<domain>/.well-known/acme-challenge/

[Gregls 3]

I have looked at several guides on setting up ssl and they seem to all use the http method. None of the guides explain what needs done on the domain side to have the <domain>/.well-known/acme-challenge/<cert> be an actual thing. All of the guides I have read make it seem like you only need to purchase a domain and not pay for web services etc.

My questions are.

1. From the domain provider is anything else beyond a domain name necessary to be purchased?

2. What exactly needs done to make a domain respond to the acme challenge http method?

 

-my current domain name is through godaddy, if this is an issue let me know where I should go instead (like if they do something to prevent let’s encrypt or something)

-I’m currently trying to set up as a reverse proxy using Caddy v2. It’s looking for the .wellknown/acme-challenge/ on the domain just like my previous attempts with getting a cert from zero ssl. When I was trying to using zero ssl it’s http method had the same issue.

[pwhodges 2012]

After buying the domain name, you have to configure a A record with your IP address as well.  Godaddy can't block traffic, as no traffic goes through it - only the request for the address associated with the name (the A record)

 

When using Caddy you must open both ports 80 and 443 in your router/firewall to it - the authentication process uses port 80, and the certificate is used with https on port 443.  Any other contacts using port 80 will automatically be redirected to port 443.  You should check that port 80 is really open by using canyouseeme.org or a similar service.

 

If you still fail to get it working, post the Caddy log here for us to look at.

 

Paul