Can not setup SSL Let's Encrypt SSL Certificat - Help me to fix that

SYSTEM INFORMATION
OS type and version Ubuntu 20.0.4
Virtualmin version 7.9.0

Hello.

By trying to generate a new SSL Certificat in Virtualmin (Manage Virtual Server => Setup SSL Certificate => Let’s Encrypt), I got this following error:

Requesting a certificate for ourdomainname.net, www.ourdomainname.net, mail.ourdomainname.net, admin.ourdomainname.net, webmail.ourdomainname.net from Let’s Encrypt …
… request failed : Web-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Reusing existing private key from /etc/letsencrypt/live/ourdomainname.net/privkey.pem.
Performing the following challenges:
http-01 challenge for admin.ourdomainname.net
http-01 challenge for mail.ourdomainname.net
http-01 challenge for webmail.ourdomainname.net
http-01 challenge for ourdomainname.net
Using the webroot path /home/ourdomainname.net/public_html for all unmatched domains.
Waiting for verification...
Challenge failed for domain admin.ourdomainname.net
Challenge failed for domain mail.ourdomainname.net
Challenge failed for domain webmail.ourdomainname.net
Challenge failed for domain ourdomainname.net
http-01 challenge for admin.ourdomainname.net
http-01 challenge for mail.ourdomainname.net
http-01 challenge for webmail.ourdomainname.net
http-01 challenge for ourdomainname.net
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: admin.ourdomainname.net
   Type:   connection
   Detail: 63.xxx.xxx.xxx: Fetching https://ourdomainname.net:10000/: Invalid
   port in redirect target. Only ports 80 and 443 are supported, not
   10000

   Domain: webmail.ourdomainname.net
   Type:   connection
   Detail: 63.xxx.xxx.xxx: Fetching https://ourdomainname.net:20000/: Invalid
   port in redirect target. Only ports 80 and 443 are supported, not
   20000

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - The following errors were reported by the server:

   Domain: mail.ourdomainname.net
   Type:   unauthorized
   Detail: 63.xxx.xxx.xxx: Invalid response from
   https://mail.ourdomainname.net/.well-known/acme-challenge/mPtr6MjYQwarLxsCW1YIUX3TZyr6vC01lLUw5y89mJs:
   404

   Domain: ourdomainname.net
   Type:   unauthorized
   Detail: 63.xxx.xxx.xxx: Invalid response from
   https://ourdomainname.net/.well-known/acme-challenge/R4b3nO4d7a2dmVOcdo2UJbnxWUoIg1OdeJYbgU7MhXM:
   404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

DNS-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Reusing existing private key from /etc/letsencrypt/live/ourdomainname.net/privkey.pem.
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
Please see the logfiles in /var/log/letsencrypt for more details.

PLEASE, HOW TO FIX THAT AND GENERATE SSL Certificat for my DOMAIN NAME ???

You have multiple issues.

The redirects that Virtualmin creates for admin and webmail normally have a rule to prevent requests to .well-known from being redirected. Something about your configuration changes (or Server Template changes, or something else) have broken that.

e.g. it normally looks something like this:

    RewriteEngine on
    RewriteCond %{HTTP_HOST} =webmail.virtualmin.com
    RewriteRule ^(?!/.well-known)(.*) https://virtualmin.com:20000/ [R]
    RewriteCond %{HTTP_HOST} =admin.virtualmin.com
    RewriteRule ^(?!/.well-known)(.*) https://virtualmin.com:10000/ [R]

Find those rules in your virtual host config file in /etc/apache2/sites-available and post them here. (I recommend you use example.tld when you need a fake placeholder domain and always wrap domain names in backticks (`), so you won’t get hit by the spam filter.)

The 404 errors for the other domains also indicates web server misconfiguration (you have something sucking up all requests; you need to exclude .well-known always), or possibly DNS (is it actually pointing to the right IP?).

Thanks @Joe for your answer. In my /etc/apache2/sites-available/example.tld.conf file, here is the part of what you asked me:

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.example.tld
RewriteRule ^(?!/.well-known)(.*) https://example.tld:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.example.tld
RewriteRule ^(?!/.well-known)(.*) https://example.tld:10000/ [R]

I just replaced my domain name by example.tld.

And strangely, When I try a second time to request SSL Certificat still in Virtualmin, I got different message like this following:

Requesting a certificate for example.tld, www.example.tld, mail.example.tld, admin.example.tld, webmail.example.tld from Let’s Encrypt …
… request failed : Web-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Reusing existing private key from /etc/letsencrypt/live/example.tld/privkey.pem.
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
Please see the logfiles in /var/log/letsencrypt for more details.

DNS-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Reusing existing private key from /etc/letsencrypt/live/example.tld/privkey.pem.
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
Please see the logfiles in /var/log/letsencrypt for more details.

PLEASE, NEED YOUR HELP

You’re going to have to wait. You’ve tried a bunch, it failed a bunch, and now Let’s Encrypt is rejecting your requests.

Wait a while. Fix the problems, and then try again once you know the validation can succeed.

Create a file in /home/example/public_html/.well-known and browse to that file in your browser. Can you retrieve the file, or do you get an error? That’s what you need to fix before you try Let’s Encrypt again.

Maybe try as well
https://letsdebug.net/

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.