Cannot SSL certs for edge.a1z.us

Tested a1z.us in both mxtoolbox and dnstruff: No errors. Only SMTP warnings.

I am able ping this GCP VM (CentOS 8) from home: shows the correct public IP.

Tested for A record from windows/home pc: Seems ok.

PS C:\Users\user> resolve-dnsname -name edge.a1z.us -server edge.a1z.us -type A                                         Name                                           Type   TTL   Section    IPAddress                                        ----                                           ----   ---   -------    ---------                                        edge.a1z.us                                    A      38400 Answer     35.184.118.13                                                                                                                                                            Name      : edge.a1z.us                                                                                                 QueryType : NS                                                                                                          TTL       : 38400                                                                                                       Section   : Authority                                                                                                   NameHost  : edge.a1z.us
Requesting a certificate for edge.a1z.us from Let's Encrypt ..
.. request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for edge.a1z.us
Using the webroot path /home/edge/public_html for all unmatched domains.
Waiting for verification...
Challenge failed for domain edge.a1z.us
http-01 challenge for edge.a1z.us
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: edge.a1z.us
   Type:   unauthorized
   Detail: Invalid response from
   http://edge.a1z.us/.well-known/acme-challenge/oumfWyyQxe15okVaM_OgD-EIL5VzwYqf4f-kxXJZt4A
   [35.184.118.13]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>403
   Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
, DNS-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for edge.a1z.us
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Waiting for verification...
Challenge failed for domain edge.a1z.us
dns-01 challenge for edge.a1z.us
Cleaning up challenges
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: edge.a1z.us
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.edge.a1z.us - check that a DNS record exists for
   this domain
[edge@edge public_html]$ cat /etc/hostname
edge.a1z.us
[edge@edge public_html]$ cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
35.184.118.13   edge.a1z.us
35.184.118.13   edge.hostlawn.com
10.128.0.17 edge.a1z.us edge  # Added by Google
169.254.169.254 metadata.google.internal  # Added by Google
[edge@edge public_html]$ cat /etc/resolv.conf
nameserver 169.254.169.254
nameserver 127.0.0.1
search us-central1-c.c.eng-contact-245618.internal c.eng-contact-245618.internal google.internal a1z.us
# Generated by NetworkManager
[edge@edge public_html]$
Status: 
Active

Comments

bislinks's picture
Submitted by bislinks on Mon, 05/18/2020 - 21:32 Pro Licensee

Update:

Permissions for public_html : 755

bislinks's picture
Submitted by bislinks on Tue, 05/19/2020 - 08:45 Pro Licensee

Update 3:

I do not have neither problem (ssl/curl) on (an)other site(s) hosted on the same VM

bislinks's picture
Submitted by bislinks on Tue, 05/19/2020 - 09:05 Pro Licensee

Got SSL from Lets Encrypt for edge.a1z.us (but not for *.edge.a1z.us) after

manually creating ./well-known/acme-challenge directories. 

There might be other reasons I am probably unaware of...
bislinks's picture
Submitted by bislinks on Tue, 05/19/2020 - 09:10 Pro Licensee

Also, cURL did not show errors.