Let's Encrypt for subdomains

I have a problem with generating ssl cert. but the problem is related only to a subdomain.

If I request a cert for gestione.societaoperaia.it i get this response:

Checking for new version... Requesting root privileges to run letsencrypt... /root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot -d gestione.societaoperaia.it --webroot-path /home/societao/domains/gestione.societaoperaia.it/public_html --duplicate --config /tmp/.webmin/211270_9708_1_letsencrypt.cgi Failed authorization procedure. gestione.societaoperaia.it (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gestione.societaoperaia.it/.well-known/acme-challenge/CbhSzF0D74K... 149.202.103.2: 401 IMPORTANT NOTES: - The following errors were reported by the server:

Domain: gestione.societaoperaia.it Type: unauthorized Detail: Invalid response from http://gestione.societaoperaia.it /.well-known/acme- challenge/CbhSzF0D74K8aKWvePRsjyJO2z7-iWYIcI9ZjaQm9B4 If I request a cert for any domain with a virtualhost in the form of "domain.xx" it's works fine.

I have the same error if I run from the command prompt:

./letsencrypt/letsencrypt-auto certonly --webroot -w /home/societao/domains/gestione.societaoperaia.it/public_html/ -d gestione.societaoperaia.it

Status: 
Active

Comments

Are you trying to create a single Let's Encrypt cert that matches both the top-level and sub-domains? That isn't currently supported by Virtualmin .. instead you need to create a sub-domains separately (assuming this is sub-domain that exists as a domain in Virtualmin).

No, I'm trying to create a cert. that matches only a subdomain. I'm trying to create it from subdomain admin. panel.

Thanks.

update:

I have tested let's encrypt ssl cert. generation for subdomain on another virtualmin server (GPL) and it works fine. On the first server I have always the same error:

Checking for new version... Requesting root privileges to run letsencrypt... /root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot -d gestione.societaoperaia.it --webroot-path /home/societao/domains/gestione.societaoperaia.it/public_html --duplicate --config /tmp/.webmin/399857_20274_1_letsencrypt.cgi Failed authorization procedure. gestione.societaoperaia.it (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gestione.societaoperaia.it/.well-known/acme-challenge/9u3HuAL2PW1... [149.202.103.2]: 401 IMPORTANT NOTES: - The following errors were reported by the server:

Domain: gestione.societaoperaia.it Type: unauthorized Detail: Invalid response from http://gestione.societaoperaia.it /.well-known/acme- challenge/9u3HuAL2PW1UZ8URSpQ0PmYW3N_4XRWkHA421lge1bw

But if I try to get a cert for any domain it works. The problem is only for subdomain and only on my virtualmin licensed server. I have tried to check permissions, but I can't find any reason for let's encrypt not working in subdomains.

Sorry for waste your time, but the problem was a directory restriction on .htaccess .

Thanks!