One of the features that RunCloud offers is automatically deploying Let’s Encrypt SSL, which allows you to secure your web applications. However, sometimes you may encounter issues when installing or renewing your Let’s Encrypt SSL certificates, such as AutoRenewal failing or Challenge failing for domain(s).

AutoRenewal Failed Issue

This issue occurs when the renewal date of your SSL certificate is either empty or missing in the RunCloud database, preventing RunCloud from renewing it automatically. This may happen due to errors or glitches in the communication between RunCloud and Let’s Encrypt.

To fix this issue, manually renew your SSL certificate by using the ‘Redeploy’ button in the top right of your web application settings. This will force RunCloud to request a new SSL certificate from Let’s Encrypt and install it on your web application.

SSL Certificate Installation Failure Due to NXDOMAIN Error

If you have configured your DNS records correctly and still get an error message saying, “Let’s Encrypt ACME Challenge failed…NXDOMAIN looking up A for www.example.com,” it indicates a DNS resolution problem.

Let’s Encrypt uses the ACME protocol to validate domain ownership. One validation method (HTTP-01) involves placing a specific file on your web server at a well-known location. Let’s Encrypt then attempts to access this file via the domain name.

The error message usually pinpoints the specific domain that’s causing the problem. For instance, if the error says “NXDOMAIN looking up A for www.example.com,” there’s a DNS resolution issue specifically for the www subdomain, even if you have records, for example.com itself.

Double-check your DNS records using the following online tools:

After making any changes, remember that DNS propagation takes time (sometimes a few minutes, sometimes hours).

DNS propagation check

The following example shows a ❌ next to every check location, indicating that the tested domain’s DNS records are not configured properly.

You can update your DNS records and retry the SSL certificate installation if you receive a similar error message.

If you want to avoid these errors in the future, you can use RunCloud’s integrated DNS Manager, which automatically configures the correct DNS records for you.

Challenge Failed For Domain(s)

This issue occurs when Let’s Encrypt fails to verify your domain ownership or validity, which prevents RunCloud from obtaining a new SSL certificate for your web application. This may happen due to misconfiguration or errors in your DNS records, web server settings, or firewall rules.

To fix this issue, you’ll need to check and correct some of the possible causes, such as:

  1. Ensure you apply SSL to the correct domain name that matches your web application name.
  2. Ensure that your domain name has a valid A record that points to your server IP address or a valid CNAME record that points to your Cloudflare domain name.
  3. Ensure your web server (NGINX or Apache) is running and listening on port 80, which is required for Let’s Encrypt validation.
  4. Ensure your firewall rules allow incoming traffic on port 80 from Let’s Encrypt servers.
  5. Ensure that your web application folder does not contain files or folders that may interfere with the Let’s Encrypt validation process, such as .well-known, .htaccess, etc.

You can also try redeploying your SSL certificate using the ‘Redeploy’ button in the top right of your web application settings. This will make RunCloud retry the challenge process and install the SSL certificate on your web application.

If none of the above solutions work and you still have issues installing or renewing your Let’s Encrypt SSL certificates, you can contact RunCloud support by submitting a support ticket from your RunCloud dashboard. We will try to help you with your issue as soon as possible.