Failed to renew Lets' encrypt certificate

Operating system: Centos
OS version: 8

My domain certificate has expired.
When I go to renew it I get the following error:
IMPORTANT NOTES:

  • The following errors were reported by the server:Domain: myvideoimage.com
    Type: unauthorized
    Detail: Incorrect TXT record “v=DKIM1; k=rsa; t=s;
    p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDgW6gxtwVwwkRhL49QcK9ppNEV2He3aR…”
    found at _acme-challenge.myvideoimage.comTo fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.
  • The following errors were reported by the server:Domain: www.myvideoimage.com
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.www.myvideoimage.com - check that a DNS record
    exists for this domain

I found this documentation on the page: Challenge Types - Let’s Encrypt - Free SSL/TLS Certificates :

"HTTP-01 challenge

This is the most common challenge type today. Let’s Encrypt gives a token to your ACME client, and your ACME client puts a file on your web server at http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN> . That file contains the token, plus a thumbprint of your account key."

I checked on the server the folder /.well-known/acme-challenge/ exists but there is no TOKEN
I also found this wording:

“Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443. It does not accept redirects to IP addresses. When redirected to an HTTPS URL, it does not validate certificates (since this challenge is intended to bootstrap valid certificates, it may encounter self-signed or expired certificates along the way).”

My DNS provider’s control panel contains recod @ A pointing to my server 93.38.118.232 Could this be the problem?

I manually installed the certificate. Maybe the problem is Virtualmin not having updated features yet.

But I can’t import the certificate in Virtualmmin in the tab:

Server Configuration> SSL Certificate> Update Certificate

I select the two files fullchain.perm, privkey.perrm and if I press “Update” the following error appears:

Certificate installation failed: Missing or invalid signed SSL certificate: Line 30 does not look like PEM format.

Do you have any idea what the problem is?
Thank you

The certificate works on the website, but in Webmin I get this error:

"Attention!
SSL certificate warning
Some virtual servers’ SSL certificates have expired: myvideoimage.com "

I had a similar problem awhile ago related to aliases that Virtualmin adds to the apache config for the virtual server. By default it will attempt to fetch certs for all alaises… Do you have DNS entries for all your alaises?

Your “@” record should point to the IP that your “myvideoimage.com” virtual server is hosted on. But if you have a “www.myvideoimage.com” listed as an alias you should make sure you have a “www” A record is also pointing to the same IP.

Alternatively if you are Lazy like me you can just make a “wild card pointer” to you server if you are hosting everything in one place. Do this by adding a “*” A record that points to that server IP. Also helpful if someone uses a wrong subdomain that way they still at least end up at your default page.

After the last system update today, the problem has reoccurred. Failed to renew the certificate. Do you know if the problem will be corrected again?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.