Let's Encrypt error

Was wondering if anyone was getting the same error and figured it out. Tried two servers, same results - just the stock VirtualminPro install on CentOS 7.

Requesting a certificate for DOMINNAME from Let's Encrypt ..
.. request was successful!
Configuring webserver to use new certificate and key ..
Failed to request certificate : Failed to find section protocol imap !

Under "Configurable options for Webmin Configuration" the value is:
Full path to Let's Encrypt client command /usr/local/bin

We don't use the server for standard mail. Not sure why the reference to "imap" - just trying to install an SSL on the web server.

Status: 
Active

Comments

Now I might have a new problem.

Registering account... Already registered! Verifying domain-name.com... domain-name.com verified! Verifying www.domain-name.com... www.domain-name verified! Signing certificate... Traceback (most recent call last): File "/usr/libexec/webmin/webmin/acme_tiny.py", line 203, in main(sys.argv[1:]) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 199, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 166, in get_crt raise ValueError("Error signing certificate: {0} {1}".format(code, result)) ValueError: Error signing certificate: 429 { "type": "urn:acme:error:rateLimited", "detail": "Error creating new cert :: Too many certificates already issued for exact set of domains: domain-name.com,www.domain-name.com", "status": 429

Perhaps these "too many" are with Lets Encrypt. Disabling and reenabling SSL does not help.

unborn's picture
Submitted by unborn on Fri, 03/17/2017 - 15:26 Pro Licensee

@securewebs

Hi.. that is not issue at all.. this means that you already used your limit.. lets encrypt have limit for 5 domains/subdomains request in 7 days per server.. this means after 7 days you can re-request or request/renew again for your domains or another newer one. Those limits are in tcs of letsencrypt. You just have to wait for a week.. have some cup of tea and wait :) - disabling/re-enabling ssl would not help..

A cup a tea it is then. Thank you. Live and learn. It was not really a client request for a SSL, but I will still have to figure out the Failed to find section protocol imap ! error. Two completely different servers, not all that old. Nothing usual about them comes to mind. I assume if I tried more machines I might get the same error, or not I don't know. Just thought if it could happen to me the same day on two server it might have happened to someone else with more experience who could point me in the right direction. I will say I disable all but the web services and some other needed services as we try to just have web server do web hosting and mail server do mail hosting. Maybe there is something there that is giving the SSL a headache, I am not sure. Don't even have a working theory yet.

That imap error is odd, as that message doesn't appear to be anywhere in the Virtualmin code.

Which version are you running there?

CentOS Linux 7.3.1611
Linux 3.10.0-514.2.2.el7.x86_64 on x86_64
Virtualmin is 5.07

Yes, the error Failed to request certificate : Failed to find section protocol imap !

When I google around I don't find anything, except when I typed it in the forum some hours ago. Google is pretty aggressive on keeping up with the virtualmin forum. :-) I will try it on another server in the morning after a cup of coffee and see what happens. No clients with a problem yet. Just me playing around.

Ok I looked at the code and found a possible cause for this. It looks like the certificate was actually setup OK, but this error occurs afterwards.

pixel_paul's picture
Submitted by pixel_paul on Mon, 05/15/2017 - 03:13 Pro Licensee

Was a solution/work around found for this?

I've just run into the same problem. I might add that this is happening on a GCE instance.

A fix has been implemented, and will be included in the next Virtualmin release.

When is the next Virtualmin Release likely...

I have the same issue "Failed to install certificate : Failed to find section protocol imap !" and have a client waiting for a working SSL Cert.

Thanks... Great product BTW.

A couple of days at most.