I got a notice in the dashboard earlier today informing me that SSL certificates for a domain name and a subdomain of the same domain name has expired. When I go to the Let’s Encrypt tab in the SSL certificate page and try to renew/create new certifcates, I get the following error:
Requesting a certificate for example.com, www.example.com from Let’s Encrypt …
.. request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):
File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/share/webmin/webmin/acme_tiny.py", line 149, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for example.com: {'identifier': {'type': 'dns', 'value': 'shillongserver.com'}, 'status': 'invalid', 'expires': '2020-08-24T21:19:06Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Invalid response from http://example.com/.well-known/acme-challenge/rYnQf2i5FB6jMXPH0kb4UzkCn2nyVgkx_8H2T0QleIA [2602:fe90:300:1a2::f5e:f17d]: "<!DOCTYPE HTML PUBLIC \\"-//IETF//DTD HTML 2.0//EN\\">\\n<html><head>\\n<title>404 Not Found</title>\\n</head><body>\\n<h1>Not Found</h1>\\n<p"', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/6602519563/2bw1Tg', 'token': 'rYnQf2i5FB6jMXPH0kb4UzkCn2nyVgkx_8H2T0QleIA', 'validationRecord': [{'url': 'http://example.com/.well-known/acme-challenge/rYnQf2i5FB6jMXPH0kb4UzkCn2nyVgkx_8H2T0QleIA', 'hostname': 'example.com', 'port': '80', 'addressesResolved': ['123.456.789.10', '1234:ab56:789:1b7::f7a:f29e'], 'addressUsed': '2602:fe90:300:1a2::f5e:f17d'}]}]}
DNS-based validation failed : Only the offical Let’s Encrypt client supports DNS-based validation
The auto-renewal was working fine this whole time so I’m not sure what could be causing this. The only changes I made to virtualmin was adding DKIM to all my virtualservers a few months back.
Also, not sure if it matters or not but the subdomain is the FQDN of the server and for some weird reason, both the domain (example.com) and the subdomain (someHostName.example.com) redirects to the ubuntu page instead of their public_html directory.