Operating system: CentOS Linux 7.5.1804 / Webmin version: 1.894 / Virtualmin version: 6.04 / Apache Web Server / php loaded 5.4 / 7.0 / 7.1 -used by web site.
The issue started when the certificate update failed (after working successfully for the the last four updates
This was the original error message from the update not working: pre>www.captnslounge.info challenge did not pass: Invalid response from http://www.captnslounge.info/.well-known/acme-challenge/bdzdt48iruYpYiF8… "\n\n\n \n \n <meta htt"DNS-based validation failed : Failed to request certificate : www.captnslounge.info challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.captnslounge.info
It’s as if “Let’s Encrypt” has changed over to looking up the challenge via DNS.
These are the four urls associated to the web site, DNS is setup in GoDaddy, all pointing to same ip address. The site is appox 8 months old, and auto-update has never failed in the past, renewing every 2 months. I did also try renaming all the SSL files incase that was causing the issue.
I’m trying to use “Issue New”, I do have a cert for captnslounge.com (part of trying to debug) active and I am trying to get the others working. If I use the “update” button instead, nothing happens.
captnslounge.com
www.captnslounge.com
captnslounge.info
www.captnslounge.info
A response was written into /home/captnslounge/public_html/.well-known/acme-challenge (but not deleted)
ssl.CertificateError: hostname ‘www.captnslounge.info’ doesn’t match ‘captnslounge.com’
DNS-based validation failed : Failed to request certificate :
www.captnslounge.info challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.captnslounge.info
If I try just
captnslounge.com
www.captnslounge.com
ssl.CertificateError: hostname ‘www.captnslounge.com’ doesn’t match ‘captnslounge.com’
DNS-based validation failed : Failed to request certificate :
www.captnslounge.com challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.captnslounge.com
Here is the full message from Virtualmin.
Requesting a certificate for captnslounge.com, www.captnslounge.com, captnslounge.info, www.captnslounge.info from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 250, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 246, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 154, in get_crt
resp = urlopen(wellknown_url)
File “/usr/lib64/python2.7/urllib2.py”, line 154, in urlopen
return opener.open(url, data, timeout)
File “/usr/lib64/python2.7/urllib2.py”, line 437, in open
response = meth(req, response)
File “/usr/lib64/python2.7/urllib2.py”, line 550, in http_response
‘http’, request, response, code, msg, hdrs)
File “/usr/lib64/python2.7/urllib2.py”, line 469, in error
result = self._call_chain(*args)
File “/usr/lib64/python2.7/urllib2.py”, line 409, in _call_chain
result = func(*args)
File “/usr/lib64/python2.7/urllib2.py”, line 656, in http_error_302
return self.parent.open(new, timeout=req.timeout)
File “/usr/lib64/python2.7/urllib2.py”, line 431, in open
response = self._open(req, data)
File “/usr/lib64/python2.7/urllib2.py”, line 449, in _open
‘_open’, req)
File “/usr/lib64/python2.7/urllib2.py”, line 409, in _call_chain
result = func(*args)
File “/usr/lib64/python2.7/urllib2.py”, line 1258, in https_open
context=self._context, check_hostname=self._check_hostname)
File “/usr/lib64/python2.7/urllib2.py”, line 1211, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File “/usr/lib64/python2.7/httplib.py”, line 1041, in request
self._send_request(method, url, body, headers)
File “/usr/lib64/python2.7/httplib.py”, line 1075, in _send_request
self.endheaders(body)
File “/usr/lib64/python2.7/httplib.py”, line 1037, in endheaders
self._send_output(message_body)
File “/usr/lib64/python2.7/httplib.py”, line 881, in _send_output
self.send(msg)
File “/usr/lib64/python2.7/httplib.py”, line 843, in send
self.connect()
File “/usr/lib64/python2.7/httplib.py”, line 1260, in connect
server_hostname=sni_hostname)
File “/usr/lib64/python2.7/ssl.py”, line 348, in wrap_socket
_context=self)
File “/usr/lib64/python2.7/ssl.py”, line 609, in init
self.do_handshake()
File “/usr/lib64/python2.7/ssl.py”, line 839, in do_handshake
match_hostname(self.getpeercert(), self.server_hostname)
File “/usr/lib64/python2.7/ssl.py”, line 271, in match_hostname
% (hostname, dnsnames[0]))
ssl.CertificateError: hostname ‘www.captnslounge.com’ doesn’t match ‘captnslounge.com’
DNS-based validation failed : Failed to request certificate :
www.captnslounge.com challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.captnslounge.com
I’ve no idea what to try next. Is it me or the code has changed, or “Let’s Encrypt” has changed the way they are doing their checks.