SYSTEM INFORMATION | |
---|---|
OS type and version | Ubuntu 22.04.4 |
Webmin version | 2.105 |
Virtualmin version | 7.10.0 Pro |
Related packages | CertBot 1.21.0 |
Situation:
- Virtualmin deployed on Ubuntu
- Created virtual server
- DNS records self-managed
- No bespoke configuration, no messing with LE/CertBot configs
- Request SSL certificate via Let’s Encrypt without wildcard
Result: Certificate request fails
/etc/letsencrypt/cli.ini with defaults:
# Because we are using logrotate for greater flexibility, disable the
# internal certbot logrotation.
max-log-backups = 0
# Adjust interactive output regarding automated renewal
preconfigured-renewal = True
The web-based validation part from /var/log/letsencrypt/letsencrypt.log:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
DNS problem: looking up A for admin.EXAMPLE.com: DNSSEC: Bogus; DNS problem: looking up AAAA for admin.EXAMPLE.com: DNSSEC: Bogus
DNS problem: looking up A for EXAMPLE.com: DNSSEC: Bogus; DNS problem: looking up AAAA for EXAMPLE.com: DNSSEC: Bogus
DNS problem: looking up A for mail.EXAMPLE.com: DNSSEC: Bogus; DNS problem: looking up AAAA for mail.EXAMPLE.com: DNSSEC: Bogus
DNS problem: looking up A for webmail.EXAMPLE.com: DNSSEC: Bogus; DNS problem: looking up AAAA for webmail.EXAMPLE.com: DNSSEC: Bogus
DNS problem: looking up A for www.EXAMPLE.com: DNSSEC: Bogus; DNS problem: looking up AAAA for www.EXAMPLE.com: DNSSEC: Bogus
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
The DNS-based validation part from /var/log/letsencrypt/letsencrypt.log:
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
DNS problem: looking up TXT for _acme-challenge.admin.EXAMPLE.com: DNSSEC: Bogus
DNS problem: looking up TXT for _acme-challenge.EXAMPLE.com: DNSSEC: Bogus
DNS problem: looking up TXT for _acme-challenge.mail.EXAMPLE.com: DNSSEC: Bogus
DNS problem: looking up TXT for _acme-challenge.webmail.EXAMPLE.com: DNSSEC: Bogus
DNS problem: looking up TXT for _acme-challenge.www.EXAMPLE.com: DNSSEC: Bogus
Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.
The last lines of /var/log/letsencrypt/letsencrypt.log:
DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/bin/letsencrypt", line 33, in <module>
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1434, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Tested on another Ubuntu 22.04.4 with Virtualmin 7.9.0 installed and the certificate creation runs like a charm.
I can’t figure what the heck the issue is. Any pointers?