This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Cannot install Let's Encrypt certificates

5 posts / 0 new

Topic locked

Last post

#1 Sun, 07/15/2018 - 03:56

visionquest

Cannot install Let's Encrypt certificates

Firstly I already have another server with a different provider on which Let's Encrypt certificate installation is successful. That server is running the same OS and Virtualmin versions as the problem server.

OS: Debian 9
Virtualmin: 6.03

Problem

No .well-known/acme-challenge directories or verification file are created.

If the .well-known/acme-challenge directories are created manually by the virtual server's owner, a verification file is created but it is owned by root and the same error results. (Error output at the end.)

Directory permissions for /home/user/public_html

Each directory in the path is 755

Usual open ports are:

PORT STATE SERVICE
21/tcp open ftp 53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
2222/tcp open EtherNetIP-1
2382/tcp open ms-olap3
10000/tcp open snet-sensor-mgmt
20000/tcp open dnp

53/udp open domain
139/udp open|filtered netbios-ssn
161/udp open|filtered snmp
445/udp open|filtered microsoft-ds
5060/udp open|filtered sip

However, the certificate request was also retried with the firewall off and accepting all incoming, outgoing and forwarding requests.

The problem is present on two top-level virtual servers, one with simply an index.html file and one with a Drupal 7 installation with the .htaccess file temporarily disabled.

Error output:

Requesting a certificate for communitybetterworld.org, www.communitybetterworld.org from Let's Encrypt .. .. request failed : Web-based validation failed : Failed to request certificate :

www.communitybetterworld.org challenge did not pass: Invalid response from http://www.communitybetterworld.org/.well-known/acme-challenge/PTZ3GruEU_GOlAbERyPP3VIk29Aapoqy5Fhb58iqH0w: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

DNS-based validation failed : Failed to request certificate :

www.communitybetterworld.org challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.communitybetterworld.org

I've exceeded the allowed number of requests from Let's Encrypt and have to wait a week but in the meantime if there are any thoughts on this I can be prepared for when I can make a new request.

Cheers,

Noel

#2 Sun, 07/15/2018 - 16:21

noisemarine

Do you have anything in Virtualmin -> [server name] -> Server Configuration -> Website Redirects?

#3 Sun, 07/15/2018 - 19:25

visionquest

Thanks @noisemarine. There are no redirects and I just enabled SSL on another virtual server and requested a LE certificate and the result is the same error as above.

#4 Thu, 07/26/2018 - 07:29

Freddy63

Are you sure www.communitybetterworld.org resolving to your server?

I provide FREE Server Management Services in exchange of money

#5 Tue, 08/21/2018 - 01:25

thathwamasi

Hello visionquest, FI DNS entries are correct try this from cli

virtualmin generate-letsencrypt-cert --domain domain1.com --domain www.domain1.com --domain domain2

Topic locked