Letsencrypt failure : Error getting validation data (domain URL problem ?) [#55606]

Submitted by karelnet on Sat, 02/03/2018 - 04:59

Hi all,

I use Letsencrypt module on several servers running Virtualmin, but one in particular is always getting an error when creating / renewing Certificate.

The domain is mail.qelinvest.co

Here is the error :

{
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:connection",
        "detail": "Fetching https://mail.qelinvest.co.well-known/acme-challenge/levxNkTxUx66iH87bTe1iSaa_Uz22oaiOw_K6Dmqh5A: Error getting validation data",
        "status": 400
      },
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/33axXlPIJkzI2xSebmKOlqzfPxtaAJmZe9Y8mjKSXeY/3318034010",
      "token": "levxNkTxUx66iH87bTe1iSaa_Uz22oaiOw_K6Dmqh5A",
      "keyAuthorization": "levxNkTxUx66iH87bTe1iSaa_Uz22oaiOw_K6Dmqh5A.SFs0zFDN7S_X-IpSgw4Yl71I-b_zmwZv50nW53r5ujE",
      "validationRecord": [
        {
         "url": "https://mail.qelinvest.co.well-known/acme-challenge/levxNkTxUx66iH87bTe1iSaa_Uz22oaiOw_K6Dmqh5A",
          "hostname": "mail.qelinvest.co.well-known",
          "port": "443"
        },
        {
          "url": "http://mail.qelinvest.co/.well-known/acme-challenge/levxNkTxUx66iH87bTe1iSaa_Uz22oaiOw_K6Dmqh5A",
          "hostname": "mail.qelinvest.co",
          "port": "80",
          "addressesResolved": [
            "37.187.113.149",
            "2001:41d0:a:6695::1"
          ],
          "addressUsed": "2001:41d0:a:6695::1"
        }
      ]
    },

Please take a look at something strange, the URL looks wrong :

"url": "https://mail.qelinvest.co.well-known/acme-challenge/levxNkTxUx66iH87bTe1iSaa_Uz22oaiOw_K6Dmqh5A",

"hostname": "mail.qelinvest.co.well-known",

where it should be :

"url": "https://mail.qelinvest.co/.well-known/acme-challenge/levxNkTxUx66iH87bTe1iSaa_Uz22oaiOw_K6Dmqh5A",

"hostname": "mail.qelinvest.co",

There is a slash missing and the domain is wrong... Any idea how to solve this ?

Status:

Closed (fixed)

Comments

Submitted by karelnet on Sun, 02/11/2018 - 08:16 Comment #1

Any idea guys ?

Submitted by andreychek on Mon, 02/12/2018 - 00:44 Comment #2

Howdy -- it sounds like this issue is just with this one domain?

Is it possible that there's a redirect occurring that's causing a problem, such as with a .htaccess file?

Submitted by karelnet on Mon, 02/12/2018 - 05:42 Comment #3

Thank you for your reply, it helped me to fix it. Actually you are right, it was a redirection problem with the permanent redirection from HTTP to HTTPS.

I implemented it in Apache server's config as : Redirect 301 / https://mail.qelinvest.co

Then I wrote : Redirect 301 / https://mail.qelinvest.co/

And it worked.

I was surprised, but I confirm you need the ending slash for a subdomain.

Submitted by andreychek on Mon, 02/12/2018 - 10:10 Comment #4

Great, I'm glad to hear that's working now, thanks for letting us know!