Cannot install Let's Encrypt certificates

visionquest · July 15, 2018, 8:56am

Firstly I already have another server with a different provider on which Let’s Encrypt certificate installation is successful. That server is running the same OS and Virtualmin versions as the problem server.

OS: Debian 9
Virtualmin: 6.03

Problem

No .well-known/acme-challenge directories or verification file are created.

If the .well-known/acme-challenge directories are created manually by the virtual server’s owner, a verification file is created but it is owned by root and the same error results. (Error output at the end.)

Directory permissions for /home/user/public_html

Each directory in the path is 755

Usual open ports are:

PORT STATE SERVICE
21/tcp open ftp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
2222/tcp open EtherNetIP-1
2382/tcp open ms-olap3
10000/tcp open snet-sensor-mgmt
20000/tcp open dnp

53/udp open domain
139/udp open|filtered netbios-ssn
161/udp open|filtered snmp
445/udp open|filtered microsoft-ds
5060/udp open|filtered sip

However, the certificate request was also retried with the firewall off and accepting all incoming, outgoing and forwarding requests.

The problem is present on two top-level virtual servers, one with simply an index.html file and one with a Drupal 7 installation with the .htaccess file temporarily disabled.

Error output:

Requesting a certificate for communitybetterworld.org, www.communitybetterworld.org from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :

www.communitybetterworld.org challenge did not pass: Invalid response from http://www.communitybetterworld.org/.well-known/acme-challenge/PTZ3GruEU_GOlAbERyPP3VIk29Aapoqy5Fhb58iqH0w: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

DNS-based validation failed : Failed to request certificate :

www.communitybetterworld.org challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.communitybetterworld.org

I’ve exceeded the allowed number of requests from Let’s Encrypt and have to wait a week but in the meantime if there are any thoughts on this I can be prepared for when I can make a new request.

Cheers,

Noel

noisemarine · July 15, 2018, 9:21pm

Do you have anything in Virtualmin -> [server name] -> Server Configuration -> Website Redirects?

visionquest · July 16, 2018, 12:25am

Thanks @noisemarine. There are no redirects and I just enabled SSL on another virtual server and requested a LE certificate and the result is the same error as above.

Freddy63 · July 26, 2018, 12:29pm

Are you sure www.communitybetterworld.org resolving to your server?

thathwamasi · August 21, 2018, 6:25am

Hello visionquest,
FI DNS entries are correct try this from cli

virtualmin generate-letsencrypt-cert --domain domain1.com --domain www.domain1.com --domain domain2