Meshcentral: Let's Encrypt not working

For me on ubuntu 18.04 following commands updated node and solved problem:
curl -sL https://deb.nodesource.com/setup_10.x
sudo bash nodesource_setup.sh
sudo apt-get install -y nodejs
sudo setcap cap_net_bind_service=+ep /usr/bin/node

A few tips and tricks:

• Make sure your MeshCentral server's port 80 is accessible from outside, let's encrypt will use that port to validate your domain.
• Use https://letsdebug.net/ to test your domain first.
• You can run MeshCentral with "--debug cert" to see the full trace of what is going on.
• You can add "log":"cert" in the settings section of config.json and run the server, it will create a log.txt file in "meshcentral-data" with what is going on with Let's Encrypt.

Just published MeshCentral v0.4.5-a with new server warnings in the "My Server" tab when something is not right, like not having the right version of NodeJS and Let's Encrypt being configured. This should help a little.

@leleb
Thanks for the help, but as you see, the problem is not with the update.

@Ylianst
Well, there was nothing changed in the server part, and this was working well before. Of course it is running in port 80, as you can see in the messages.

I ran it with the parameter above, here is the result:

_MeshCentral HTTP redirection server running on port 80.
CERT: Initializing Let's Encrypt support, using GreenLock v3.1.5
CERT: Getting certs from local store
CERT: Checking staging certificate subdomain.mydomain.com...
ACME Directory URL: https://acme-staging-v02.api.letsencrypt.org/directory
CERT: Notify: error: {"length":0}
CERT: No staging certificate present
MeshCentral v0.4.5-a, WAN mode.
MeshCentral Intel(R) AMT server running on subdomain.mydomain.com:3389.
Server customer1 has no users, next new account will be site administrator.
Server info has no users, next new account will be site administrator.
MeshCentral HTTPS server running on subdomain.mydomain.com:443.
SMTP mail server mail.mydomain.com working as expected.
CERT: Checking certificate for subdomain.mydomain.com (Staging)
CERT: Notify: error: {"length":0}
CERT: Unable to get a certificate (Staging, 1006ms): [{"site":{"subject":"subdomain.mydomain.com","altnames":["subdomain.mydomain.com"]},"error":{"0":"e","1":"r","2":"r","3":"o","4":"r","length":5}}]_

With the let's debug I've got the following:

_DNSLookupFailed
Fatal
A fatal issue occurred during the DNS lookup process for subdomain.mydomain.com/AAAA.
DNS response for subdomain.mydomain.com/AAAA did not have an acceptable response code: SERVFAIL

DNSLookupFailed
Fatal
A fatal issue occurred during the DNS lookup process for subdomain.mydomain.com/CAA.
DNS response for subdomain.mydomain.com/CAA did not have an acceptable response code: SERVFAIL_

What's wrong?

Looks like the DNS resolve is failing... are you actually trying to get a certificate for "subdomain.mydomain.com"? Do you really own "subdomain.mydomain.com"? Or did you replace your DNS name with that name? In the future, use "xxxxxxxxxxxxxx" to mask any data like DNS names, just so you know your masking it.

Obviously, you need to get a DNS name first and make it point to your server correctly. This is not something MeshCentral will do.

Going to close this one as I suspect there was an attempt to ask for a domain name that was not correct. Please re-open if needed.

@Ylianst

Well, of course the domain name for the test was the real one. I just changed it to hide. Anyway, I think the problem is with my name server provider, so now I'm fighting with them. I hope if they solving the problem it will work as before.

Thanks for the helping.