Lets encrypt renewal for autoconfig.domain and autodiscover not working anymore

Virtualmin
1

Hi:

sorry but this has worked before, already 2 times with different domains letsencrypt renewal error. In the last few months.

DNS is external and working though for autoconfig.problemdomain.com and autodiscover and also ping is working correct while as said, before working no problems.

See :
Last successful renewal 01/15/2018 1:27 PM

So problems are with autodiscover and autoconfig , manualy and automatic renewal. This wasn’t before as id did write and say

Only solving is possible with putting the domains and subdomains manual in the list below the automatic, then not the autoconfig in it. ( so have to remove the autoconfig) so putingt everything in the Domain names listed here without the autoconfig. While ssl.CertificateError: hostname ‘http://www.autoconfig.problemdomain.com’ doesn’t match either of 'autoconfig.servermaindomain.de

The Virtualmin server was installed August/September 2017 with version 6x and CENTOS 7.3 at that time

So something has changed for autoconfig. domain… it seems to try to renew the autoconfig for the hostname LE cert ‘vp.servermaindomain.de’ as you can read in the end of the error message below…

System hostname vp.servermaindomain.de Operating system CentOS Linux 7.4.1708
Webmin version 1.881
Usermin version 1.734
Virtualmin version 6.02 Theme version Authentic Theme 19.11.
SNI so same IP v4 as serverhostname.
Server hostname has also resoving IPv6 that problemdomains don’t have IP6 adress!

see

An error occurred requesting a new certificate for problemdomain.com, http://www.problemdomain.com, autoconfig.problemdomain.com, autodiscover.problemdomain.com from Let’s Encrypt : Web-based validation failed : Failed to request certificate : 

Traceback (most recent call last):

File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 250, in 

main(sys.argv[1:])

File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 246, in main

signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)

File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 154, in get_crt

resp = urlopen(wellknown_url)

File “/usr/lib64/python2.7/urllib2.py”, line 154, in urlopen

return opener.open(url, data, timeout)

File “/usr/lib64/python2.7/urllib2.py”, line 437, in open

response = meth(req, response)

File “/usr/lib64/python2.7/urllib2.py”, line 550, in http_response

‘http’, request, response, code, msg, hdrs)

File “/usr/lib64/python2.7/urllib2.py”, line 469, in error

result = self._call_chain(*args)

File “/usr/lib64/python2.7/urllib2.py”, line 409, in _call_chain

result = func(*args)

File “/usr/lib64/python2.7/urllib2.py”, line 656, in http_error_302

return self.parent.open(new, timeout=req.timeout)

File “/usr/lib64/python2.7/urllib2.py”, line 431, in open

response = self._open(req, data)

File “/usr/lib64/python2.7/urllib2.py”, line 449, in _open

‘_open’, req)

File “/usr/lib64/python2.7/urllib2.py”, line 409, in _call_chain

result = func(*args)

File “/usr/lib64/python2.7/urllib2.py”, line 1258, in https_open

context=self._context, check_hostname=self._check_hostname)

File “/usr/lib64/python2.7/urllib2.py”, line 1211, in do_open

h.request(req.get_method(), req.get_selector(), req.data, headers)

File “/usr/lib64/python2.7/httplib.py”, line 1017, in request

self._send_request(method, url, body, headers)

File “/usr/lib64/python2.7/httplib.py”, line 1051, in _send_request

self.endheaders(body)

File “/usr/lib64/python2.7/httplib.py”, line 1013, in endheaders

self._send_output(message_body)

File “/usr/lib64/python2.7/httplib.py”, line 864, in _send_output

self.send(msg)

File “/usr/lib64/python2.7/httplib.py”, line 826, in send

self.connect()

File “/usr/lib64/python2.7/httplib.py”, line 1236, in connect

server_hostname=sni_hostname)

File “/usr/lib64/python2.7/ssl.py”, line 350, in wrap_socket

_context=self)

File “/usr/lib64/python2.7/ssl.py”, line 611, in init

self.do_handshake()

File “/usr/lib64/python2.7/ssl.py”, line 841, in do_handshake

match_hostname(self.getpeercert(), self.server_hostname)

File “/usr/lib64/python2.7/ssl.py”, line 269, in match_hostname

% (hostname, ', '.join(map(repr, dnsnames))))

ssl.CertificateError: hostname ‘http://www.autoconfig.problemdomain.com’ doesn’t match either of ‘autoconfig.servermaindomain.de’, ‘autodiscover.servermaindomain.de’, ‘mail.servermaindomain.de’, ‘mail.vp.servermaindomain.de’, ‘servermaindomain.de’, ‘vp.servermaindomain.de’, ‘webmin.servermaindomain.de’, ‘webmin.vp.servermaindomain.de’, ‘http://www.servermaindomain.de
2

If calling the autoconfig. url in browser without https for http://www.autoconfig.problemdomain.com it is giving the mainserver page as output

If calling https://www.autoconfig.problemdomain.com then no cert …

in dutch it is saying cert there on that location is for the hostname cert and not for that domain
www.autoconfig.problemdomain.com gebruikt een ongeldig beveiligingscertificaat. Het certificaat is alleen geldig voor de volgende namen: autoconfig.servermaindomain.de, autodiscover.servermaindomain.de, mail.servermaindomain.de, mail.vp.servermaindomain.de, servermaindomain.de, vp.servermaindomain.de, webmin.servermaindomain.de, webmin.vp.servermaindomain.de, www.servermaindomain.de

3

Sorry replied in confusion here for this problem https://www.virtualmin.com/comment/794803#comment-794803

And renewal did still also worked for other domains
Last successful renewal 03/11/2018 3:55 AM

so probably a update causing this after that time i think.

something must have been changed after that ( ok i don’t know the update times i did and virtualmin / webmin updates)

But for autodiscover and autoconfig Letsencrypt cert script is always looking at the hostname domain and paths ofcourse that is faulty!
Before on our box till about 03-07-2017 proofable renewal with all that was working!