I imported a domain from a cPanel backup and I tried requesting a Let’s Encrypt SSL certification for just “lejendz com” and the www version, and I get the following error.
Request Certificate
Requesting a certificate for lejendz com, www from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/usr/share/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 149, in get_crt
raise ValueError(“Challenge did not pass for {0}: {1}”.format(domain, authorization))
ValueError: Challenge did not pass for lejendz com: {‘identifier’: {‘type’: ‘dns’, ‘value’: ‘lejendz com’}, ‘status’: ‘invalid’, ‘expires’: ‘2020-09-01T00:14:52Z’, ‘challenges’: [{‘type’: ‘http-01’, ‘status’: ‘invalid’, ‘error’: {‘type’: ‘urn:ietf:params:acme:error:dns’, ‘detail’: ‘DNS problem: query timed out looking up CAA for lejendz com’, ‘status’: 400}, ‘url’: ', ‘token’: ‘’, ‘validationRecord’: [{‘url’: ‘lejendz com/.well-known/acme-challenge/’, ‘hostname’: ‘lejendz com’, ‘port’: ‘80’, ‘addressesResolved’: [‘IPADDRESS’], ‘addressUsed’: ‘IPADDRESS’}]}]}
, DNS-based validation failed : Only the offical Let’s Encrypt client supports DNS-based validation
If the new (Virtualmin) server is providing DNS service, you need to re-point the nameserver IP address entries to the new nameservers’ IP addresses. You would do this in your registrar’s control panel.
If you’re using third-party DNS, you’d have to make the changes there.
If you’re still using cPanel for DNS, and you have other sites using those nameservers, then you’ll have to create new namservers for the new server and assign their IP addresses in your registrar’s control panel. You’ll also have to re-point the nameservers for the one migrated domain to the new nameservers.
There are other possibilities depending on your specific situation (for example, if you have other domains on the losing server that you’ll be migrating).
If you have other domains on the losing server that you’ll be moving, setting the TTLs on the DNS for the moved domains to something ridiculously low (like 300) on the losing server, and pointing the already-moved domains to the new server’s IP with “A” entries in the old server’s DNS records, might solve your problem while DNS is propagating.
I say “might” because I’ve never tried it with LE DNS-based validation. I can’t think of a reason why it wouldn’t because it’s not at all uncommon for a domain’s DNS to be provided by a different server than the one upon which it resides, but I’ve never actually tried it with LE.
That may have fixed it? Requesting a certificate worked this time, but it looks like more servers are seeing my DNS now too - so who knows. Either way, let’s just marked this solved for now I guess