Operating system: CentOS Linux 7.5.1804 / Webmin version: 1.894 / Virtualmin version: 6.04 / Apache Web Server / php loaded 5.4 / 7.0 / 7.1 -used by web site.
The issue started when the certificate update failed (after working successfully for the the last four updates
This was the original error message from the update not working: pre>www.captnslounge.info challenge did not pass: Invalid response from http://www.captnslounge.info/.well-known/acme-challenge/bdzdt48iruYpYiF8... "\n\n\n \n \n <meta htt"DNS-based validation failed : Failed to request certificate : www.captnslounge.info challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.captnslounge.info
It's as if "Let's Encrypt" has changed over to looking up the challenge via DNS.
These are the four urls associated to the web site, DNS is setup in GoDaddy, all pointing to same ip address. The site is appox 8 months old, and auto-update has never failed in the past, renewing every 2 months. I did also try renaming all the SSL files incase that was causing the issue.
I'm trying to use "Issue New", I do have a cert for captnslounge.com (part of trying to debug) active and I am trying to get the others working. If I use the "update" button instead, nothing happens.
captnslounge.com www.captnslounge.com captnslounge.info www.captnslounge.info
A response was written into /home/captnslounge/public_html/.well-known/acme-challenge (but not deleted)
ssl.CertificateError: hostname 'www.captnslounge.info' doesn't match 'captnslounge.com'
DNS-based validation failed : Failed to request certificate :
www.captnslounge.info challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.captnslounge.info
If I try just
captnslounge.com www.captnslounge.com
ssl.CertificateError: hostname 'www.captnslounge.com' doesn't match 'captnslounge.com'
DNS-based validation failed : Failed to request certificate :
www.captnslounge.com challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.captnslounge.com
Here is the full message from Virtualmin.
Requesting a certificate for captnslounge.com, www.captnslounge.com, captnslounge.info, www.captnslounge.info from Let's Encrypt .. .. request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last): File "/usr/libexec/webmin/webmin/acme_tiny.py", line 250, in main(sys.argv[1:]) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 246, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 154, in get_crt resp = urlopen(wellknown_url) File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen return opener.open(url, data, timeout) File "/usr/lib64/python2.7/urllib2.py", line 437, in open response = meth(req, response) File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response 'http', request, response, code, msg, hdrs) File "/usr/lib64/python2.7/urllib2.py", line 469, in error result = self._call_chain(*args) File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain result = func(*args) File "/usr/lib64/python2.7/urllib2.py", line 656, in http_error_302 return self.parent.open(new, timeout=req.timeout) File "/usr/lib64/python2.7/urllib2.py", line 431, in open response = self._open(req, data) File "/usr/lib64/python2.7/urllib2.py", line 449, in _open '_open', req) File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain result = func(*args) File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open context=self._context, check_hostname=self._check_hostname) File "/usr/lib64/python2.7/urllib2.py", line 1211, in do_open h.request(req.get_method(), req.get_selector(), req.data, headers) File "/usr/lib64/python2.7/httplib.py", line 1041, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1075, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/httplib.py", line 1037, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 881, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 843, in send self.connect() File "/usr/lib64/python2.7/httplib.py", line 1260, in connect server_hostname=sni_hostname) File "/usr/lib64/python2.7/ssl.py", line 348, in wrap_socket _context=self) File "/usr/lib64/python2.7/ssl.py", line 609, in init self.do_handshake() File "/usr/lib64/python2.7/ssl.py", line 839, in do_handshake match_hostname(self.getpeercert(), self.server_hostname) File "/usr/lib64/python2.7/ssl.py", line 271, in match_hostname % (hostname, dnsnames[0])) ssl.CertificateError: hostname 'www.captnslounge.com' doesn't match 'captnslounge.com'
DNS-based validation failed : Failed to request certificate :
www.captnslounge.com challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.captnslounge.com
I've no idea what to try next. Is it me or the code has changed, or "Let's Encrypt" has changed the way they are doing their checks.