Let's encrypt DNS challenge

Virtualmin
1
SYSTEM INFORMATION
OS type and version Ubuntu 22.04
Webmin version 2.105
Virtualmin version 7.9.0

Hi, I receive this log from Let’s Encrypt renewal process (also the web one fails, but that’s ok for me):

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for domain.com and 6 more domains

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
  Domain: admin.domain.com
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.admin.domain.com - check that a DNS record exists for this domain

  Domain: autoconfig.domain.com
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.autoconfig.[domain.com](http://domain.com) - check that a DNS record exists for this domain

  Domain: autodiscover.domain.com
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.autodiscover.domain.com - check that a DNS record exists for this domain

  Domain: mail.domain.com
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.domain.com - check that a DNS record exists for this domain

  Domain: webmail.domain.com
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.webmail.domain.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

On Virtualmin’s DNS records I only see one TXT record:

_acme-challenge.domain.com TXT

And that’s what I put on cloudflare’s DNS (I’m using that).

What do I miss to make the process work? Many TXTs as requested, all with the same ?

Thank you.
2

As for the web LE request, the strange part for me is it’s requesting the www version of the subdomains:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for domain.com and 6 more domains

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: admin.domain.com
  Type:   dns
  Detail: 194.163.174.60: Fetching https://www.admin.domain.com/.well-known/acme-challenge/bQMSwGexd0Pr0xMWrUIEQ-qRkW6RE3fgEEBBhcX6ICk: DNS problem: NXDOMAIN looking up A for www.admin.domain.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.admin.domain.com - check that a DNS record exists for this domain

  Domain: autoconfig.domain.com
  Type:   dns
  Detail: 194.163.174.60: Fetching https://www.autoconfig.domain.com/.well-known/acme-challenge/lnFu8kUp8gVNiJhUksAd8P5WWpvpHn--gackts9Ohx0: DNS problem: NXDOMAIN looking up A for www.autoconfig.domain.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.autoconfig.domain.com - check that a DNS record exists for this domain

  Domain: autodiscover.domain.com
  Type:   dns
  Detail: 194.163.174.60: Fetching https://www.autodiscover.domain.com/.well-known/acme-challenge/NjzH_eDoGn5hKMtM5gHfO5x_VkiLacW-2ZUknu6jWYc: DNS problem: NXDOMAIN looking up A for www.autodiscover.domain.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.autodiscover.domain.com - check that a DNS record exists for this domain

  Domain: webmail.domain.com
  Type:   dns
  Detail: 172.67.218.70: Fetching https://www.webmail.domain.com/.well-known/acme-challenge/VUy3lS8QiF4MZgpzZZg9fewD27B2GsXAtfTWpPsuf4U: DNS problem: NXDOMAIN looking up A for www.webmail.domain.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.webmail.domain.com - check that a DNS record exists for this domain

  Domain: mail.domain.com
  Type:   unauthorized
  Detail: 104.21.45.190: Invalid response from https://mail.domain.com/.well-known/acme-challenge/7MQZVe53eeRw3C720mr-aMR1pArLIaYOQ8ZqC-IQiaQ: 526

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
3

I also tried the LE request for another domain, with the very same DNS configuration on cloudflare, and it went smooth:

Requesting a certificate for worldsinperil.it, www.worldsinperil.it, mail.worldsinperil.it, admin.worldsinperil.it, webmail.worldsinperil.it, autoconfig.worldsinperil.it, autodiscover.worldsinperil.it from Let's Encrypt ..
.. request was successful!

Configuring webserver to use new certificate and key ..
.. done

Applying webserver configuration ..
.. done

So I’m really missing something, probably this works via web, and the other does not?

I’ll look for something on the website, probably interfering with the process.

On the other side, how to properly setup the DNS challenge, so that I can use that instead of the web one?

Thank you.

4

Ok, found out the website was redirecting http to https, now the process works via web request as intended.

Still do not understand how to setup the DNS challenge.

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.