SYSTEM INFORMATION | |
---|---|
OS type and version | Ubuntu 24 |
Virtualmin version | 7.20.2 |
Let’s Encrypt is failing with 404. The domain is resolvable, but there is no .well-known directory created, so obviously there’s a 404.
SYSTEM INFORMATION | |
---|---|
OS type and version | Ubuntu 24 |
Virtualmin version | 7.20.2 |
Let’s Encrypt is failing with 404. The domain is resolvable, but there is no .well-known directory created, so obviously there’s a 404.
Why not create one - to test (not an issue in Ubuntu 22)
You’re misreading that. That’s excluding .well-known
from the redirects to Virtualmin and webmail.
I think you’re misinterpreting what’s happening.
Are you sure you can actually browse to files in .well-known
? Check by creating a file in /home/domainname/public_html/.well-known
, and try to browse to it. I’m guessing you have a redirect or proxy rule or something that’s sucking up those requests.
It’s also possible you’re not hitting the domain or IP you think you are for every name you’re requesting a certificate for. (Don’t request certificates for names you don’t have DNS records for or that aren’t pointing to the Virtualmin server.)
Thanks, Joe.
You’re correct. I cannot browse to a /.well-known/index.php that I created. It’s a brand new server and Virtualmin install - what could be causing this? I haven’t made any redirects of my own.
The domain is correct. The error shows the correct IP of the server in the request.
Do you see the index page you expect to see when you browse to the site? (i.e. put something in index.html
, do you see that file when you browse to the domain name?)
I’m guessing you’ve got a case of “the wrong site shows up”. Troubleshooting Websites | Virtualmin — Open Source Web Hosting Control Panel
If you do actually get the right site, then it’s something else. But, if DNS is right and you don’t have a redirect/proxy rule blocking it (are you sure? If you’ve installed any apps with an .htaccess
file, they often suck up requests), then I’m running out of things it could be.
Oh, also, I recommend you don’t test with PHP files. They introduce another layer of things that can go wrong. It’s very easy to end up finding some other problem when testing with PHP files.
Just create a plain html file for testing this 404 issue.
It appears that there has been a change … I just successfully created 2 domain & requested certificates for them, One went purfect, the other initially failed. The Domain that worked first time has it’s DNS maintained by webmin, the other has external DNS, after playing around with the second domain I found that if I requested a certificate with the default domain names it failed however if I changed that to domain.tld
and www.domain.tld
the letsencrypt request passed …
have a look in the letsencrypt log to find out why it failed mine was
Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
the common cause for that is
Subscribers who hit the Failed Validation limit often do so due to a misconfiguration in their environment.
which sort of points to an error in the DNS I guess
Obviously you cannot request certificates for names that don’t exist in DNS.
but they do, that is the issue.
this is letsencrypt response
mail.domain.tld
to the request list
No, don’t do that.
If Virtualmin isn’t managing your DNS, it doesn’t know you don’t have DNS records. So, tell it the right thing to do. Don’t try to request LE certs for names that don’t exist, because Let’s Encrypt obviously cannot validate names that don’t exist. Everything is working as intended. If you didn’t create all the records Virtualmin suggested, and you haven’t told it not to create aliases and a mail name, and such, then you need to manually tell it which names to get certs for. Virtualmin can’t know if you don’t tell it, somehow (and Let’s Encrypt can’t know, either, it only knows what you asked to be included in your certificate).
Which I have done
I’ve narrowed this down to be something to do with a floating IP being used.
Not quite sure how to configure this in Virtualmin… some trial and error efforts to come.