Submitted by Jason Bobier on Wed, 09/11/2019 - 02:03 Pro Licensee
My LetsEncrypt certs fail to renew because the script sets the DNS txt, but doesn't wait long enough for the zone to propagate through my slave servers. It would be nice if there was a configurable amount of time between when it updates the zone and when it requests the cert renewal.
Alternately, if the cert renewal fails, if it could just try again after some amount of time.
Thanks
Status:
Fixed (pending)
Comments
Submitted by JamieCameron on Wed, 09/11/2019 - 23:47 Comment #1
That's odd, as currently Virtualmin waits for 10 seconds after applying the DNS changes to allow for propagation.
Does it take longer than this on your system?
Submitted by Jason Bobier on Thu, 09/12/2019 - 03:21 Pro Licensee Comment #2
Yeah, I'm using BuddyDNS for secondary servers and it can take a couple of minutes for all of their zones to update.
Submitted by JamieCameron on Sun, 09/15/2019 - 16:46 Comment #3
Hmm ... I'm not sure what we could do then that wouldn't make all DNS let's encrypt validation take a long time.
Submitted by Jason Bobier on Mon, 09/16/2019 - 02:46 Pro Licensee Comment #4
Well, the easiest solution would be to make the number of seconds configurable.
Submitted by JamieCameron on Tue, 09/17/2019 - 01:06 Comment #5
Good idea, we'll do that in the next Webmin release.
Submitted by Jason Bobier on Tue, 09/17/2019 - 02:45 Pro Licensee Comment #6
Thanks!
Submitted by Jason Bobier on Sun, 11/10/2019 - 03:57 Pro Licensee Comment #7
Hey there, is this going out soon? I just had my renewal fail again. This time thought, there is an error involved:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for <domain>.com
dns-01 challenge for <domain>.com
Hook command "/etc/webmin/webmin/letsencrypt-dns.pl" returned error code 1
Error output from letsencrypt-dns.pl:
Undefined subroutine &main::restart_zone called at /usr/share/webmin/webmin/letsencrypt-dns.pl line 47.
Hook command "/etc/webmin/webmin/letsencrypt-dns.pl" returned error code 1
Error output from letsencrypt-dns.pl:
Undefined subroutine &main::restart_zone called at /usr/share/webmin/webmin/letsencrypt-dns.pl line 47.
Waiting for verification...
Cleaning up challenges
Hook command "/etc/webmin/webmin/letsencrypt-cleanup.pl" returned error code 1
Error output from letsencrypt-cleanup.pl:
Undefined subroutine &main::restart_zone called at /usr/share/webmin/webmin/letsencrypt-cleanup.pl line 38.
Hook command "/etc/webmin/webmin/letsencrypt-cleanup.pl" returned error code 255
Error output from letsencrypt-cleanup.pl:
Undefined subroutine &main::restart_zone called at /usr/share/webmin/webmin/letsencrypt-cleanup.pl line 38.
Failed authorization procedure. <domain>.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.<domain>.com, <domain>.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.<domain>.com
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: <domain>.com
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.<domain>.com
Domain: <domain>.com
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.<domain>.com
Submitted by JamieCameron on Sun, 11/10/2019 - 18:39 Comment #8
That's a separate bug - you can fix it by applying this patch : https://github.com/webmin/webmin/commit/771be1a754fafa02abb5d5670f3ba4a6...
Submitted by Jason Bobier on Mon, 11/11/2019 - 06:31 Pro Licensee Comment #9
OK, thanks. Do you have an estimate of when that fix and the one for my issue will be released?
Submitted by Jason Bobier on Tue, 11/12/2019 - 03:13 Pro Licensee Comment #10
Hmm... Are you sure that the new restart zone command works? It doesn't error out like the old one, but it doesn't appear to be restarting the zone.