I already did this but didn't solve my problem_acme-challenge.<YOUR_DOMAIN>
wget -O- --no-check-certificate http://yourtop.news/.well-known/acme-challenge/x--2024-09-06 13:05:43-- http://yourtop.news/.well-known/acme-challenge/xResolving yourtop.news (yourtop.news)... 31.15.171.21Connecting to yourtop.news (yourtop.news)|31.15.171.21|:80... connected.HTTP request sent, awaiting response... 301 Moved PermanentlyLocation: https://yourtop.news/.well-known/acme-challenge/x [following]--2024-09-06 13:05:43-- https://yourtop.news/.well-known/acme-challenge/xConnecting to yourtop.news (yourtop.news)|31.15.171.21|:443... connected.WARNING: cannot verify yourtop.news's certificate, issued by ‘CN=R11,O=Let's Encrypt,C=US’: Issued certificate has expired.HTTP request sent, awaiting response... 404 Not Found2024-09-06 13:05:43 ERROR 404: Not Found.
However, your web server obviously is configured to reply with a 301 redirect to all requests on port 80 to use HTTPS:
there was no change on server or opensense firewall or domain settings. After update it today nothing happens, still doesn't work.
#nslookup -query=any _acme-challenge.yourtop.news;; Got SERVFAIL reply from 127.0.0.53Server: 127.0.0.53Address: 127.0.0.53#53** server can't find _acme-challenge.yourtop.news: SERVFAIL
Even if you have instructed your provider to delegate something for DNS-01 challenge, this sure does not work either:Code: [Select]#nslookup -query=any _acme-challenge.yourtop.news;; Got SERVFAIL reply from 127.0.0.53Server: 127.0.0.53Address: 127.0.0.53#53** server can't find _acme-challenge.yourtop.news: SERVFAIL
You must disable the HTTPS redirect as already noted. Then it will work. You can re-enable after you have your certificate. Forget about DNS-01 at the moment, you clearly need to do some reading on how the thing works.