another letsencrypt issue [Solved]

CentOS 7 - up to date as of 3/30/2018
Upgraded Virtualmin from GPL to PRO via Virtualmin->System Settings->Upgrade…

New domain -
DNS resolves just fine - via mxtoolbox and intodns and my chrome web browser
Under Virtualmin->Logs and Reports->Check Connectivity

SSL website request failed 500 Can't connect to Make sure your system's web server is running, that port 443 is not blocked by a firewall, and that the domain has a valid index page.

Trying to get a LE cert:

Requesting a certificate for,,, from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
Gave up waiting for validation
DNS-based validation failed : Failed to request certificate :
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/”, line 250, in
File “/usr/libexec/webmin/webmin/”, line 246, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER,
File “/usr/libexec/webmin/webmin/”, line 128, in get_crt
“identifier”: {“type”: “dns”, “value”: domain},
File “/usr/libexec/webmin/webmin/”, line 63, in _send_signed_request
protected[“nonce”] = urlopen(CA + “/directory”).headers[‘Replay-Nonce’]
File “/usr/lib64/python2.7/”, line 154, in urlopen
return, data, timeout)
File “/usr/lib64/python2.7/”, line 431, in open
response = self._open(req, data)
File “/usr/lib64/python2.7/”, line 449, in _open
‘_open’, req)
File “/usr/lib64/python2.7/”, line 409, in _call_chain
result = func(*args)
File “/usr/lib64/python2.7/”, line 1258, in https_open
context=self._context, check_hostname=self._check_hostname)
File “/usr/lib64/python2.7/”, line 1214, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [Errno -3] Temporary failure in name resolution>

No clue what’s going on.

A rewrite somewhere maybe htaccess or in code…

I can’t find any redirects in .htaccess, the redirect http to https by default is off, but I think I know what it is/was…something called proxy pass? Going through my httpd.conf I found new sections for proxy in newer domains (after upgrade to pro) but not older ones. Removing proxy sections seems to have worked.