Letsencrypt Already registered or Wrote File couldn't download Problem on Fresh Pro Install

I recently purchased the pro version and installed in on a fresh server. I am attempting to set up a fresh copy using on of my domains from my old virtualmin. So I set the DNS to point to the new server and set it up, now I am trying to use the letsencrypt interface to create new keys to secure the site and web interface but keep getting the folowing:

Parsing account key... Parsing CSR... Registering account... Already registered! Verifying tsaust.in... Traceback (most recent call last): File "/usr/libexec/webmin/webmin/acme_tiny.py", line 203, in main(sys.argv[1:]) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 199, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 128, in get_crt wellknown_path, wellknown_url)) ValueError: Wrote file to /home/tsaustin/public_html/.well-known/acme-challenge/fkZIlj4bYjD3Q4YR3HH7fpFlY7WWdxnmmQucJFT_k-M, but couldn't download http://tsaust.in/.well-known/acme-challenge/fkZIlj4bYjD3Q4YR3HH7fpFlY7WW...

Looking at previous threads I've tried everything:

I've verified the directory is working as expected by echoing an index.html

http://tsaust.in/.well-known/acme-challenge/

I've verified my hostname is correct and that both www and without load fine. I have the both hostnames in my virtualhost (automatically set correctly)

SuexecUserGroup "#500" "#500" ServerName tsaust.in ServerAlias www.tsaust.in

I've added this to hosts:

138.68.10.126 tsaust.in 138.68.10.126 www.tsaust.in

Yet the error persists, any ideas?

Status: 
Active

Comments

Howdy -- hmm, that is indeed odd. I know you've tested some of this already, but just out of curiosity, what is the output of this command:

ls -la /home/tsaustin/public_html/.well-known/acme-challenge/

Jamie may have some additional thoughts as well.

[root@tsaust ~]# ls -la /home/tsaustin/public_html/.well-known/acme-challenge/ total 12 drwxr-xr-x 2 tsaustin tsaustin 4096 Jul 23 00:56 . drwxr-xr-x 3 tsaustin tsaustin 4096 Jul 23 00:40 .. -rw-rw-r-- 1 tsaustin tsaustin 5 Jul 23 00:56 index.html

Don't know if it this helps, but domains transferred already setup with lets encrypt moved over just fine, and domains moved over and then setup with lets encrypt for the first time worked as well. only the server domain and initial domain setup of tsaust.in won't work

That is indeed very odd! We might need to take a closer look at this one to figure out what's going on, but just to verify -- do you see this issue when trying it again? That is, have you verified that it's not just a one-time issue?

Another thing to check is if your server is behind some kind of NAT device that would prevent it from accessing it's own domain names.

For example, if you run curl http://tsaust.in/ on your Virtualmin server, does it output the correct HTML for that domain's website?

Per your request I tried again, here is the full output:

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying tsaust.in...
Traceback (most recent call last):
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 203, in <module>
    main(sys.argv[1:])
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 199, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 128, in get_crt
    wellknown_path, wellknown_url))
ValueError: Wrote file to /home/tsaustin/public_html/.well-known/acme-challenge/_XtMzIzYk_6_dAMdlH-2hDkqqHapumelrPk61PalVLU, but couldn't download http://tsaust.in/.well-known/acme-challenge/_XtMzIzYk_6_dAMdlH-2hDkqqHapumelrPk61PalVLU

Do you have any redirects or .htaccess files setup that could be blocking access to that directory?

One simple test is to create a file call test.txt in /home/tsaustin/public_html/.well-known/acme-challenge/ , and then try to access the URL http://tsaust.in/.well-known/acme-challenge/test.txt

You pointed me in the right direction

local server curl doesn't see the test file

[root@tsaust ~]# curl tsaust.in/.well-known/acme-challenge/index.html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /.well-known/acme-challenge/index.html was not found on this server.</p>
</body></html>

and from another server it works

[root@netburnr public_html]# curl tsaust.in/.well-known/acme-challenge/
test

Found that if I switch the apache document root to the homedir of the website I was trying to create the certificate on itw orked properly

/etc/httpd/conf/httpd.conf changed

DocumentRoot "/var/www/html/"

to

DocumentRoot "/home/tsaustin/public_html/"

Also have to adjust the certs to point to the new ones created and restart apache

/etc/httpd/conf.d/ssl.conf

SSLCertificateFile /home/tsaustin/ssl.cert
SSLCertificateKeyFile /home/tsaustin/ssl.key
SSLCACertificateFile /home/tsaustin/ssl.ca

service httpd restart

I'm glad to hear you got it working!

Is your server by chance running behind a NAT router? That is, does your server have an internal IP address?

Nope, they are digital ocean hosts on the internet using real IPs