Letsencrypt fails

Operating system: Debian
OS version: 10 Buster
Webserver: Nginx

Letsencrypt is failing with this message:

Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 149, in get_crt
    raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for mydomain.net: {'identifier': {'type': 'dns', 'value': 'mydomain.net'}, 'status': 'invalid', 'expires': '2021-06-23T04:23:23Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:connection', 'detail': 'Fetching https://mydomain.net/.well-known/acme-challenge/y2oIQwUkvpBa3FDkCfEWYZ_RTLroIBCLW7XkNtmLpIE: Connection refused', 'status': 400}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/14016874522/gHwuiA', 'token': 'y2oIQwUkvpBa3FDkCfEWYZ_RTLroIBCLW7XkNtmLpIE', 'validationRecord': [{'url': 'http://mydomain.net/.well-known/acme-challenge/y2oIQwUkvpBa3FDkCfEWYZ_RTLroIBCLW7XkNtmLpIE', 'hostname': 'mydomain.net', 'port': '80', 'addressesResolved': ['x.x.x.x', 'xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx'], 'addressUsed': 'xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx'}, {'url': 'http://mydomain.net/.well-known/acme-challenge/y2oIQwUkvpBa3FDkCfEWYZ_RTLroIBCLW7XkNtmLpIE', 'hostname': 'mydomain.net', 'port': '80', 'addressesResolved': ['x.x.x.x', 'xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx'], 'addressUsed': 'x.x.x.x'}, {'url': 'https://mydomain.net/.well-known/acme-challenge/y2oIQwUkvpBa3FDkCfEWYZ_RTLroIBCLW7XkNtmLpIE', 'hostname': 'mydomain.net', 'port': '443', 'addressesResolved': ['x.x.x.x', 'xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx'], 'addressUsed': 'xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx'}], 'validated': '2021-06-16T19:01:23Z'}]}

Am I correct that the failure is due to /.well-known/acme-challenge is not being found?
Do I just add this directory to my root www directory to fix this?
Should I set certain permissions?
I have no recollection of messing with this directory. Was it never created?
Did it somehow get deleted?
I was recently dabbling with certbot, and uninstalled that service.

You don’t create it, Virtualmin does. You don’t need to set permissions.

You probably have a redirect or proxy rule preventing access to .well-known dir.

If your system has a modern certbot package you should not uninstall it. It is better than acme_tiny in all regards. We ship acme_tiny as a fallback for systems that don’t have a reasonable way to install a modern certbot. Debian 10 should have a working certbot, so you should be using it.

1 Like

Okay. What’s the best way to recover from this error?

Just tell your server to serve well-known folder as http and you shouldn’t have a problem. I’m Apache guy not nginx so you’re on Google and your own know-how?

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.