=========================================================================================================
Scenario 1: A Virtualmin sub-server created to run a NextCloud server operation. The site functions properly and the SSL is still valid.
Virtualmin => Cloud Sub-Server => Manage SSL Certificate => Let’s Encrypt =>
Last successful renewal: 02/23/2018 4:22 PM
Last failed renewal: 05/23/2018 10:17 PM
Renewal failed due to: Web-based validation failed : Failed to request certificate :
cloud.MySiteDN.com challenge did not pass: Invalid response from http://cloud.MySiteDN.com/.well-known/acme-challenge/5enH7qzzMxApz37pkOSwH14oub895o_mYTgKWW0AtLg: "<!DOCTYPE html>
Then when I go ahead and click the [ Request Certificate ] button, it produces:
Request Certificate
In domain cloud.MySiteDN.com
Requesting a certificate for cloud.MySiteDN.com from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
cloud.MySiteDN.com challenge did not pass: Invalid response from http://cloud.MySiteDN.com/.well-known/acme-challenge/eZhkBlESbJQCTs-gzqoQWx86i_X6hoom0hVpy1DUGBs: "<!DOCTYPE html>
<html class="ng-csp" data-placeholder-focus="false" lang="en" >
<head data-requesttoken="YQ/jmudHXlRWD7lX00V+3z"
DNS-based validation failed : Failed to request certificate :
cloud.MySiteDN.com challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.cloud.MySiteDN.com
Opening caveat here; since I’m a lousy sys-admin I guessed that after already failing to renew and failure to request cert (earlier today to my try limit) that somehow my folders for /.well-known
and so on were tainted so I deleted them and tried to request new, which didn’t work, so I made the folders again including the .htaccess
file.
Biggest idiosyncrasy is NextCloud complains about security issues with the .well-known
folder in its web space. They suggest moving it elsewhere. Mine is now in a /var/www/SubFolder
. My Apache .conf files have this:
Alias /.well-known/acme-challenge/ /var/www/SubFolder/.well-known/acme-challenge/
.
Both SubFolder
and its subfolders are owned by the named user for the virtual sub-server and the group is www-admin
. The site is functioning fine right now, but its worth noting that a power outage 2 weeks ago made my DHCP IP number change. It’s my second time at a DHCP change so I got through that.
=========================================================================================================
Scenario 2: A Virtualmin sub-server created to host an ordinary website. The site won’t load with details of why below. The site works great when the Virtualmin, Services, Preview Website is selected.
Virtualmin > Cloud Sub-Server > Manage SSL Certificate > Let’s Encrypt >
Last successful renewal: 02/20/2018 12:58 AM
Last failed renewal: 05/23/2018 10:37 PM
Renewal failed due to: Web-based validation failed : Failed to request certificate :
TheSiteDN.com challenge did not pass: No valid IP addresses found for TheSiteDN.com
This one is more of a cautionary than it is a request for help. Google fucked this one up. I have 3 blogs on Blogger.com and I also have my domains managed at domains.google.com as of now (hint: accepting suggestions to switch my domains to). I used the Blogger tools to connect them to a subdomain of TheSiteDN.com
a long time ago, but Google changed something and they had some error messages. I clicked their link to correct the problem. A message said it fixed things, but the link to fix things remained. Eventually, I disconnected them and used the regular Synthetic records tools to make a subdomain redirect to each blog. What I didn’t realize happened before this was Google caused one of the blogs to be the redirect for my www.TheSiteDN.com
and TheSiteDN.com
. So when Let’s Encrypt tries to resolve, Google says, “maybe you should try this blog over here?” Its been 3 days now and I’m still getting redirected wrong and they haven’t answered my request for service yet. I assume time will resolve this Scenario.
If this URL was important, I’d be sooooooooo screwed!
=========================================================================================================