Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

midascodebreaker's avatar

lets encrypt staging ssl , always fail to install

Hi i have a server with 2 sites of laravel installed. one for production one for staging...

i manage to producte domain.com and www.domain.com ssl in my first laravel app... but the 2nd app installation for staging always fails...

also im using cloudflare as my dns provider...

i already added staging in my A record...

i got this error log in my forge..

Creating well known challenge directory...
Installing LetsEncrypt client...
Cloning into 'letsencrypt1466830715'...
Configuring client...
Restarting Nginx...
Generating Certificate...
# INFO: Using main config file /root/letsencrypt1466830715/config
+ Generating account key...
+ Registering account key with letsencrypt...
Processing staging.domain.com
 + Signing domains...
 + Creating new directory /root/letsencrypt1466830715/certs/staging.domain.com ...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for staging.domain.com...
 + Responding to challenge for staging.domain.com...
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:acme:error:connection",
    "detail": "DNS problem: NXDOMAIN looking up A for staging.domain.com",
    "status": 400
  },
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/rl8l_5WZdNiHXbVru-ig5ZmT7_hp7dI7GZjl2LdeHqo/140722431",
  "token": "9m2Sp98ucKPzImKzyCLGbFnKoC_u8qBDphzoe5F6fl0",
  "keyAuthorization": "9m2Sp98ucKPzImKzyCLGbFnKoC_u8qBDphzoe5F6fl0._trVJasqyzJ4xwNyIuAkUI6sj1K1t170Wwlfo9G1a04",
  "validationRecord": [
    {
      "url": "http://staging.domain.com/.well-known/acme-challenge/9m2Sp98ucKPzImKzyCLGbFnKoC_u8qBDphzoe5F6fl0",
      "hostname": "staging.javisbotmessenger.com",
      "port": "80",
      "addressesResolved": null,
      "addressUsed": ""
    }
  ]
})

anyone can help me make it work thanks

0 likes
5 replies
ejdelmonico's avatar

Make sure you remove the default site or it will not work. Also, I am not sure Let's Encrypt will work on a subdomain. You will need a wild card certificate to do that.

Thyrosis's avatar

The error LE returns is:

DNS problem: NXDOMAIN looking up A for staging.domain.com

This means that for some reason, the A record staging.{yourdomain.ext} doesn't resolve properly (yet). When did you make the change in CloudFlare? DNS changes can take up to 24 hours to become active.

ejdelmonico's avatar

@moses Eventually, Let's Encrypt will support subdomains but it currently does not work yet as far as I am aware. They have made announcements but have not released it. when it is ready, Forge will have to support it as well. I have heard of people making an A record for the subdomain instead of a CNAME and having it work. You could try that otherwise you will need a wildcard certificate to cover the subdomains.

1 like

Please or to participate in this conversation.