Hi everyone!
I’m having a weird issue with a certificate renewal in one of my .dev sub-domains. Only now this issue appeared since before it was renewing without any problems.
I have multiple virtual hosts and domains on my virtualmin/webmin instance, only one of them is having issues which is a sub-domain of a .dev domain, this subdomain is my server hostname.
As you can see on the picture phoenix.xxxxxrte.dev is the subdomain I’m talking about.
This sub-domain has a A record, this was changed already when I was troubleshooting since it had a CNAME before.
When I try to renew my letsencrypt certificate this is what I get:
Traceback (most recent call last):
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 143, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/xxxxxxxrte/domains/phoenix.xxxxxxxrte.dev/public_html/.well-known/acme-challenge/KIcJO5p-m2m_NF3sq_rFYBuI6ykszrLxXHslTcTUAug, but couldn't download http://phoenix.xxxxxxxrte.dev/.well-known/acme-challenge/KIcJO5p-m2m_NF3sq_rFYBuI6ykszrLxXHslTcTUAug: Error:
Url: http://phoenix.xxxxxxxrte.dev/.well-known/acme-challenge/KIcJO5p-m2m_NF3sq_rFYBuI6ykszrLxXHslTcTUAug
Data: None
Response Code: 404
Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /.well-known/acme-challenge/KIcJO5p-m2m_NF3sq_rFYBuI6ykszrLxXHslTcTUAug was not found on this server.</p>
</body></html>
Initially I couldn’t open that URL since the .well-known/acme-challenge folders were not being created, I had to create those. After that I was able do open it but of course using a browser it redirects me to https (HSTS from .dev domain)
Using curl I get:
curl -kIL http://phoenix.xxxxxxxrte.dev/.well-known/acme-challenge/KIcJO5p-m2m_NF3sq_rFYBuI6ykszrLxXHslTcTUAug
HTTP/1.1 200 OK
Date: Sun, 21 Jun 2020 12:38:27 GMT
Server: Apache/2.4.6
Last-Modified: Sun, 21 Jun 2020 12:33:49 GMT
ETag: “57-5a897568f1cd9”
Accept-Ranges: bytes
Content-Length: 87
Finally, on my httpd.conf I have:
RedirectMatch ^/(?!.well-known)(.*)$ "https://phoenix.xxxxxxxrte.dev/$1"
This are the exact settings I have configured for my main xxxxxxrte.dev domain and I’m able to get a certificate there…
Any idea you guys have to help me out?
Thank you!