlling.

https://.... , which was redirected from http://...

Turn off http → https redirection in your Cloudflare, or turn off proxying in Cloudflare and set it to DNS only.

2 Likes

Thank you for your response
I’ve already tried it now.
But still unable to issue the SSL certificate for the same reason.
I have disabled proxying for everything and disabled force redirecting to HTTPS
I suspect that there is an SSL certificate installed by a discourse on the main server on which discourse is installed and that this certificate is not a Cloudflare security certificate, I mean that there are two SSL certificates