Certbot failed to authenticate some domains (authenticator: webroot)

mterlouw · March 18, 2023, 11:17am

SYSTEM INFORMATION
AlmaLinux 9.1
Webmin 2.013
Virtualmin 7.5
VPS running with QEMU Virtual CPU version 2.5+, 4 cores

The server’s SSL security no longer is functioning.
Who is willing to help me solve this SSL issue please?

Yesterday I moved my domain 365dagenduurzaam.nl to a server with Virtualmin.
Other domains I have moved before gave no problems.
After the new DNS values became active, I already requested an SSL certificate for the default domains under 365dagenduurzaam.nl.
That still went well.

Today I found out that when logging in to Virtualmin, no valid certificate is active anymore.
With that, all traffic to and from the web server is traceable via the web interface.
I requested a certificate from Letsencrypt again via ‘Virtualmin – Server configuaration’.
That does not go well!
The message is:
Requesting a certificate for vserver1.365dagenduurzaam.nl from Let’s Encrypt …
… request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for vserver1.365dagenduurzaam.nl

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: vserver1.365dagenduurzaam.nl
Type: unauthorized
Detail: 193.26.158.152: Invalid response from http://vserver1.365dagenduurzaam.nl/.well-known/acme-challenge/YWFVdF3h6NQBojmGAA71yN3HeqJ0wtcqxg7MLm2JrgM: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

letsencrypt.log:
2023-03-18 11:39:19,820:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py”, line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py”, line 206, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
certbot.errors.AuthorizationError: Some challenges have failed.

2023-03-18 11:39:19,820:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-03-18 11:39:19,820:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-03-18 11:39:19,820:DEBUG:certbot._internal.plugins.webroot:Removing /home/duurzaam/public_html/.well-known/acme-challenge/YWFVdF3h6NQBojmGAA71yN3HeqJ0wtcqxg7MLm2JrgM
2023-03-18 11:39:19,820:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-03-18 11:39:19,821:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/letsencrypt”, line 8, in
sys.exit(main())
File “/usr/lib/python3.9/site-packages/certbot/main.py”, line 19, in main
return internal_main.main(cli_args)
File “/usr/lib/python3.9/site-packages/certbot/_internal/main.py”, line 1736, in main
return config.func(config, plugins)
File “/usr/lib/python3.9/site-packages/certbot/_internal/main.py”, line 1590, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3.9/site-packages/certbot/_internal/main.py”, line 138, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3.9/site-packages/certbot/_internal/client.py”, line 516, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3.9/site-packages/certbot/_internal/client.py”, line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3.9/site-packages/certbot/_internal/client.py”, line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File “/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py”, line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py”, line 206, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
certbot.errors.AuthorizationError: Some challenges have failed.
2023-03-18 11:39:19,821:ERROR:certbot._internal.log:Some challenges have failed.

mterlouw · March 19, 2023, 4:42pm

Self fixed after a good night sleep.

The SSL Certificate for the servername in my DNS could not be created on my VPS with Virtualmin.

The solution was simply to create a new virtual server with a domain name equal to the server’s DNS name.

Create → request SSL certificate from Let’s Encrypt and done.

It can just be that simple sometimes.