Let's Encrypt Failing

Vmin GPL (webmin 1.932 / virtualmin 6.08)
CentOS 7.7.1908

Renewing a LE cert for:

mydomain.com
www.mydomain.com
mail.mydomain.com
autoconfig.mydomain.com
autodiscover.mydomain.com
server1.mydomain.com

fails and I get these errors:

request failed : Web-based validation failed : Failed to request certificate :
mydomain.com challenge did not pass: Fetching https://mydomain.com/.well-known/acme-challenge/beYJTLRBsBzfs_kxSwUJ0MFoScoXk2QYxPFsvEuV7AU: Timeout during connect (likely firewall problem)

DNS-based validation failed : Failed to request certificate :
Undefined subroutine &main::restart_zone called at /usr/libexec/webmin/webmin/letsencrypt-dns.pl line 47.
mydomain.com challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mydomain.com

Things I’ve noticed/checked:

  • Firewalld settings are the same as a similar domain on another instance of Vmin, which successfully renewed.
  • Added the patch in this Github commit for letsencrypt-cleanup.pl & letsencrypt-dns.pl (https://github.com/webmin/webmin/commit/771be1a754fafa02abb5d5670f3ba4a6e94f30c4), no difference renewal errors still occur.
  • Noticed an _acme-challenge TXT entry is created in DNS Records, this is not created in the successfully renewing domain on my other Vmin instance.
  • HTTP/HTTPS redirects are the same in this domain as the other instance.
  • I do not have a .well-known directory under public_html on EITHER instances - I was under the impression that this is no longer needed, but the errors perhaps indicate that it is - although I don’t seem to need one on the other ‘successful’ instance.

Sorted. Removed the ipv6 addresses from the DNS records and added back the well-known folder (not sure which or both of these did it - I should have tested more precisely)

I must admit that ipv6 setup is a bit of a mystery to me - not sure what I’ll do when I actually come round to needing them.

Because You selected all of Your domain and subdomain and maybe one of them not reachable. So, try to use only for really working domain, example domain.com and www only.