Hi, I’m trying to install a Let’s Encrypt certificate for the admin panel of Virtualmin, but in “Let’s Encrypt Certificate Request” in Webmin Configuration I’m receiving an error:

"Requesting a new certificate for server26.ultranetxxi.net, using the website directory /home/ultranetxxi.net/public_html …

… request failed : Failed to request certificate :

Parsing account key…
Parsing CSR…
Registering account…
Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 203, in
main(sys.argv[1:])
File “/usr/share/webmin/webmin/acme_tiny.py”, line 199, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 97, in get_crt
raise ValueError(“Error registering: {0} {1}”.format(code, result))
ValueError: Error registering: 400 {
“type”: “urn:acme:error:malformed”,
“detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]”,
“status”: 400
}"

Any help is appreciated.

I’m experiencing the same issue, with exactly the same error message. This seems to be a general webmin / letsencrypt problem.

Howdy,

Yeah that is indeed a bug (due to the Let’s Encrypt ToS changing)… there’s a report for that here (including a temporary workaround):

https://www.virtualmin.com/node/41565

https://www.virtualmin.com/node/41644:

sed -i s#‘https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf’#'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf’# /usr/share/webmin/webmin/acme_tiny.py

@all: issue seems to be fixed in update 1.810

Hi Shiraz, that’s right, it’s working now. Thanks.

informative information thanks for sharing… Buy Viagra Online http://www.genericviagraus.net

Provided agreement URL error fix

Go to webmin -> Others -> File Manger

edit File -> /usr/share/webmin/webmin/acme_tiny.py

line 99 replace -> “agreement”: “https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf”,

with -> “agreement”: json.loads(urlopen(CA + “/directory”).read().decode(‘utf8’))[‘meta’][‘terms-of-service’],

hope this helpful

I replaced the contents of acme_tiny.py from this https://github.com/diafygi/acme-tiny/blob/master/acme_tiny.py to make it work.

@jaldeguer … I’ve just tried your bug fix and still ran into a problem, but not the original reported issue. It seems that it is expecting a "subscriber agreement ".

Nigel.

Parsing account key…
Parsing CSR…
Registering account…
Already registered!
Verifying podcasts.soft-focus-imagining.com…
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 196, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 192, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 104, in get_crt
raise ValueError(“Error requesting challenges: {0} {1}”.format(code, result))
ValueError: Error requesting challenges: 403 {
“type”: “urn:acme:error:unauthorized”,
“detail”: “Must agree to subscriber agreement before any further actions”,
“status”: 403
}

DNS-based validation failed : Failed to request certificate :

usage: acme_tiny.py [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir
ACME_DIR [–quiet] [–ca CA]
acme_tiny.py: error: argument --acme-dir is required

@NigelAves
Did you replace the entire contents of acme_tiny.py with this ? https://github.com/diafygi/acme-tiny/blob/master/acme_tiny.py

@jaldeguer - Yes I did, but I did run this before when it was broken, could it have left “files” behind that are now interfering?

@jaldeguer : I don’t know if this will help or not, but here is the email that webmin sent me. This was from a few minutes ago. 8:14 PM 17th Nov.

reason: acme_tiny.py:106:get_crt:ValueError: Error registering: 400 {
cmdline: /bin/python2.7 /usr/libexec/webmin/webmin/acme_tiny.py --account-key /etc/webmin/webmin/letsencrypt.pem --csr /tmp/.webmin/16184_25847_3_letsencrypt.cgi --acme-dir /home/podcasts/public_html/.well-known/acme-challenge
executable: /usr/libexec/webmin/webmin/acme_tiny.py
package: webmin-1.860-1
component: webmin
pid: 25871
hostname: apache-web-server.twin-peaks-video.com
count: 6
abrt_version: 2.1.11
analyzer: Python
architecture: x86_64
duphash: eea2832f10a33b034751c429cc2e91f691fad601
event_log:
kernel: 3.10.0-693.5.2.el7.x86_64
last_occurrence: 1510974754
os_release: CentOS Linux release 7.4.1708 (Core)
pkg_arch: noarch
pkg_epoch: 0
pkg_fingerprint: D97A 3AE9 11F6 3C51
pkg_name: webmin
pkg_release: 1
pkg_vendor: Jamie Cameron
pkg_version: 1.860
runlevel: N 5
time: Wed 15 Nov 2017 05:50:51 AM MST
type: Python
uid: 0
ureports_counter: 6
username: root
uuid: eea2832f10a33b034751c429cc2e91f691fad601

reported_to:
:uReport: BTHASH=6954f9fc26a96990d1c2f472c15746f92e5615b0
:ABRT Server: URL=https://retrace.fedoraproject.org/faf/reports/bthash/6954f9fc26a96990d1c2f472c15746f92e5615b0
backtrace:
:acme_tiny.py:106:get_crt:ValueError: Error registering: 400 {
: “type”: “urn:acme:error:malformed”,
: “detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]”,
: “status”: 400
:}
:
:Traceback (most recent call last):
: File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 235, in
: main(sys.argv[1:])
: File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 231, in main
: signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
: File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 106, in get_crt
: raise ValueError(“Error registering: {0} {1}”.format(code, result))
:ValueError: Error registering: 400 {
: “type”: “urn:acme:error:malformed”,
: “detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]”,
: “status”: 400
:}
:
:Local variables in innermost frame:
:code: 400
:san: u’DNS:www.podcasts.soft-focus-imagining.com’
:account_key: ‘/etc/webmin/webmin/letsencrypt.pem’
:pub_hex: u’c7:b6:eb:61:30:d5:fc:d9:e1:f5:a8:16:96:c7:\n 2d:f2:65:ac:44:c8:4d:c6:87:97:83:c1:bd:87:a4:\n 16:f2:54:87:d0:18:cd:52:0d:0f:d6:fd:d6:97:54:\n 33:a4:36:33:c9:db:f5:45:47:9c:bc:cc:11:c8:93:\n 30:bf:da:c3:28:4c:34:bf:6b:40:ac:c0:a6:88:86:\n 18:93:4c:bb:fe:63:9d:a8:6f:80:d2:fd:e1:b6:90:\n 95:d6:b1:eb:e4:61:e4:12:a0:1e:e6:2d:78:2b:d6:\n c6:dc:c5:4a:fe:f6:db:75:61:09:0e:04:67:14:03:\n 02:77:09:a3:9c:84:d9:fa:c4:87:d9:a4:ea:84:b3:\n 11:52:95:8e:ec:7d:74:54:4e:5c:27:c3:f1:e0:67:\n 0c:41:dd:1a:ea:0f:9b:61:f6:82:6f:e6:1c:35:b4:\n 06:dc:25:63:2e:a3:11:64:55:12:b4:0d:7c:b6:3e:\n 7f:18:28:a1:50:b7:9e:ea:70:63:01:ab:59:33:12:\n fa:81:95:c6:9c:e7:0c:62:52:85:1e:db:75:43:1a:\n be:71:26:ac:45:b7:25:bc:a4:65:8e:5e:70:0c:24:\n df:d4:a8:76:94:04:87:0b:91:3e:6b:33:18:9b:90:\n 2f:7e:14:bd:a7:50:62:56:2c:a7:f1:c7:c8:f5:87:\n 06:05:62:c0:d4:f6:3b:12:06:83:8b:cf:5e:a4:2f:\n 07:19:d3:4e:ea:49:06:48:6a:61:19:de:32:1a:00:\n c2:52:5c:63:26:24:55:f0:d0:dd:94:2a:2f:cd:5f:\n fa:9b:79:04:76:69:e9:e2:42:5b:02:6f:bf:6f:0a:\n ba:53:dd:d4:05:90:d1:ff:d0:1e:5e:b3:36:e8:04:\n ed:10:cc:28:b2:76:2d:dc:65:e2:14:c0:db:aa:c0:\n 29:bf:72:84:f4:1d:4e:1a:e7:7b:eb:00:9e:10:22:\n d4:5e:8b:8a:98:f4:62:3b:ae:43:71:a4:cb:9c:0f:\n d8:8e:a2:ca:bd:e0:2b:85:49:60:3b:b3:88:eb:93:\n 81:52:82:c9:66:43:fd:01:9d:6e:48:5e:58:0c:b6:\n 60:c7:bd:26:f9:53:6e:ff:ec:df:b1:75:36:ce:79:\n 20:b4:a0:07:61:f6:d8:04:63:01:01:b9:36:5c:b4:\n 40:8d:3b:fe:b8:f2:30:84:f1:31:13:d6:a4:4d:f2:\n cc:0e:2b:68:d8:aa:7d:f8:3b:68:16:6e:80:15:d3:\n 80:fe:02:c9:aa:3f:da:34:82:1a:d3:9b:b8:b8:62:\n 63:26:8f:9f:68:ce:83:87:4a:67:cf:0e:21:a5:e0:\n 23:4d:57:0e:6e:40:5f:cc:f5:e9:e0:df:3d:6e:f5:\n 8d:11:d9’
:header: {‘alg’: ‘RS256’, ‘jwk’: {‘e’: u’AQAB’, ‘kty’: ‘RSA’, ‘n’: u’x7brYTDV_Nnh9agWlsct8mWsRMhNxoeXg8G9h6QW8lSH0BjNUg0P1v3Wl1QzpDYzydv1RUecvMwRyJMwv9rDKEw0v2tArMCmiIYYk0y7_mOdqG-A0v3htpCV1rHr5GHkEqAe5i14K9bG3MVK_vbbdWEJDgRnFAMCdwmjnITZ-sSH2aTqhLMRUpWO7H10VE5cJ8Px4GcMQd0a6g-bYfaCb-YcNbQG3CVjLqMRZFUStA18tj5_GCihULee6nBjAatZMxL6gZXGnOcMYlKFHtt1Qxq-cSasRbclvKRljl5wDCTf1Kh2lASHC5E-azMYm5AvfhS9p1BiViyn8cfI9YcGBWLA1PY7EgaDi89epC8HGdNO6kkGSGphGd4yGgDCUlxjJiRV8NDdlCovzV_6m3kEdmnp4kJbAm-bwq6U93UBZDR_9AeXrM26ATtEMwosnYt3GXiFMDbqsApv3KE9B1OGud76wCeECLUXouKmPRiO65DcaTLnA_YjqLKveArhUlgO7OI65OBUoLJZkP9AZ1uSF5YDLZgx70m-VNu-zfsXU2znkgtKAHYfbYBGMBAbk2XLRAjTv-uPIwhPExE9akTfLMDito2Kp9-DtoFm6AFdOA_gLJqj_aNIIa05u4uGJjJo-faM6Dh0pnzw4hpeAjTVcObkBfzPXp4N89bvWNEdk’}}
:result: ‘{\n “type”: “urn:acme:error:malformed”,\n “detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]”,\n “status”: 400\n}’
:common_name: <_sre.SRE_Match object at 0x293f8a0>
:dns_hook: None
:out: ‘Certificate Request:\n Data:\n Version: 0 (0x0)\n Subject: CN=podcasts.soft-focus-imagining.com\n Subject Public Key Info:\n Public Key Algorithm: rsaEncryption\n Public-Key: (2048 bit)\n Modulus:\n 00:b3:26:45:c5:80:76:02:9e:95:a7:ff:30:37:c7:\n cd:71:3b:cf:ca:26:91:ab:b7:9f:f6:90:2b:3c:76:\n eb:6a:a3:b6:b5:6b:3f:d6:f2:ab:87:db:2c:9c:fb:\n d2:f0:66:e3:9d:eb:fb:e6:40:03:f0:9c:33:99:80:\n 04:32:30:23:20:9d:14:93:e0:3e:2d:e3:2d:6a:ef:\n 53:d6:8b:3f:0f:7f:4b:ab:8b:47:00:ca:c3:c1:b4:\n df:37:60:86:3e:55:99:d9:a2:bc:39:56:da:74:16:\n 9b:34:2a:64:d5:bc:98:d3:fd:72:8f:5a:63:db:bb:\n 64:ef:1e:c5:43:69:3b:c1:4c:99:24:cd:b6:cb:33:\n 85:83:af:f1:9f:60:c9:15:74:40:45:1e:ad:74:44:\n 57:a5:c1:a4:00:35:a1:65:f4:ae:c1:f5:c6:2b:25:\n 2c:fb:b8:45:35:15:d8:fb:de:71:8c:89:f3:07:f4:\n 41:32:35:38:55:d0:46:ff:de:04:c2:f6:26:cc:5d:\n 41:2e:43:93:87:35:11:d5:d2:78:2a:73:6f:f1:4a:\n 47:12:89:a3:ed:6c:4c:e0:73:cb:74:41:c7:00:20:\n 24:91:89:0e:27:d7:62:16:bd:ec:04:0a:f1:2a:1c:\n 9f:ff:0d:ae:46:95:0b:3c:54:21:7f:63:b1:27:18:\n 99:e9\n Exponent: 65537 (0x10001)\n Attributes:\n Requested Extensions:\n X509v3 Subject Alternative Name: \n DNS:www.podcasts.soft-focus-imagining.com\n X509v3 Basic Constraints: \n CA:FALSE\n X509v3 Key Usage: \n Digital Signature, Non Repudiation, Key Encipherment\n Signature Algorithm: sha256WithRSAEncryption\n 0f:2d:32:d8:ca:1d:fc:35:40:87:5b:71:fa:d1:21:4e:83:ef:\n d8:0a:5a:3c:a1:fd:29:41:3f:49:cd:72:b2:8b:b1:c6:13:4c:\n 66:1c:cb:c1:f2:53:35:5a:04:3d:07:90:5b:9d:50:a5:34:df:\n 58:ed:d7:78:a4:ad:db:e5:c9:a3:54:3b:3e:02:52:0a:d1:4f:\n 80:e5:ae:43:a2:6e:56:1a:f6:5e:d6:e1:a1:e8:ec:cc:eb:20:\n 26:41:28:d7:1e:1e:3e:c2:92:bd:94:87:14:b0:ea:49:06:6a:\n e1:03:ec:70:5d:2d:da:91:3d:5a:d4:2a:96:fa:23:81:01:4e:\n 0b:43:03:ce:7b:c0:dc:a6:cb:7d:ed:43:4d:86:6a:3f:7f:71:\n 5c:97:3e:54:af:2c:af:07:bf:d6:49:e6:f1:87:b9:44:b3:fe:\n 7c:b0:af:46:76:27:a2:ae:b3:9c:35:fc:3e:0b:7d:67:1c:f4:\n 35:cc:60:de:a5:b9:4a:57:af:6f:f5:cd:d8:59:1f:65:4a:6b:\n a9:6a:d8:8f:7b:78:dd:8c:eb:28:50:22:6c:07:0f:ca:e2:ae:\n 62:99:4a:d8:d0:6e:2b:cd:ef:52:fc:ce:c4:5f:84:51:e1:e0:\n 89:e4:49:c8:c0:dc:49:a0:43:ae:d0:ef:98:e1:58:a2:7c:7b:\n 97:cc:4c:a1\n’
:log: <logging.Logger object at 0x27e9f50>
:acme_dir: ‘/home/podcasts/public_html/.well-known/acme-challenge’
:proc: <subprocess.Popen object at 0x293c910>
:csr: ‘/tmp/.webmin/16184_25847_3_letsencrypt.cgi’
:cleanup_hook: None
:CA: ‘https://acme-v01.api.letsencrypt.org’
:thumbprint: u’9qrs9sc0v1a_9zu35zBfWLp4HC0ZzR2EhR9C-L6rj9o’
:subject_alt_names: <_sre.SRE_Match object at 0x293f828>
:err: ‘’
:_b64: <function _b64 at 0x293f410>
:pub_exp: ‘010001’
:alt_names: None
:domains: set([u’www.podcasts.soft-focus-imagining.com’, u’podcasts.soft-focus-imagining.com’])
:_send_signed_request: <function send_signed_request at 0x293f7d0>
:accountkey_json: ‘{“e”:“AQAB”,“kty”:“RSA”,“n”:“x7brYTDV_Nnh9agWlsct8mWsRMhNxoeXg8G9h6QW8lSH0BjNUg0P1v3Wl1QzpDYzydv1RUecvMwRyJMwv9rDKEw0v2tArMCmiIYYk0y7_mOdqG-A0v3htpCV1rHr5GHkEqAe5i14K9bG3MVK_vbbdWEJDgRnFAMCdwmjnITZ-sSH2aTqhLMRUpWO7H10VE5cJ8Px4GcMQd0a6g-bYfaCb-YcNbQG3CVjLqMRZFUStA18tj5_GCihULee6nBjAatZMxL6gZXGnOcMYlKFHtt1Qxq-cSasRbclvKRljl5wDCTf1Kh2lASHC5E-azMYm5AvfhS9p1BiViyn8cfI9YcGBWLA1PY7EgaDi89epC8HGdNO6kkGSGphGd4yGgDCUlxjJiRV8NDdlCovzV_6m3kEdmnp4kJbAm-bwq6U93UBZDR_9AeXrM26ATtEMwosnYt3GXiFMDbqsApv3KE9B1OGud76wCeECLUXouKmPRiO65DcaTLnA_YjqLKveArhUlgO7OI65OBUoLJZkP9AZ1uSF5YDLZgx70m-VNu-zfsXU2znkgtKAHYfbYBGMBAbk2XLRAjTv-uPIwhPExE9akTfLMDito2Kp9-DtoFm6AFdOA_gLJqj_aNIIa05u4uGJjJo-faM6Dh0pnzw4hpeAjTVcObkBfzPXp4N89bvWNEdk”}’
environ:
:DOCUMENT_REALROOT=/usr/libexec/webmin
:HTTP_REFERER=https://twin-peaks-video.com:10000/virtual-server/cert_form.cgi?dom=142221603313276
:SERVER_PROTOCOL=HTTP/1.0
:SERVER_SOFTWARE=MiniServ/1.860
:SCRIPT_NAME=/virtual-server/letsencrypt.cgi
:REQUEST_METHOD=GET
:PATH_INFO=
:HOME=/root
:QUERY_STRING=dom=142221603313276&dname_def=1&renew_def=0&renew=2
:PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
:LD_LIBRARY_PATH=
:SERVER_REALROOT=/usr/libexec/webmin
:BASE_REMOTE_USER=
:REMOTE_USER=root
:HTTP_CONNECTION=keep-alive
:HTTP_COOKIE=redirect=0; testing=1; file-manager-response=; file-manager-response_count=
:SERVER_NAME=twin-peaks-video.com
:REMOTE_ADDR=192.168.1.50
:SHLVL=1
:SERVER_ROOT=/usr/libexec/webmin
:SERVER_PORT=10000
:WEBMIN_VAR=/var/webmin
:DOCUMENT_ROOT=/usr/libexec/webmin
:SCRIPT_FILENAME=/usr/libexec/webmin/virtual-server/letsencrypt.cgi
:SERVER_ADMIN=
:PERLLIB=/usr/libexec/webmin
:HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
:HTTP_HOST=twin-peaks-video.com:10000
:HTTPS=ON
:HTTP_UPGRADE_INSECURE_REQUESTS=1
:=/bin/python2.7
:REQUEST_URI=/virtual-server/letsencrypt.cgi?dom=142221603313276&dname_def=1&renew_def=0&renew=2
:HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
:GATEWAY_INTERFACE=CGI/1.1
:WEBMIN_CONFIG=/etc/webmin
:HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5
:HTTP_ACCEPT_ENCODING=gzip, deflate, br
:PWD=/usr/libexec/webmin/virtual-server/
:MINISERV_CONFIG=/etc/webmin/miniserv.conf
:REMOTE_ADDR_PROTOCOL=4
:REMOTE_HOST=192.168.1.50
:MINISERV_PID=1760
machineid:
:systemd=c3a31d8a5e454450b99eb43ff0bd5dd3
:sosreport_uploader-dmidecode=46255f390645b38f4d3e92af33dcf17afa83c0952af33eb97e0dd7bec5b1bdf9
os_info:
:NAME=“CentOS Linux”
:VERSION=“7 (Core)”
:ID=“centos”
:ID_LIKE=“rhel fedora”
:VERSION_ID=“7”
:PRETTY_NAME=“CentOS Linux 7 (Core)”
:ANSI_COLOR=“0;31”
:CPE_NAME=“cpe:/o:centos:centos:7”
:HOME_URL=“https://www.centos.org/”
:BUG_REPORT_URL=“https://bugs.centos.org/”
:
:CENTOS_MANTISBT_PROJECT=“CentOS-7”
:CENTOS_MANTISBT_PROJECT_VERSION=“7”
:REDHAT_SUPPORT_PRODUCT=“centos”
:REDHAT_SUPPORT_PRODUCT_VERSION=“7”
:

Any one have any ideas as to why I’m still running into an issue?

I’d really like to get this working across my web sites

It took some finding but I know have everything working all OK. It was a created file (from my first attempt) that caused the second issue.

etc/webmin/webmin/letsencrypt.pem

This now lead me to Lets Encrypt having issues writing the confirmation file in .well-known

This was being blocked by mod-security - once mod-security was “off” every site worked with no hiccups.

But hopefully someone can answer this. Will mod_security stop the “Update renewal” from working?

Many Thanks - Nigel

Hello Guys,

I ran into the same problem and here is my solution:

1. Go to Webmin ->Others->File Manager and browse to /usr/libexec/webmin/webmin/
2. Edit the acme_tiny.py file
3. Go to line: 99 and replace the current “https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf” with “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf” and save the file.
4. Go to Virtualmin ->Server Configuration->Manage SSL Certificate and select Let’s Encrypt tab and click on Request Certificate.
5. The above steps worked for me. I think the acme_tiny.py needed to be updated with the new “LET’S ENCRYPT SUBSCRIBER AGREEMENT”.
   Good luck and let me know if it worked for you.

Yup, that helped me out too, liveandlearn! Thanks for the tip

You’ve saved my evening. Thank you very much!

SOLUTION:



Issuing new Let’s Encrypt certificates (or renewing ones past the reauthorization window) fails when running OpenSSL 1.1.0. you can get the error:

The fix is to change line 72 to:

nano /usr/share/webmin/webmin/acme_tiny.py and search “common_name” line

common_name = re.search(r"Subject:.*? CN ?= ?([^\s,;/]+)", out.decode('utf8'))

Note: Please make sure to keep line intend before common_name when you copy and past above fix.

This also applies to Virtualmin in /usr/share/webmin/virtual-server/feature-ssl.pl line 1345

if ($ex) {
        return "<tt>".&html_escape($out)."</tt>";
        }
elsif ($out !~ /subject\s*=\s*.*(CN|O)=/) {
        return $text{'cert_esubject'};
        }
else {
        return undef;
        }
}