I have a freshly installed Centos 7 (minimum) with a freshly installed Virtualmin 5.07
I have created a virtual host with the same name as the server hostname.
I then request a letsencrypt certificate, but get this error message:
Request Certificate
In domain agurk8.agurk.dk
Requesting a certificate for agurk8.agurk.dk, www.agurk8.agurk.dk from Let's Encrypt ..
.. request failed : Failed to request certificate :
Parsing account key…
Parsing CSR…
Registering account…
Already registered!
Verifying www.agurk8.agurk.dk…
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 235, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 184, in get_crt
domain, challenge_status))
ValueError: www.agurk8.agurk.dk challenge did not pass: {u’status’: u’invalid’, u’keyAuthorization’: u’ya1oUQ_Aq7N80rMs50ec1KSomIPI2X5qJSDZL9IufYA.TjN41DClPidgQNjpQJrSas4AgXBe04JkzvB9Vz5RJGo’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/E5gD_XH3CZxo2w0gPVuoxeu6NcRs2glrFveXNtskYB8/1229952579’, u’token’: u’ya1oUQ_Aq7N80rMs50ec1KSomIPI2X5qJSDZL9IufYA’, u’error’: {u’status’: 400, u’type’: u’urn:acme:error:connection’, u’detail’: u’DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.agurk8.agurk.dk’}, u’type’: u’dns-01’}
On the other hand, when I request the only verification file:
[root@agurk8 ~]# cat /home/agurk8/public_html/.well-known/acme-challenge/mRjvVyxpCoWc5Qq-iWqnk6bcPH5q5hOgeRmGJleAxmc
mRjvVyxpCoWc5Qq-iWqnk6bcPH5q5hOgeRmGJleAxmc.TjN41DClPidgQNjpQJrSas4AgXBe04JkzvB9Vz5RJGo[root@agurk8 ~]#
[root@agurk8 ~]#
I get this result in the browser using URL: http://…/.well-known/acme-challenge/mRjvVyxpCoWc5Qq-iWqnk6bcPH5q5hOgeRmGJleAxmc
mRjvVyxpCoWc5Qq-iWqnk6bcPH5q5hOgeRmGJleAxmc.TjN41DClPidgQNjpQJrSas4AgXBe04JkzvB9Vz5RJGo
So why does letsencrypt not verify ?
Any hint is wellcome.
The status “already registered” is caused by previous tries.
There’s multiple problems. The primary one is that Let’s Encrypt cannot reach your server; I would guess DNS is wrong or not propagated. Make sure your DNS records are resolving and pointing to the right IP address.
Make sure you don’t have any authentication or redirects or anything preventing LE from reaching that file. It sounds like it’s working, since you’re able to browse to it from your browser…do you perhaps have a hosts file entry and so your client machine isn’t needing to lookup the DNS record?
The already registered thing likely means you’ll need to wait a few minutes for the throttling to back off. LE throttles when you make multiple requests in a short time to reduce abuse.
Two things to note:
(1) I manually installed let’s encypt before it was included in Webmin.
That means I have these folders /opt/letsencrypt and /root/.local/share/letsencrypt.
However there is no etc/letsencrypt and I cannot see an installed package with that name
Do I need to delete those folders?
(2) The certificate is correctly generated for the non-www site, but fails for the www site.
Not sure why.
The message is below.
Appreciate any help.
Parsing account key…
Parsing CSR…
Registering account…
Already registered!
Verifying example.com… example.com verified!
Verifying www.example.com…
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 235, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 184, in get_crt
domain, challenge_status))
ValueError: www.example.com challenge did not pass: {u’status’: u’invalid’, u’keyAuthorization’: u’YkGkhxgnUkUiz7foGEzKj6QcoGrELBAsJhXFbzNZmk0._sOilf-gQQab6sKqTu6ssIxYID_44t4FeSMpqquHG7o’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/LrHzZIMvgjccYMENfJFCAN16Lt5RblrDX9iYC_KqBAM/1275068815’, u’token’: u’YkGkhxgnUkUiz7foGEzKj6QcoGrELBAsJhXFbzNZmk0’, u’error’: {u’status’: 400, u’type’: u’urn:acme:error:connection’, u’detail’: u’DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.example.com’}, u’type’: u’dns-01’}
Data is being written there. I have also tried only domain.com, www.domain.com and mail.domain.com individually, as a group, in different order.
Using a domain that had worked previously I was able to add mail.olddomain.com to the existing certificate witho no problem.
These are all domains hosted on the same server. Centos 7
From what I can see all the domains are set up the same and that inlcudes the virtual host sections in httpd.conf file
The 2 domain I am having trouble with were the latest to be moved over but have had a few days for DNS to resolve. The DNS records are the same for these and the other domains that had worked previously.
Parsing account key…
Parsing CSR…
Registering account…
Already registered!
Verifying xxxxxxx.com…
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 235, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 184, in get_crt
domain, challenge_status))
ValueError: xxxxxxx.com challenge did not pass: {u’status’: u’invalid’, u’keyAuthorization’: u’cTmnUmISwo1eEAzC_McNfHH_J015bGuOGS5JoHe0XVg.QVdezGGgjj5Malo5q754X9NF_gcBY0MSMZqIb37v-nk’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/UDyX0_gYWQcoiESscGSfFqivJ2hxxSsIYYICXhUGu8w/1276925665’, u’token’: u’cTmnUmISwo1eEAzC_McNfHH_J015bGuOGS5JoHe0XVg’, u’error’: {u’status’: 400, u’type’: u’urn:acme:error:connection’, u’detail’: u’DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxxxxxx.com’}, u’type’: u’dns-01’}
Sorry to add to the end of this but it’s the only way I can ask this. How do I start a new topic and post it? I’ve managed to start a new topic and enter all the info (I actually tried twice, thank god for cut and paste, and remembering to do it) but it just allows me to “save” and “preview” but not “post” option. After clicking “save” it takes me to the site’s homepage. Am I doing something wrong (and sorry for hijacking/interrupting this thread)?
I can state I’m having this issue on my one and only website (which I’m trying to sort aliases out too). The information shown above suggests that for some unknown reason, LE via Web and Virtualmin is now trying to use DNS resolution and searching for a specific TXT entry in your DNS. I hate this method with Let’sEncrypt as the data changes every time you try to reissue or renew which makes copying and therefor pasting the code as a TXT entry in your site is obsolete as soon as you save it.
I’m still fighting with it. I only have about 3 tries before it locks me out and I have to wait for a reset to try again. I was hoping that someone with some experience with the system would provide some insight. I really don’t undertand how the challenge works or what the error message I get actually means. I have read some discussions about timing but am not clear if that has any bearing on this issue.
I took a closer look at my Virtual Hosts records in the httpd.conf file. And realized that I had not enabled IP6 on the accounts that were not working. I went and enabled it on one and tried gettting a new Let’sEncrypt certificate and it worked. Now I just need to try this on the other domains.
EDIT: Tried with a second account and it worked fine as soon as I enabled the IPv6 shared address under Change IP Address for the virtual server.
What I may do is post it here, see if it works and if it does delete it as it has nothing to do with this. As far as I can tell there is nothing in it that infringes on the Mollom privacy policy but it maybe I refer to Plesk, but if that’s the case, this wouldn’t post either.