Let's Encrypt errors...I'm totally lost on this

arretx · October 19, 2020, 5:39am

Operating system:
Ubuntu 18.04
OS version:

Simply trying to add SSL via Let’s Encrypt like I have on any other virtual host. I get the following error, but I don’t know what it means.

Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 149, in get_crt
    raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for archives.jongriffith.com: {'identifier': {'type': 'dns', 'value': 'archives.jongriffith.com'}, 'status': 'invalid', 'expires': '2020-10-26T05:30:46Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Invalid response from http://archives.jongriffith.com/.well-known/acme-challenge/Ude3CnCEryea7QApybqvXa9lQBWezXDQ-I0HDo_scJ8 [68.15.186.195]: "<!DOCTYPE HTML PUBLIC \\"-//IETF//DTD HTML 2.0//EN\\">\\n<html><head>\\n<title>404 Not Found</title>\\n</head><body>\\n<h1>Not Found</h1>\\n<p"', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/7993025485/xOnbcw', 'token': 'Ude3CnCEryea7QApybqvXa9lQBWezXDQ-I0HDo_scJ8', 'validationRecord': [{'url': 'http://archives.jongriffith.com/.well-known/acme-challenge/Ude3CnCEryea7QApybqvXa9lQBWezXDQ-I0HDo_scJ8', 'hostname': 'archives.jongriffith.com', 'port': '80', 'addressesResolved': ['68.15.186.195'], 'addressUsed': '68.15.186.195'}]}]}

Uh? Why would this not work as it has on many other virtual hosts?

calport · October 19, 2020, 6:37am

When I try to visit archives.jongriffith.com, I am redirected to the naked domain. It might be that this redirect is causing the failure of the SSL certificate application.

arretx · October 19, 2020, 8:08pm

Oh wow…you’re right, it is redirected. Weird. So I’ve seen this before but I don’t recall how to fix it.

It’s redirecting to the first virtual host in the list (alphabetically sorted) of Virtual Servers.

If you visit https://archives.jongriffith.com the site loads but without a legit certificate. If you go to http://archives.jongriffith.com, it redirects to the top VS in the list.

It seems that the following line:
<VirtualHost *:80>
is the culprit. This was at the top of the conf file. I changed it to the server’s IP address and was able to retrieve the certificate for the site. Now, strangely, the site just takes forever to load if I use http and loads right up if I use https.

Anyway, thanks for the clue in. I wouldn’t have thought of that.

system · October 23, 2020, 8:08pm

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.