Caddy: Failed to get certificate: The server could not validate our request.

Run with -log stderr and report back all the output. Thanks!

Thanks. This is the output :
root@debian:/home/uiop/Bureau# ./caddy -conf="test/Caddyfile" -agree -email "qlaffont13.[email protected]" -log stderr
Activating privacy features...2016/01/03 09:45:45 [INFO] acme: Obtaining bundled certificates for test.qlaffont.com
2016/01/03 09:45:45 [INFO] acme: Trying to solve TLS-SNI-01

2016/01/03 09:45:47 [test.qlaffont.com] failed to get certificate: The server could not validate our request.
Thanks
QL.

@mholt after that if you want i can traduce your doc + your presentation page on french language.

    bind 1925.168.1.163:80
            ^

Probably not related to the issue but just noticed this.

wtf xD. i check this

Thanx @hubertbanas I correct and I have the output. "
root@debian:/home/uiop/Bureau# ./caddy -conf="www/Caddyfile" -agree -email "qlaffont13.[email protected]" -log stderr
Activating privacy features...2016/01/03 17:03:35 [INFO] acme: Obtaining bundled certificates for test.qlaffont.com
2016/01/03 17:03:35 [INFO] acme: Trying to solve TLS-SNI-01

2016/01/03 17:03:38 [test.qlaffont.com] failed to get certificate: The server could not validate our request.
"

The most likely reason for this is that you're behind a load balancer or SSL terminator. Or the domain is not pointing to your machine. Any of those relevant to you?

I'm soing some test on linux server ( on a virtual machine powered by virtualbox). Test.qlaffont.com have the same ip that my local machine.
And i'm not behind a load balancer or ssl terminator.

That's the problem.

$ nslookup test.qlaffont.com
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
Name:   Test.qlaffont.com
Address: 192.168.1.163

It resolves to an internal IP. It must be globally resolvable for LE to issue a cert successfully.

Yes it's work on my dedicated server. Thanks for all QL.

@Fristing Don't let me forget about your offer to translate the docs into French. :smile: Maybe post a comment in #337 which is related.

no problem ^^

_"...the domain is not pointing to your machine."_
Precisely my problem. I'm using a CDN so it doesn't issue a certificate. How can I get around it?

@yitzhakbg You'll have to wait until the dns-01 challenge is supported by Let's Encrypt. They're working on it; it's already on in their staging environment, but it's a little rough around the edges still. The DNS challenge simply requires them to do a DNS lookup rather than making requests to your machine.

body p { margin-bottom: 0cm; margin-top: 0pt; } 


Thanks.

On 19/1/16 01:59, Matt Holt wrote:


  @yitzhakbg You'll have to wait until
    the dns-01 challenge is supported by Let's Encrypt. They're
    working on it; it's already on in their staging environment, but
    it's a little rough around the edges still. The DNS challenge
    simply requires them to do a DNS lookup rather than making
    requests to your machine.
  —
    Reply to this email directly or view
      it on GitHub.

qlaffont would you please share how did you solve the nslookup issue... I face the same issue. I use dynamic dns bound to my server. What are the further steps for the following might be? appreciate any comment just got stuck... Thanx a lot!

nslookup mycom.dyndns.org

Server: UnKnown
Address: 192.168.0.1

Non-authoritative answer:
Name: mycom.dyndns.org
Address: 91.135.191.175

Answer here https://stackoverflow.com/questions/48985995/gitkraken-and-github-failed-to-get-server-certificate-the-handle-is-in-the-wr

//gitkraken
git config --global http.sslVerify false
git config --global https.sslVerify false
git config --global http.proxy ""