Let's Encrypt SSL certificate ".. request failed : Web-based validation failed : Failed to request certificate :"

7 posts / 0 new
Last post
#1 Mon, 03/04/2019 - 23:56
Michael_AU

Let's Encrypt SSL certificate ".. request failed : Web-based validation failed : Failed to request certificate :"

Good afternoon everyone I have a website that is online https://m-a.training that I added a sub domain to that I am trying to add to SSL Certificate from Let's Encrypt. The initial certificate still works but I am unable to get a certificate that encompasses the sub domain video.m-a.training. The output from the attempt to get a certificate is below.

Validating configuration for m-a.training .. .. no problems found Requesting a certificate for m-a.training, www.m-a.training, video.m-a.training, www.video.m-a.training from Let's Encrypt .. .. request failed : Web-based validation failed : Failed to request certificate :

video.m-a.training challenge did not pass: Invalid response from https://video.m-a.training/.well-known/acme-challenge/Gdl8yRr2kXSCWeFCVA... [2606:4700:30::681f:498a]: "\n\n<!--[if IE 7]> <html class=\"no-js " DNS-based validation failed : Failed to request certificate : Gave up waiting for validation

m-a.training is behind Cloudflare and it works, when I try to get to video.m-a.training Cloudflare redirects to https (which is what I want anyway) and gives me a 526 Invalid SSL certificate error.

Can anyone offer any guidance for this issue? Any and all help is greatly appreciated. Cheers. Michael.

Tue, 03/05/2019 - 12:09
Michael_AU

Justin I'm not sure if your comment is spam or not. The link to assignment help is not required in your response so I'm not sure why you put it there unless your intent is to spam this forum.

In response to the rest of your post I do not see any gain in buying a wildcard certificate and buying a wildcard certificate certainly wont "lower administrative and development expenses" because Let's Encrypt is free and the server costs me nothing. Helping me work through my problem will be a gain because I will learn something instead of getting help on assignments.

Thu, 03/07/2019 - 03:43
noisemarine

For LE to work, you need unencrypted access to the /.well-known directory. That means your webserver has to be properly configured for the domain/s you are requesting certs for, and you do not redirect to https for the http://example.com/.well-known/ URL. It looks like you just need to fix your redirect to exclude that directory.

And yes, the post was SPAM. Sadly, there isn't a "report post" feature on this forum to draw the mods attention to it.

Thu, 04/04/2019 - 23:34 (Reply to #3)
Michael_AU

Hi noisemarine Thanks for your reply and I apologise for not getting back to you sooner. I have tried excluding that directory from the redirect using Cloudflare's page rules and even though I am still unable to get a certificate for video.m-a.training the error is now different. I am now confronted with "Error registering: JWS has invalid anti-replay nonce" and a long alphanumeric string after this. I have looked at the forum on Cloudflare and a few different threads say this is common and on a 2nd attempt a certificate will be granted but this has not been the case for me.

Just as an aside I have never had a Let's Encrypt certificate request granted 1st attempt but always worked 2nd time around so when I read that it would work on the 2nd attempt I thought it was business as usual. Alas I was wrong.

Cheers. Michael.

Thu, 03/07/2019 - 04:55
acosonic

For virtualmin team, IMHO ./well-known should be added as alias on per-vhost because in many cases people are having .htaccess overriding stuff at public_html... Causing bunch of complaints...

So please make proper alias for ./well-known and include it in default installation...

Thu, 04/04/2019 - 23:36 (Reply to #5)
Michael_AU

Hi acosonic, I 2nd this motion.

Sun, 04/07/2019 - 02:57
just_me

+1

Topic locked