Whenever I try to renew my SSL certs, I get this error just before the log output :
Requesting a certificate for example.net, www.example.net, mail.example.net, wap.example.net from Let's Encrypt ..
.. request failed : Web-based validation failed : mkdir failed : mkdir: cannot create directory '/home/example.net': Permission denied
Of course that /home/example.net/ exists because thatās the Virtual Server for which Iām trying to create the certificates for. I wonder why the process would need to create a dir that already exists?
Now, Iām not posting the letsencrypt.log file because it has no mention of that error. The log file only complains about No TXT record found at _acme-challenge.wap.example.net, which I believe can be solved by creating a (TXT?) record _acme-challenge for the domain in Cloudflare, who knows with which value.
Also: It seems there are 2 validation methods, HTTPS and DNS. The Letās Encrypt panel in Virtualmin should display a very clear message explaining what are the requirements for each method. I was never told to create any _acme-challenge record anywhere (nor its value), yet it seems that should be the first step of the process.
Any help with the mkdir failed error and the TXT record value will be greatly appreciated, I want to have both validation methods properly setup, thanks.
Are you using Virtualmin to create your Certificates - if so the process is pretty much automatic. If not then I note that your version of Virtualmin is not up-to-date (7.30.4)
I have never had to add TXT records. certainly not for LE
There are only two methods of validation if Virtualmin believes it is managing DNS. Stop lying to Virtualmin, and you wonāt see confusing errors. If Virtualmin is not managing DNS, disable that Feature in Features and Plugins (or for just this domain, if other domains are being managed by Virtualmin). You canāt make the TXT record manually using Virtualmin, DNS validation canāt work with Virtualmin if Virtualmin is not managing DNS for your zone.
Generally, fixing web validation is the right thing.
Thanks, but when trying to disable DNS for domain in Features & Plugins, this error is thrown:
Failed to save enabled features : The feature DNS for domain cannot be disabled, as it is used by the following virtual servers: (all my domains listed here)
Anyway, I updated all packages + Virtualmin to 7.30.4, restarted the VPS, and the web-based validation is still failing on all my virtual servers with the same error:
Iāve disabled DNS for domain in all my virtual servers, but I still get this error when trying to disable it globally on System Settings > Features and Plugins: Failed to save enabled features : The feature DNS for domain cannot be disabled, as it is used by the following virtual servers : wap.argim.net
And in such domain there is no option to disable DNS:
Here you can see a full screenshot of the process output. That was from the earlier virtualmin version, but the errors are exactly the same in the latest version too.
You need to disable it. First for the subdomain-named virtual servers or sub-servers, and then for the parent.
I have not suggested disassociating it, that is not the same as disabling. You need to disable DNS for all domains, if youāre going to disable it in Features and Plugins.
