Renew certificate aint working on webmin (host)

Webmin
1
SYSTEM INFORMATION
OS type and version Ubuntu Linux 20.04.5
Webmin version 2.021

Hi, I can’t renew certificate for the host.

It shows me this error:

iss
iss1076×306 19.9 KB

When i enter Lets Encrypt:

2023-07-20 19:07:35,417:DEBUG:acme.client:Storing nonce: 327CElAovXqLO6NPCmzkwoqaZ6lLAqhlleYXj5_snhti-Zo
2023-07-20 19:07:35,417:WARNING:certbot.auth_handler:Challenge failed for domain vmi1767.contaboserver.net
2023-07-20 19:07:35,417:INFO:certbot.auth_handler:http-01 challenge for vmi1067.contaboserver.net
2023-07-20 19:07:35,418:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: vmi17.contaboserver.net
Type:   unauthorized
Detail: 185.207.250.102: Invalid response from http://vmi17.contaboserver.net/.well-known/acme-challenge/oTw7gxUrl9pASqkjq7uuC1OsdwW1GFQozW2-sp1T2go: 404

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2023-07-20 19:07:35,422:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-07-20 19:07:35,423:DEBUG:certbot.error_handler:Calling registered functions
2023-07-20 19:07:35,423:INFO:certbot.auth_handler:Cleaning up challenges
2023-07-20 19:07:35,423:DEBUG:certbot.plugins.webroot:Removing /home/vmi1029767/public_html/.well-known/acme-challenge/oTw7gxUrl9pASqkjq7uuC1OsdwW1GFQozW2-sp1T2go
2023-07-20 19:07:35,424:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2023-07-20 19:07:35,424:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 11, in <module>
    load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1265, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 320, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 396, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-07-20 19:07:36,502:DEBUG:certbot.main:certbot version: 0.40.0
2023-07-20 19:07:36,502:DEBUG:certbot.main:Arguments: ['--manual', '-d', 'vmi17.contaboserver.net', '--preferred-challenges=dns', '--manual-auth-hook', '/etc/webmin/webmin/letsencrypt-dns.pl', '--manual-cleanup-hook', '/etc/webmin/webmin/letsencrypt-cleanup.pl', '--duplicate', '--force-renewal', '--manual-public-ip-logging-ok', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/348314_2389207_3_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'vmi17.contaboserver.net']
2023-07-20 19:07:36,502:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-20 19:07:36,511:DEBUG:certbot.log:Root logging level set at 20
2023-07-20 19:07:36,512:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2023-07-20 19:07:36,512:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2023-07-20 19:07:36,515:DEBUG:certbot.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot.plugins.manual:Authenticator
Initialized: <certbot.plugins.manual.Authenticator object at 0x7fc87cd10a30>
Prep: True
2023-07-20 19:07:36,515:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.manual.Authenticator object at 0x7fc87cd10a30> and installer None
2023-07-20 19:07:36,516:INFO:certbot.plugins.selection:Plugins selected: Authenticator manual, Installer None
2023-07-20 19:07:36,519:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/761422886', new_authzr_uri=None, terms_of_service=None), c53b7a05c90793791b707c6d24871582, Meta(creation_dt=datetime.datetime(2022, 10, 5, 6, 47, 46, tzinfo=<UTC>), creation_host='vmi67.contaboserver.net'))>
2023-07-20 19:07:36,520:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-07-20 19:07:36,522:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-07-20 19:07:36,947:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-07-20 19:07:36,948:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 17:07:36 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "2JkLNa1CTsA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-07-20 19:07:36,952:DEBUG:certbot.renewal:Auto-renewal forced with --force-renewal...
2023-07-20 19:07:36,952:INFO:certbot.main:Renewing an existing certificate
2023-07-20 19:07:37,086:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/5397_key-certbot.pem
2023-07-20 19:07:37,130:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/5397_csr-certbot.pem
2023-07-20 19:07:37,131:DEBUG:acme.client:Requesting fresh nonce
2023-07-20 19:07:37,131:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-07-20 19:07:37,273:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-07-20 19:07:37,274:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 17:07:37 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712zj0Kwff8HpUeos13SnC16YMothHARe6-IHqNpjU3RBg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-07-20 19:07:37,274:DEBUG:acme.client:Storing nonce: 2712zj0Kwff8HpUeos13SnC16YMothHARe6-IHqNpjU3RBg
2023-07-20 19:07:37,274:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "vmi1029767.contaboserver.net"\n    }\n  ]\n}'
2023-07-20 19:07:37,277:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzYxNDIyODg2IiwgIm5vbmNlIjogIjI3MTJ6ajBLd2ZmOEhwVWVvczEzU25DMTZZTW90aEhBUmU2LUlIcU5walUzUkJnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "VzwUgD7UBGMWbfQI81g-8Yk6_xqSh-5uyfVIguq3g7-JsPBZ_RRnUjaN-vLw38PWye4hBRuaPxFEplR7VKNmtWgaCBDe0_Fc5qDJBrJfwbrKfpuXeCiwRaaiAbBdVyVfTMa6ll8F1VIzqm9jazjp7hTsemggZ1fMSfIGYqyrBmiIsauJGWntiO-V6hb6_Aa2VtID1NI3biySGfGRWE1tLqtqDZYiaGSejszyWiwI_d57YlMHIRZCmHL9doUmGXMy35v11c2D_7B9_LshLdI4_pv1pMx2l0s5_Ds4bz0qeCUhPQltIDst8VpgEUXrT8il8h579eQnJEHRnmKUkDyBYA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInZtaTEwMjk3NjcuY29udGFib3NlcnZlci5uZXQiCiAgICB9CiAgXQp9"
}
2023-07-20 19:07:37,538:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 353
2023-07-20 19:07:37,539:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 20 Jul 2023 17:07:37 GMT
Content-Type: application/json
Content-Length: 353
Connection: keep-alive
Boulder-Requester: 761422886
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/761422886/196183935927
Replay-Nonce: 853FJRzMscRKvRq4YGYnhDrvK4dzbr-xT0HokdtgGyE8zAU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-07-27T17:07:37Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "vmi1029767.contaboserver.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/247372559787"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/761422886/196183935927"
}
2023-07-20 19:07:37,539:DEBUG:acme.client:Storing nonce: 853FJRzMscRKvRq4YGYnhDrvK4dzbr-xT0HokdtgGyE8zAU
2023-07-20 19:07:37,539:DEBUG:acme.client:JWS payload:
b''
2023-07-20 19:07:37,541:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/247372559787:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzYxNDIyODg2IiwgIm5vbmNlIjogIjg1M0ZKUnpNc2NSS3ZScTRZR1luaERydks0ZHpici14VDBIb2tkdGdHeUU4ekFVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDczNzI1NTk3ODcifQ",
  "signature": "rYTT8MPqEwHAw1SFEtkr90ozQeaPMgoTjyoPB_-fPNJ7dBart3VlQNPtkYLvytDuQHzR1_yx8zB_mPNved_HmlIJ7jMgIjquGLZSImydplMl9x_W7LrOMjeWdjBHZ5O_JD34hKZ1o3yURyWLdvRsgGvL4eKcrDmJnXrEin7Iff-D0hT6O1ZMtW8F6ev6ET60Kj4rFEzx0jEt1tJ4yLUMBdL8mub2wGC6EOGiUW4CoQJzQLuhpUg-TjRwxy48GyIiOBTlUv_jrDOHipdrRPShzY1ExHnRjultW4i1YHpcOeOpBcMRaTybbMZczr4GnfSk70lyXv1YBDOUJahOuxM5XA",
  "payload": ""
}
2023-07-20 19:07:37,685:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/247372559787 HTTP/1.1" 200 812
2023-07-20 19:07:37,686:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 17:07:37 GMT
Content-Type: application/json
Content-Length: 812
Connection: keep-alive
Boulder-Requester: 761422886
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712EBwMsFfGvG_r1tQhf8e40CW6WpoHx01kpN9IjI41JGw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "vmi1029767.contaboserver.net"
  },
  "status": "pending",
  "expires": "2023-07-27T17:07:37Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247372559787/7tfU7g",
      "token": "rL3BaAsyEZ3w75sMcqn4QwZ0agp-T8uMnZBTEyj06bA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247372559787/DuK4eg",
      "token": "rL3BaAsyEZ3w75sMcqn4QwZ0agp-T8uMnZBTEyj06bA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247372559787/IdAOOA",
      "token": "rL3BaAsyEZ3w75sMcqn4QwZ0agp-T8uMnZBTEyj06bA"
    }
  ]
}
2023-07-20 19:07:37,686:DEBUG:acme.client:Storing nonce: 2712EBwMsFfGvG_r1tQhf8e40CW6WpoHx01kpN9IjI41JGw
2023-07-20 19:07:37,687:INFO:certbot.auth_handler:Performing the following challenges:
2023-07-20 19:07:37,687:INFO:certbot.auth_handler:dns-01 challenge for vmi1029767.contaboserver.net
2023-07-20 19:07:37,690:INFO:certbot.hooks:Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
2023-07-20 19:07:49,623:INFO:certbot.auth_handler:Waiting for verification...
2023-07-20 19:07:49,625:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "dns-01"\n}'
2023-07-20 19:07:49,627:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/247372559787/DuK4eg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzYxNDIyODg2IiwgIm5vbmNlIjogIjI3MTJFQndNc0ZmR3ZHX3IxdFFoZjhlNDBDVzZXcG9IeDAxa3BOOUlqSTQxSkd3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yNDczNzI1NTk3ODcvRHVLNGVnIn0",
  "signature": "MWPIh0Q1mrtGY0QqFUHFcFJbIiIu4Nq7VrtbPWphDMYIK1Sucs9AAXKBCkhYk8JiCzhF8YtMlrZsGfn9VDax_-pHVv26JnEVrULno5EIxQEMe-w05xPK24FzrVsSa2Yxb2CnjbAWzyUelu6FHHfekUXzbwhCDKjRTOaDIi75FL1ter2Dv2XS_6z38AqBXTspidV6GMx4l5ubqRwJRnSkR8WCd2GM4OAF5CDP4vyPY0cQcWr442-wwKGvFJtMJ3lqvr7s5DNicLIZZVn3lZGGcl1hTtYRUmijVLwrkG9pfdcEi-t9mY4gaTBprQ8H3GtGDqBaOCQ8llA1jbCv64l-Kw",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImRucy0wMSIKfQ"
}
2023-07-20 19:07:49,777:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/247372559787/DuK4eg HTTP/1.1" 200 186
2023-07-20 19:07:49,778:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 17:07:49 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 761422886
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/247372559787>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/247372559787/DuK4eg
Replay-Nonce: 853FnPdeK3MZJSQf5jtjNcDmVG3XD77mN-cxIL-pquMMQDo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247372559787/DuK4eg",
  "token": "rL3BaAsyEZ3w75sMcqn4QwZ0agp-T8uMnZBTEyj06bA"
}
2023-07-20 19:07:49,778:DEBUG:acme.client:Storing nonce: 853FnPdeK3MZJSQf5jtjNcDmVG3XD77mN-cxIL-pquMMQDo
2023-07-20 19:07:50,780:DEBUG:acme.client:JWS payload:
b''
2023-07-20 19:07:50,782:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/247372559787:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzYxNDIyODg2IiwgIm5vbmNlIjogIjg1M0ZuUGRlSzNNWkpTUWY1anRqTmNEbVZHM1hENzdtTi1jeElMLXBxdU1NUURvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDczNzI1NTk3ODcifQ",
  "signature": "VfNPhn3ofXyklnwygHXSsJLzVnZsvLJS7FFD6uGyICFz6ykkozAL2hZbo4navtE4n8rZVmY8ggImpZNkBCLoaCMJgI9LaGLDdkzBBk_k3eDVIQBpAfoULb8H1J-u4MrT-EXP59YiyHvJ9rtbhpUHNrUPMF_9Ly9TGBSjrQeAhuCXMixbhUCCdf0lEKD8kZOAOIsorrxtHh6NmGikIdnm_vBVez6zIilfb8dQIstcsbN2GkFz24DAXL0jhXBtuClHH27DaaS24v8QB0PrR4iNSrtkMe6W3J5rGs3GPbeNCAfAA64qSuYLaoYxNxkB5YPDLJQ9Nr_1JgOzxO7QIgNIMA",
  "payload": ""
}
2023-07-20 19:07:50,926:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/247372559787 HTTP/1.1" 200 679
2023-07-20 19:07:50,928:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 17:07:50 GMT
Content-Type: application/json
Content-Length: 679
Connection: keep-alive
Boulder-Requester: 761422886
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712Z33CvmRqd1IU78ALF5Mvu5_MDjL5U-YxAtRhIWAt4IU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "vmi1029767.contaboserver.net"
  },
  "status": "invalid",
  "expires": "2023-07-27T17:07:37Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.vmi1029767.contaboserver.net - check that a DNS record exists for this domain",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247372559787/DuK4eg",
      "token": "rL3BaAsyEZ3w75sMcqn4QwZ0agp-T8uMnZBTEyj06bA",
      "validated": "2023-07-20T17:07:49Z"
    }
  ]
}
2023-07-20 19:07:50,928:DEBUG:acme.client:Storing nonce: 2712Z33CvmRqd1IU78ALF5Mvu5_MDjL5U-YxAtRhIWAt4IU
2023-07-20 19:07:50,928:WARNING:certbot.auth_handler:Challenge failed for domain vmi107.contaboserver.net
2023-07-20 19:07:50,929:INFO:certbot.auth_handler:dns-01 challenge for vmi107.contaboserver.net
2023-07-20 19:07:50,929:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: vmi167.contaboserver.net
Type:   dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.vmi1029767.contaboserver.net - check that a DNS record exists for this domain
2023-07-20 19:07:50,930:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-07-20 19:07:50,930:DEBUG:certbot.error_handler:Calling registered functions
2023-07-20 19:07:50,930:INFO:certbot.auth_handler:Cleaning up challenges
2023-07-20 19:07:50,931:INFO:certbot.hooks:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2023-07-20 19:07:52,623:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 11, in <module>
    load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1265, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 320, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 396, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

-------------------------------------------------------------------------------------------------------------------------------------------------
when i Request a certificate:
Requesting a certificate for vmi17.contaboserver.net from Let's Encrypt ..
.. request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for vmi167.contaboserver.net
Using the webroot path /home/vmi1029767/public_html for all unmatched domains.
Waiting for verification...
Challenge failed for domain vmi17.contaboserver.net
http-01 challenge for vmi1029767.contaboserver.net
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: vmi1029767.contaboserver.net
   Type:   unauthorized
   Detail: 185.207.250.102: Invalid response from
   http://vmi1029767.contaboserver.net/.well-known/acme-challenge/oTw7gxUrl9pASqkjq7uuC1OsdwW1GFQozW2-sp1T2go:
   404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
   DNS-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for vmi67.contaboserver.net
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Waiting for verification..
Challenge failed for domain vmi977.contaboserver.net
dns-01 challenge for vmi9767.contaboserver.net
Cleaning up challenges
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: vmi767.contaboserver.net
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.vmi167.contaboserver.net - check that a DNS
   record exists for this domain

i checked the DNS A/AAAA record and everything look normal the ip adress is normal; but still i get this issue can anyone help??!
2

Why are you requesting wildcard certs?
This should not be done.
It also looks like you are using DNS!

Best advice for LE carts is use Web-based validation without wildcard requests

3

hi, im new to these stuff, can u tell me how to do it,??

4

Firstly do not request wildcard certs.

When you created your VS did you tick the box “Set up DNS Zone” ?
If you did then there are more steps but best to untick this unless that is what you intended. The simplest way is to have your DNS managed on your box provider.

5

That does not exist.

$ host vmi17.contaboserver.net
Host vmi17.contaboserver.net not found: 3(NXDOMAIN)

Don’t request certificates for names that don’t exist.

1 Like
6

hi, yes u told me this before in another ticket…, but it does exist…
its the host url…
(i changed the url so noone can know what its like xD) [vmi1*****7.contaboserver.net]

7

yes i set up the DNS ZONE loong before and it used to work normally…
““simplest way is to have your DNS managed on your box provider.”” the DNS thing it all set i think cuz it used the work normally the cerficate renew its self but this time it stoped…

8

image
image1384×382 13.3 KB

to the rest of the world and lets encrypt it doesn’t exist. To fix you need to add a A record for it and because contaboserver.net belongs to your host you can’t. You should be using the FQDN that you can control.

9

9999
99991039×390 16.7 KB

told u im hiding the real url dude? :confused:
just give a solution if u have any.

10

There is nothing really wrong in requesting a wild-card certificate. If there was, Let’s Encrypt wouldn’t issue it.

Yes, although the simplest, not the best. I personally prefer DNS validation. However, that requires Virtualmin to be aware of domain’s DNS.

Put a simple test.txt file to public_html/.well-known/test.txt and then try to open it via the browser with http://dom.example.com/.well-known/text.txt URL, and see if it works. If it doesn’t, figure out what’s wrong. Google any error message and investigate on it. This questions has been asked and answered gazillion of times!

Joe, already told you what to do!

We cannot help, solving a problem that doesn’t exist for us.

“Our responses are limited, you must ask the right questions!”

12

Wildcard certs are riskier, from a security perspective. I recommend against it. We support it, and it’ll work in Virtualmin as long as you are managing your DNS with Virtualmin, but you generally should not use wildcard certs, if a specific cert will do the job.

OP is not managing DNS with Virtualmin, so OP absolutely cannot request wildcard certs in Virtualmin (Virtualmin will not offer to get wildcard certs if the DNS Feature is turned off…at least I hope it won’t, since it can’t possibly get them).

1 Like
13

Good point!

1 Like