My Virtualmin Server is behind a Pfsense Firewall using 1:1Nat. DNS, etc. working fine. These Ports are open: 993, 25, 465, 443, 80, 110, 143, 995, 587
I can put a test.txt file into /home/my.domain.com/public_html/.well-known/acme-challenge/test.txt and open from externally it by using the proper my.domain.com.
I get:
Parsing account key... Parsing CSR... Registering account... Already registered! Verifying www.domain.com... Traceback (most recent call last): File "/usr/libexec/webmin/webmin/acme_tiny.py", line 203, in main(sys.argv[1:]) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 199, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 128, in get_crt wellknown_path, wellknown_url)) ValueError: Wrote file to /home/my.domain.com/public_html/.well-known/acme-challenge/nEY4exEhE5xVet5cXVnedawMbdI3YPhlnpjIZgRS_Sw, but couldn't download http://my.domain.com/.well-known/acme-challenge/nEY4exEhE5xVet5cXVnedawM...
There are no relevant logs in /var/log/messages No .htaccess file in public
I can not observe file creation in the acme-challenge subfolder though.
Comments
Submitted by mike0810 on Mon, 05/23/2016 - 10:56 Comment #1
Submitted by JamieCameron on Mon, 05/23/2016 - 13:14 Comment #2
If you put a test file into
acme-challenge, can you access it using thewgetcommand on your Virtualmin system?Submitted by mike0810 on Wed, 05/25/2016 - 06:23 Comment #3
Hi,
the solution for this Problem when using Virtualmin behind NAT 1:1 is to enable NAT Reflection inbound/outbound on Firewall. After that, the Certificate gets issued perfectly.
Submitted by mike0810 on Wed, 05/25/2016 - 06:23 Comment #4
Submitted by JamieCameron on Wed, 05/25/2016 - 08:30 Comment #5
Right - if the Virtualmin system cannot fetch a URL from it's own domain names, it can't verify that the Let's Encrypt challenge file exists.