Let's Encrypt issue on subserver

xtalksi · February 25, 2020, 10:58am

Hello!
I have problem with geting certificate for my subserver!
Any solutions?
best regards,
Goran

Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/usr/share/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 143, in get_crt
raise ValueError(“Wrote file to {0}, but couldn’t download {1}: {2}”.format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/vpslineeu/domains/typoclean.vpsline.eu/public_html/.well-known/acme-challenge/9nltwf-FWnNrgmhkAPNcE05exS4oLR6VDYozib5F_Nw, but couldn’t download http://autoconfig.typoclean.vpsline.eu/.well-known/acme-challenge/9nltwf-FWnNrgmhkAPNcE05exS4oLR6VDYozib5F_Nw: Error:
Url: http://autoconfig.typoclean.vpsline.eu/.well-known/acme-challenge/9nltwf-FWnNrgmhkAPNcE05exS4oLR6VDYozib5F_Nw
Data: None
Response Code: None
Response: <urlopen error [Errno -2] Name or service not known>

Ilia · February 25, 2020, 11:11am

Hi,

Try installing certbot package.

xtalksi · February 25, 2020, 11:35am

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for autoconfig.typoclean.vpsline.eu
http-01 challenge for autodiscover.typoclean.vpsline.eu
http-01 challenge for mail.typoclean.vpsline.eu
http-01 challenge for typoclean.vpsline.eu
http-01 challenge for www.typoclean.vpsline.eu
Using the webroot path /home/vpslineeu/domains/typoclean.vpsline.eu/public_html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. autodiscover.typoclean.vpsline.eu (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up CAA for autodiscover.typoclean.vpsline.eu - the domain’s nameservers may be malfunctioning
IMPORTANT NOTES:

The following errors were reported by the server:

Domain: autodiscover.typoclean.vpsline.eu
Type: None
Detail: DNS problem: SERVFAIL looking up CAA for
autodiscover.typoclean.vpsline.eu - the domain’s nameservers may be
malfunctioning

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

Ilia · February 25, 2020, 11:52am

NS problem: SERVFAIL looking up CAA for autodiscover.typoclean.vpsline.eu

Just re-run the process or manually add to your DNS records:

@ IN	CAA	0 issuewild letsencrypt.org

xtalksi · February 25, 2020, 11:59am

Hlow to add it? To end of dns record?
I don’t have any expiriencces with it

Ilia · February 25, 2020, 4:11pm

Yes, at the end would work!

Jamie · February 26, 2020, 9:55pm

The original error is unusual, because Virtualmin only adds the CAA record after requesting the cert.