Can NOT create Let's Encrypt Certificates on Virtualmin 6.11 for admin and webmail sub-domains

ssears · August 10, 2020, 12:21am

Following are my Specs and the Error Message. It is on a new install of 16.04 (It’s a fresh install to upgrade an old 14.04 install that I inhereted. When I try to create a Let’s Encrypt Cert I get the error below.

Operating system Ubuntu Linux 16.04.6
Webmin version 1.954 Usermin version 1.803
Virtualmin version 6.11 Authentic theme version 19.53-2
Time on system Monday, August 10, 2020 12:08 AM Kernel and CPU Linux 4.4.0 on x86_64
Processor information Intel® Xeon® CPU E3-1240 V2 @ 3.40GHz, 4 cores

Requesting a certificate for kewlmarketing.com, www.kewlmarketing.com, mail.kewlmarketing.com, admin.kewlmarketing.com, webmail.kewlmarketing.com from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :

Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/usr/share/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 149, in get_crt
raise ValueError(“Challenge did not pass for {0}: {1}”.format(domain, authorization))
ValueError: Challenge did not pass for admin.kewlmarketing.com: {‘challenges’: [{‘type’: ‘http-01’, ‘token’: ‘7qKCjy-povtvvFqtEs1xCXktbqJ5lGbSl5G071qumoA’, ‘error’: {‘type’: ‘urn:ietf:params:acme:error:dns’, ‘detail’: “DNS problem: SERVFAIL looking up A for admin.foo.com - the domain’s nameservers may be malfunctioning”, ‘status’: 400}, ‘url’: ‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6418886612/zhYdkQ’, ‘status’: ‘invalid’}], ‘status’: ‘invalid’, ‘identifier’: {‘type’: ‘dns’, ‘value’: ‘admin.kewlmarketing.com’}, ‘expires’: ‘2020-08-16T16:10:32Z’}
, DNS-based validation failed : Only the offical Let’s Encrypt client supports DNS-based validation

calport · August 10, 2020, 4:15am

The request for certificate renewal is failing in Virtualmin 6.11 due to this sub-domain. There are two ways to solve this problem:

assuming you use a third party DNS service, create a domain admin.kewlmarketing.com and point it to the IP address of your system

Or

apply for a certificate only for kewlmarketing.com and www.kewlmarketing.com, not the rest of the domains

ssears · August 12, 2020, 2:48am

Still having some issues with this. Below is the latest error message:

Web-based validation failed : Failed to request certificate :

Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])

calport · August 12, 2020, 4:54am

Are you still seeing this as part of the error message:

Challenge did not pass for admin.kewlmarketing.com

ssears · August 12, 2020, 1:24pm

Yes, but there was an upgrade to the software this AM. I was hopeful it would solve my issue, but it didn’t.

Part of the issue could be DNS related, but more importantly the system is having issues writing to the domain Directories.

Will I lose everything is I re-install just the Virtualmin Core?

I’m thinking that will all the issues that I have had with this server install there may have been some unseen install errors.

Blockquote
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for admin.kewltoys.com http-01 challenge for kewltoys.com http-01 challenge for webmail.kewltoys.com http-01 challenge for www.kewltoys.com Using the webroot path /home/kewltoys/public_html for all unmatched domains. Waiting for verification… Cleaning up challenges Failed authorization procedure. admin.kewltoys.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for admin.kewltoys.com - the domain’s nameservers may be malfunctioning, webmail.kewltoys.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for webmail.kewltoys.com - the domain’s nameservers may be malfunctioning, www.kewltoys.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for www.kewltoys.com - the domain’s nameservers may be malfunctioning, kewltoys.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for kewltoys.com - the domain’s nameservers may be malfunctioning IMPORTANT NOTES: - The following errors were reported by the server: Domain: admin.kewltoys.com Type: None Detail: DNS problem: SERVFAIL looking up A for admin.kewltoys.com - the domain’s nameservers may be malfunctioning Domain: webmail.kewltoys.com Type: None Detail: DNS problem: SERVFAIL looking up A for webmail.kewltoys.com - the domain’s nameservers may be malfunctioning Domain: www.kewltoys.com Type: None Detail: DNS problem: SERVFAIL looking up A for www.kewltoys.com - the domain’s nameservers may be malfunctioning Domain: kewltoys.com Type: None Detail: DNS problem: SERVFAIL looking up A for kewltoys.com - the domain’s nameservers may be malfunctioning

, DNS-based validation failed :

Blockquote

ssears · August 12, 2020, 1:29pm

I’m thinking I have an issue with my DNS, but it is working for email.

Is it possible to install Virtualmin Core without losing my current config?

I am wondering if there are errors in the initial install that are endemic to the system. It seems to be somewhat unstable.

When I run tests on the DNS it comes back good, but still seems to have some issues.

I am also having a problem with writing to some webdirectories. I.E. When I try to install a Joomla Backup File (created with Akeeba) writing to the space fails, As well as other things. Also PHP is not accessing index.php files, but can access other php files. This is regardless of whether I type in the full URL (including index.php) or not.

adamjedgar · August 12, 2020, 3:19pm

I have never been able to get the joomla akeeba backup to work in restoring sites in my virtualmin system.
With your certificate, remove everything but just the single parent domain kewltoys.com.
See if it will just get a certificate for that only (no subdomains)

Also, re php…see if this helps https://stackoverflow.com/questions/2384423/index-php-not-loading-by-default

ssears · August 12, 2020, 3:57pm

I have been using Akeeba for over 7 years on Virtualmin.

It’s not the only software having trouble creating files though.

I’ve also tried the single domain and it still fails with similar errors.

I’m very far in on the build and really don’t want to start from scatch.

system · September 11, 2020, 3:58pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.