How to renew SSL Certificate for subdomain ? Unable to automatically

chegmarco · April 24, 2022, 2:25am

SYSTEM INFORMATION
OS type and version	Ubuntu 20.04 LTS
Virtualmin version	6.17-3

Hello.

When I try to connect to my subdomain using Virtualmin/Webmin, I receive an error notification that the date of the “Let’s Encrypt” SSL Certificate which was already activated and very operational for the Virtual Server (erp.mydomain.com), has expired which blocks direct access to the subdomain at the level of the various web browsers and considers this subdomain as a link which could be dangerous because it is not secure:

So, when I try to manually renew the SSL Certificate whose date has expired, I get the following error:

Requesting a certificate for erp.mydomain.com from Let's Encrypt ..
.. request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for erp.mydomain.com
Using the webroot path /home/mydomain/domains/erp.mydomain.com/public_html for all unmatched domains.
Waiting for verification...
Challenge failed for domain erp.mydomain.com
http-01 challenge for erp.mydomain.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: erp.mydomain.com
   Type:   unauthorized
   Detail: 159.65.90.131: Invalid response from
   http://erp.mydomain.com/.well-known/acme-challenge/CKqPrRYpd2EPOBKBAZNuhdxj8r_oZOZ0A4rbOfLpFxY:
   404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
   DNS-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.

1 - How to correct this problem of updating the SSL Certificate (Let’s Encrypt) on my “erp.mydomain.com” subdomain (whose domain name “mydomain.com” is registered with “Namecheap” and the Server Web is a Droplet from “DigitalOcean”) knowing that this certificate was activated and working very well but all of a sudden it doesn’t work anymore???

2 - Is there an effective method to configure the automatic activation or update of the SSL Certificate when it expires ???

Thank you please help me.

Joe · April 24, 2022, 3:26am

Whether it is a subdomain is irrelevant. They’re all the same.

Are you sure DNS points to the right place? Are you proxying or redirecting or something that prevents Let’s Encrypt from being able to reach .well-known from the filesystem on that domain? That’d be your problem.

chegmarco · April 24, 2022, 4:32am

Can someone help me find a solution to my problem ???

Joe · April 24, 2022, 7:06am

Create a file in .well-known/ within that domain. Can you reach that file with your browser? I’ll bet you can’t, and that’s why LE won’t validate.

Joe · April 24, 2022, 7:07am

And, look in the error log and access log when trying to look at it for clues about why it isn’t accessible.

system · June 23, 2022, 7:07am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.