Let's Encrypt certificate request fails on Webmin

11 posts / 0 new
Last post
#1 Sat, 03/18/2017 - 11:25

Let's Encrypt certificate request fails on Webmin

This works perfectly on a server, fails on a second similar one.

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying ns375370.ip-5-196-93.eu...
Wrote file to /var/www/.well-known/acme-challenge/XOk_i459ouVrns6zoI72W7bRs9ChWoNfZtpIPt16ClE, but couldn't download http://ns375370.ip-5-196-93.eu/.well-known/acme-challenge/XOk_i459ouVrns6zoI72W7bRs9ChWoNfZtpIPt16ClE
Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 203, in <module>
  File "/usr/share/webmin/webmin/acme_tiny.py", line 199, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 154, in get_crt
    domain, challenge_status))
ValueError: ns375370.ip-5-196-93.eu challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'url': u'http://ns375370.ip-5-196-93.eu/.well-known/acme-challenge/XOk_i459ouVrns6zoI72W7bRs9ChWoNfZtpIPt16ClE', u'hostname': u'ns375370.ip-5-196-93.eu', u'addressUsed': u'', u'port': u'80', u'addressesResolved': [u'']}], u'keyAuthorization': u'XOk_i459ouVrns6zoI72W7bRs9ChWoNfZtpIPt16ClE.V5FvzyLdNvUJYbXYcpLD2b_DwIIJXNn3FW5Ho0nZRSw', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/ZDXcHCWrYkFirdTzgZtBP1ExcH9Dz2qHzUBlDOMnmGU/825589159', u'token': u'XOk_i459ouVrns6zoI72W7bRs9ChWoNfZtpIPt16ClE', u'error': {u'status': 403, u'type': u'urn:acme:error:unauthorized', u'detail': u'The key authorization file from the server did not match this challenge [XOk_i459ouVrns6zoI72W7bRs9ChWoNfZtpIPt16ClE.V5FvzyLdNvUJYbXYcpLD2b_DwIIJXNn3FW5Ho0nZRSw] != [<h1>Website Disabled</h1>]'}, u'type': u'http-01'}

Thanks for help

Thu, 03/23/2017 - 04:47

I got an identical error on an automatic renewal yesterday. Manually invoking the renewal failed with the same error message.

Possibly related to the latest update with unspecified Let's Encrypt bug fixes?

Thu, 03/23/2017 - 10:47

It appears that the error message is "Website Disabled" so I'm assuming you can't renew SSL certs for a domain that is disabled.

Thu, 03/23/2017 - 13:29

Oh sorry, my error wasn't completely identical then: I got a 404 Not Found error. The rest of the output with the traceback etc. looked identical. My site isn't disabled in the VirtualMin control panel, and had previously renewed without problems (and without changes to the setup since last renewal).

Sun, 03/26/2017 - 08:43

I mean installing a certificate for Webmin standa alone , not Virtualmin Apache virtual web servers. I would need it This feature does not seem to work anymore on Webmin unless the certificate is inherited from a Virtualmin server web server (in one case, Virtualmin is not even installed) . /var/www allows to write the challenge, but something goes wrong after.

Sun, 11/12/2017 - 03:01

I still have this problem. Suddently, Webmin Letsencrypt certificate fails to renew on one server. The file .well-known/acme-challenge/xxx is correctly writte, but cannot be accessed - the URL gives "Website disabled" I have absolutely no web site set at this place /var/www, I even stopped Apache

Any idea? Thanks

Mon, 11/13/2017 - 15:42

I am also experiencing this as well. Instead of "Website disabled," it says "404 Not Found."

Any solution to this? My certificate expires tomorrow (Nov 14).


Update: Issue solved. Mod Security was causing a 403 forbidden when trying to create certificate resulting in the 404 Not Found error for me.

Wed, 12/27/2017 - 14:33 (Reply to #7)
atleast's picture

Greeetings DonX can you kindly share a few details how did you fix that issue? I am having same issue where the certi is now renewing and giving similar error.

Sun, 02/11/2018 - 01:20 (Reply to #8)

Hello atleast, sorry for delayed response.

To solve the issue, I temporarily disabled mod security, then renewed the certificate and then finally enabled mod security.

Sat, 02/10/2018 - 18:11

Edit: Reply to atleast above.

Sat, 02/24/2018 - 19:32

When I try to request expiring certificate I'm getting: (deleted) EDIT: Oops. Sorry. It looks like letsencrypt was trying to use AAAA entry for my domain, and I have some ipv6 problems on server. After removing AAAA for few minutes everything works fine.

Topic locked