Let's Encrypt web-based validation fails for one domain


Hope you all are fine in these strange times…

I have an issue with renewing a Let’s Encrypt certificate, see the error below:

Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 198, in
File “/usr/share/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 143, in get_crt
raise ValueError(“Wrote file to {0}, but couldn’t download {1}: {2}”.format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/web02/public_html/.well-known/acme-challenge/WQNPCps7R9vZz56341efp7MbevkuFsDkDQivGQej1gg, but couldn’t download http://web02.ossc.be/.well-known/acme-challenge/WQNPCps7R9vZz56341efp7MbevkuFsDkDQivGQej1gg: Error:
Url: http://web02.ossc.be/.well-known/acme-challenge/WQNPCps7R9vZz56341efp7MbevkuFsDkDQivGQej1gg
Data: None
Response Code: 404

404 Not Found

Not Found

The requested URL /.well-known/acme-challenge/WQNPCps7R9vZz56341efp7MbevkuFsDkDQivGQej1gg was not found on this server.

usage: acme_tiny.py [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir
ACME_DIR [–quiet] [–disable-check]
[–directory-url DIRECTORY_URL] [–ca CA]
[–contact [CONTACT [CONTACT …]]]
acme_tiny.py: error: argument --acme-dir is required

After I created the .well-known/acme-challenge directory in the domain webhome the file was created.
The file can be opened via the web, so I’m not sure why Let’s Encrypt does not see it…

No redirects in .htaccess or vhost

Other domain on the same host renewed the certificate without an issue.

Operating system Ubuntu Linux 14.04.4
Webmin version 1.941
Virtualmin version 6.08

acme_tiny.py Jan 15 01:06 size: 11513

Any idea what I’m missing…?
Thanks in advance!

Kind regards

Probably web2 alias on Apache side is missing? You must also have corespondent DNS zone records.

The URL should be open-able in your browser, if it fails for you, it will fail for LE (unless DNS validation over-takes it).

Moreover, if you have IPv6 (AAAA) records in your DNS for that domain set, make sure that <VirtualHost> entries in Apache also reflect that.

Additional points:

  1. Try installing certbot package for requesting a certificate

  2. Upgrade, as using Ubuntu 14 is no longer supported and no longer secure

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.