Lets encrypt renewal for autoconfig.domain and autodiscover not working anymore


sorry but this has worked before, already 2 times with different domains letsencrypt renewal error. In the last few months.

DNS is external and working though for autoconfig.problemdomain.com and autodiscover and also ping is working correct while as said, before working no problems.

See :
Last successful renewal 01/15/2018 1:27 PM

So problems are with autodiscover and autoconfig , manualy and automatic renewal. This wasn’t before as id did write and say

Only solving is possible with putting the domains and subdomains manual in the list below the automatic, then not the autoconfig in it. ( so have to remove the autoconfig) so putingt everything in the Domain names listed here without the autoconfig. While ssl.CertificateError: hostname ‘http://www.autoconfig.problemdomain.com’ doesn’t match either of 'autoconfig.servermaindomain.de

The Virtualmin server was installed August/September 2017 with version 6x and CENTOS 7.3 at that time

So something has changed for autoconfig. domain… it seems to try to renew the autoconfig for the hostname LE cert ‘vp.servermaindomain.de’ as you can read in the end of the error message below…

System hostname vp.servermaindomain.de Operating system CentOS Linux 7.4.1708
Webmin version 1.881
Usermin version 1.734
Virtualmin version 6.02 Theme version Authentic Theme 19.11.
SNI so same IP v4 as serverhostname.
Server hostname has also resoving IPv6 that problemdomains don’t have IP6 adress!


An error occurred requesting a new certificate for problemdomain.com, http://www.problemdomain.com, autoconfig.problemdomain.com, autodiscover.problemdomain.com from Let’s Encrypt : Web-based validation failed : Failed to request certificate :

Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 250, in
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 246, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 154, in get_crt
resp = urlopen(wellknown_url)
File “/usr/lib64/python2.7/urllib2.py”, line 154, in urlopen
return opener.open(url, data, timeout)
File “/usr/lib64/python2.7/urllib2.py”, line 437, in open
response = meth(req, response)
File “/usr/lib64/python2.7/urllib2.py”, line 550, in http_response
‘http’, request, response, code, msg, hdrs)
File “/usr/lib64/python2.7/urllib2.py”, line 469, in error
result = self._call_chain(*args)
File “/usr/lib64/python2.7/urllib2.py”, line 409, in _call_chain
result = func(*args)
File “/usr/lib64/python2.7/urllib2.py”, line 656, in http_error_302
return self.parent.open(new, timeout=req.timeout)
File “/usr/lib64/python2.7/urllib2.py”, line 431, in open
response = self._open(req, data)
File “/usr/lib64/python2.7/urllib2.py”, line 449, in _open
‘_open’, req)
File “/usr/lib64/python2.7/urllib2.py”, line 409, in _call_chain
result = func(*args)
File “/usr/lib64/python2.7/urllib2.py”, line 1258, in https_open
context=self._context, check_hostname=self._check_hostname)
File “/usr/lib64/python2.7/urllib2.py”, line 1211, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File “/usr/lib64/python2.7/httplib.py”, line 1017, in request
self._send_request(method, url, body, headers)
File “/usr/lib64/python2.7/httplib.py”, line 1051, in _send_request
File “/usr/lib64/python2.7/httplib.py”, line 1013, in endheaders
File “/usr/lib64/python2.7/httplib.py”, line 864, in _send_output
File “/usr/lib64/python2.7/httplib.py”, line 826, in send
File “/usr/lib64/python2.7/httplib.py”, line 1236, in connect
File “/usr/lib64/python2.7/ssl.py”, line 350, in wrap_socket
File “/usr/lib64/python2.7/ssl.py”, line 611, in init
File “/usr/lib64/python2.7/ssl.py”, line 841, in do_handshake
match_hostname(self.getpeercert(), self.server_hostname)
File “/usr/lib64/python2.7/ssl.py”, line 269, in match_hostname
% (hostname, ', '.join(map(repr, dnsnames))))
ssl.CertificateError: hostname ‘http://www.autoconfig.problemdomain.com’ doesn’t match either of ‘autoconfig.servermaindomain.de’, ‘autodiscover.servermaindomain.de’, ‘mail.servermaindomain.de’, ‘mail.vp.servermaindomain.de’, ‘servermaindomain.de’, ‘vp.servermaindomain.de’, ‘webmin.servermaindomain.de’, ‘webmin.vp.servermaindomain.de’, ‘http://www.servermaindomain.de

If calling the autoconfig. url in browser without https for http://www.autoconfig.problemdomain.com it is giving the mainserver page as output

If calling https://www.autoconfig.problemdomain.com then no cert …

in dutch it is saying cert there on that location is for the hostname cert and not for that domain
www.autoconfig.problemdomain.com gebruikt een ongeldig beveiligingscertificaat. Het certificaat is alleen geldig voor de volgende namen: autoconfig.servermaindomain.de, autodiscover.servermaindomain.de, mail.servermaindomain.de, mail.vp.servermaindomain.de, servermaindomain.de, vp.servermaindomain.de, webmin.servermaindomain.de, webmin.vp.servermaindomain.de, www.servermaindomain.de

Sorry replied in confusion here for this problem https://www.virtualmin.com/comment/794803#comment-794803

And renewal did still also worked for other domains
Last successful renewal 03/11/2018 3:55 AM

so probably a update causing this after that time i think.

something must have been changed after that ( ok i don’t know the update times i did and virtualmin / webmin updates)

But for autodiscover and autoconfig Letsencrypt cert script is always looking at the hostname domain and paths ofcourse that is faulty!
Before on our box till about 03-07-2017 proofable renewal with all that was working!