We are having the same problem here:
We are running a python site on that account in
/home/customer/python-site
and we proxy bypass in Apache2 to
/home/customer/domains/domain.com/public_html
the folder .well-known get created correctly after pressing “request certificate” in Virtualmin / Server Configuration / Manage SSL Certificate / Let’s encrypt (TAB)
— The output is:
Requesting a certificate for domain.com, www.domain.com from Let’s Encrypt …
… request failed :
Checking for new version…
Requesting root privileges to run certbot…
//.local/share/letsencrypt/bin/letsencrypt certonly -a webroot -d domain.com -d www.domain.com --webroot-path /home/customer/domains/domain.com/public_html --duplicate --config /tmp/.webmin/733029_809_1_letsencrypt.cgi
Failed authorization procedure. www.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.domain.com/.well-known/acme-challenge/_6ivUIGXxKM-A2m5H2xYLvT73DN0F3egULFf-3IhEtQ: "
<me", domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/acme-challenge/8UQHT5gaMR9baApOBtAZeTtb5BiElfVN8MewrVal96g: "
<me"
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.domain.com
Type: unauthorized
Detail: Invalid response from http://www.domain.com/.well-
known/acme-challenge/_6ivUIGXxKM-A2m5H2xYLvT73DN0F3egULFf-3IhEtQ: "
<me"
Domain: domain.com
Type: unauthorized
Detail: Invalid response from http://domain.com/.well-known
/acme-challenge/8UQHT5gaMR9baApOBtAZeTtb5BiElfVN8MewrVal96g: "
<me"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
The site has DNS A Records with the correct IP Adress as IPv4 and IPv6
Our Apache2 configuration looks like that:
<VirtualHost *:80>
SuexecUserGroup "#1064" "#1061"
ServerAdmin webmaster@domain.com
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /home/customer/domains/domain.com/public_html
ErrorLog /var/log/virtualmin/domain.com_error_log
LogLevel warn
CustomLog /var/log/virtualmin/domain.com_access_log combined
ScriptAlias /cgi-bin/ /home/customer/domains/domain.com/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
ProxyPass /.well-known !
Alias /.well-known "/home/customer/domains/domain.com/public_html/.well-known"
<Directory /home/customer/domains/domain.com/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
order allow,deny
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddDefaultCharset Off
Header set Content-Type "text/plain"
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/afb/domains/autofahrbrik.de/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/afb/domains/autofahrbrik.de/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/customer/domains/domain.com/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
<IfModule mod_rewrite.c>
RewriteEngine On
# Permanent redirect (301 HTTP) if no canonical domain name
RewriteCond %{HTTP_HOST} !^domain.com
RewriteRule ^/(.*)$ http://domain.com/$1 [R=301,NE,L]
# Redirect 301 to HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,NE,L]
</IfModule>
RemoveHandler .php
RemoveHandler .php5
FcgidMaxRequestLen 1073741824
<Location "/" >
Order deny,allow
Deny from all
Allow from all
</Location>
<Location /git>
DAV on
AuthType Basic
AuthName domain.com
AuthUserFile /home/customer/domains/domain.com/etc/git.basic.passwd
Require valid-user
Satisfy All
RedirectMatch ^/git$ http://domain.com/git/gitweb.cgi
RedirectMatch ^/git/$ http://domain.com/git/gitweb.cgi
RewriteEngine off
AddHandler cgi-script .cgi
</Location>
<VirtualHost 123.456.789.12:443>
SuexecUserGroup "#1064" "#1061"
ServerAdmin webmaster@domain.com
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /home/customer/domains/domain.com/public_html
ErrorLog /var/log/virtualmin/domain.com_error_log
LogLevel warn
CustomLog /var/log/virtualmin/domain.com_access_log combined
ScriptAlias /cgi-bin/ /home/customer/domains/domain.com/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/customer/domains/domain.com/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/customer/domains/domain.com/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/customer/domains/domain.com/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/customer/domains/domain.com/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /home/customer/ssl_certificates/domain.com/cert.pem
SSLCertificateKeyFile /home/customer/ssl_certificates/domain.com/privkey.pem
RequestHeader set X-Forwarded-Proto "https"
<IfModule mod_rewrite.c>
RewriteEngine On
# Permanent redirect (301 HTTP) if no canonical domain name
RewriteCond %{HTTP_HOST} !^domain.com
RewriteRule ^/(.*)$ https://domain.com/$1 [R=301,NE,L]
</IfModule>
RemoveHandler .php
RemoveHandler .php5
FcgidMaxRequestLen 1073741824
<Location "/" >
Order deny,allow
Deny from all
Allow from all
</Location>
<Location "/web/database" >
Order deny,allow
Deny from all
Allow from 61.0.241.245 192.168.122.0/24 127.0.0.0/255.0.0.0 ::1/128
</Location>
<Location "/website/info" >
Order deny,allow
Deny from all
Allow from 61.0.241.245 192.168.122.0/24 127.0.0.0/255.0.0.0 ::1/128
</Location>
<Location /git>
DAV on
AuthType Basic
AuthName domain.com
AuthUserFile /home/customer/domains/domain.com/etc/git.basic.passwd
Require valid-user
Satisfy All
RedirectMatch ^/git$ http://domain.com/git/gitweb.cgi
RedirectMatch ^/git/$ http://domain.com/git/gitweb.cgi
RewriteEngine off
AddHandler cgi-script .cgi
</Location>
# Comment to disable proxy
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /longpolling/ http://localhost:9701/longpolling/ retry=0
ProxyPassReverse /longpolling/ http://localhost:9701/longpolling/ retry=0
ProxyPass / http://localhost:9700/ retry=0
ProxyPassReverse / http://localhost:9700/ retry=0
Any help with this issue would appreciated!
Thanks Andi