[BlueOnyx:19411] Re: Cert Question

[Michael Stauber]

Hi RC,

> Also got this
> The following error occured during the SSL certificate request: The
> installation path for the certificates could not be determined.

Try it again while you run "tail -f /var/log/messages". It'll give a
more detailed error message there.

The thing is this:

"Let's Encrypt" (LE) needs to verify that you own the domain name(s). So
during cert requests the LE-client puts a publicly accessible file under
/web/.well-known/acme-challenge/.... of either AdmServ or the Vsite.

LE then accesses that URL via HTTP using *all* the domain names and
aliases that the cert request included.

The cert will only be issued if *all* these calls succeed.

There are a multitude of reasons why these checks might fail:

- Vsite has PHP-FPM enabled
- Missing DNS A record
- An existing .htaccess does a redirect
- The web server alias of a Vsite is borked
- NAT misconfiguration
- Firewall rules

If it's a 5209R the problem is often that the Vsite in question has
PHP-FPM enabled. With our PHP-FPM implementation we do have some issues
that interfere with .htaccess usage and access to dotted files and
directories. :-/

-- 
With best regards

Michael Stauber