LetsEncrypt now requires DNS to be hosted with dreamhost?


#1

Hello,

We have been successfully running our https domain on dreamhost with a letsencrypt certificate, with the domain managed by another registrar and the DNS service run by non-dreamhost DNS servers.

The certificate expired recently, but unfortunately something seems to have changed on the dreamhost certificate-generation-process end.

When I try to refresh the certificate by (re)setting the secure hosting option in the panel to letsencrypt I get an error message that I haven’t seen before asking me to move my DNS service to dreamhost.

Is there any way I can get the previously-working letsencrypt certificate generation process to work for me again without having to redo my DNS setup?

Thank you!

Regards,
Tony


#2

Try again. I get that frequently. If necessary, delete the existing certificate and go again (again). Those are the steps I’ve followed and it’s worked.

To throw in an added challenge, I use Cloudflare, and the DNS doesn’t even point to a DreamHost server…yet I’m still able to get certificates.


#3

Hi Scott,

Thanks. I’ve tried (including, just now, removing the existing secure hosting, and then trying to add it back several times) and it seems very consistent. The error message is as follows:

“Uh oh! Please fix the errors below:
Sorry! It does not appear that you are hosting this domain here. Please host your DNS with us, or have your external DNS configured to point to your DreamHost website.”


#4

Just to be sure, does your external DNS match the DNS records here at DreamHost?

The good news is if your DNS records do match the records at DreamHost, Support should be able to take care of it if you open a support ticket.

As an aside, a whole batch of mine just auto-renewed on June 4th. And that’s on my Cloudflare fronted domains. What I do know happens is the Let’s Encrypt process adds a .well-known directory to my site(s) containing a unique filename to verify proper domain hosting. Dunno why DNS is such an issue if all it’s doing is looking for a hosted filename.


#5

LetsEncrypt does work with 3rd-party DNS, however the DreamHost implementation is a bit too strict sometimes.

One thing that helped when I got stuck was to convert any relevant CNAME record to an A record. I suspect the DreamHost script does not always resolve CNAME records correctly.


#6

@smaffulli this could use escalation internally the generation script you guys is finicky and breaks sites often


#7

It’s not clear to me what the issue is, honestly. I looked in our internal tracker and didn’t find open tickets that seem related to this thread… Can someone affected by this issue be more specific please?