This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Let's Encrypt not working: Gave up waiting for validation

1 post / 0 new

Topic locked

#1 Mon, 10/16/2017 - 06:13

tycoon

Let's Encrypt not working: Gave up waiting for validation

I'm having a strange issue with LetsEncrypt on one of my sites. It's a virtual server with 7 alias domains (and multiple subservers with their own certificates). Requesting a certificate through Let's Encrypt used to work before (although it took very long), but now it completely stopped working.

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying tycoonmedia.net...
tycoonmedia.net verified!
Verifying www.tycoonmedia.nl...
Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 235, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 231, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 171, in get_crt
    raise ValueError("Gave up waiting for validation")
ValueError: Gave up waiting for validation

DNS-based validation failed : Failed to request certificate :

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying tycoonmedia.net...
Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 235, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 231, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 171, in get_crt
    raise ValueError("Gave up waiting for validation")
ValueError: Gave up waiting for validation

The acme-challenge files are accessible over both IPv4 and IPv6, and over http (i disable the https redirect when requesting the certificate) or https
All files return code 200, no redirects
The _acme-challenge txt record created on the main domain can be retrieved both locally and externally with dig.

The _acme-challenge record is only set on the main domain, and only a single file is created in the acme-challenges folder.

According to the Apache access log the file is never being accessed by the Let's Encrypt. It only shows 2 entries with the local IP

2a01:7c8:fff9:f6::1 - - [16/Oct/2017:12:52:53 +0200] "GET /.well-known/acme-challenge/p4aL87vTIcmVeLPLu0RZNBGxLh676I7x74xxtJSZVJ4 HTTP/1.1" 200 294 "-" "Python-urllib/2.7"
2a01:7c8:fff9:f6::1 - - [16/Oct/2017:12:52:54 +0200] "GET /.well-known/acme-challenge/A9Ffv9V9p0MFEuthTihZeCzx0__fpoimOmqgU7vsBY4 HTTP/1.1" 200 294 "-" "Python-urllib/2.7"

Requesting certificates on other virtual servers works just fine...

I have seen the other posts on the forum with similar issues but none offered a solution.

Hope someone can help, big thanks in advance