letsencrypt fails for specific domains

Submitted by master-helper on Sun, 04/03/2016 - 16:01

Requesting a certificate for long domains including hyphens will fail with the following message:

Requesting a certificate for some-long.subdomain.example.com from Let's Encrypt .. ..
request failed : Expected full certificate file /fullchain.pem was not found

It seems the problem is in sub request_letsencrypt_cert {}.

if ($out =~ /(\/.*\.pem)/) {
    # Output contained the full path
    $full = $1;
    }

The output of the letsencrypt client will have a line break after the first hyphen of the domain, so the regexp will only match the last part of the full path:

    /letsencrypt/live/some-   **(line break here)**
    long.subdomain.example.com-0006/fullchain.pem

I fixed it quick and dirty by adjusting the regexp to also match line breaks and stripped all whitespaces after that. It works but I'm not sure if that's the right way of dealing with this. Also I'm not really familiar with Perl.

Status: 
Closed (fixed)

Comments

Submitted by JamieCameron on Sun, 04/03/2016 - 16:35

Thanks for pointing this out - I'll fix webmin to deal with long wrapped PEM format lines.

Submitted by JamieCameron on Sun, 04/03/2016 - 16:36

Status: Active » Fixed

jontorrado's picture
Submitted by jontorrado on Tue, 05/17/2016 - 08:28

I'm experiencing this issue or something similar. Just fresh installed letsencrypt with Webmin 1.795 and the only failing subdomain is the one having a hyphen. Can you re-check this issue?

Joe's picture
Submitted by Joe on Tue, 05/17/2016 - 11:47 Pro Licensee

Jamie may not have rolled a new version since putting into git. We' usually roll new releases frequently enough to where that isn't an issue, but we haven't rolled a new Virtualmin in a little bit (working on next Cloudmin release), but I'll poke Jamie to see if we can get this rolled out today.

Submitted by andreychek on Tue, 05/17/2016 - 11:51

Joe, this actually appears to be a Webmin issue, and Jamie noted fixing this in early April. In theory, the latest Webmin version should contain that fix.

jontorrado's picture
Submitted by jontorrado on Tue, 05/24/2016 - 01:24

Any updates about this?