Requesting a certificate from Let's Encrypt (Web Based, DNS Based) fails

SYSTEM INFORMATION
OS type and version: Debian Linux 10
Webmin version: 1.981
Virtualmin version: 6.17-3

Hello.
I own a VPS since june '21 and i had one domain (grivaseltinteractive.gr) and a subdomain (development.grivaseltinteractive.gr). For nameservers i use those provided by Linode. The SSL certificate used to renew automatically without any problems. The last 2 weeks i’ve been receiving email to the accounts related to the domains, that the renewal fails. The exast messages are the following:
Web-based validation failed:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for admin.grivaseltinteractive.gr
http-01 challenge for grivaseltinteractive.gr
http-01 challenge for mail.grivaseltinteractive.gr
http-01 challenge for webmail.grivaseltinteractive.gr
http-01 challenge for www.grivaseltinteractive.gr
Using the webroot path /home/grivaseltinteractive/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. admin.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://admin.grivaseltinteractive.gr/.well-known/acme-challenge/SRWJpcQ_cUp5mJ61kp-hRYGeaoYunnE51Sd5oJDfzrU [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", webmail.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://webmail.grivaseltinteractive.gr/.well-known/acme-challenge/g3CF0ePS7UqirxbJaKaJbxtD_DwI6KCS1OYKEGqnEq0 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://grivaseltinteractive.gr/.well-known/acme-challenge/CymSkFIhP3mZTp6RoCXApcC3IOdI3xku5vPxtLf6tno [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", mail.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.grivaseltinteractive.gr/.well-known/acme-challenge/5ogsh8B8lydI3QGyvwjQiOZiBe2HgMF2iYQvRHXPKl0 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", www.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.grivaseltinteractive.gr/.well-known/acme-challenge/4Idgx8FXvgjfLopQe3cWt5hSV5vdE_BEvFIfy4U0ws0 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: admin.grivaseltinteractive.gr
   Type:   unauthorized
   Detail: Invalid response from
   http://admin.grivaseltinteractive.gr/.well-known/acme-challenge/SRWJpcQ_cUp5mJ61kp-hRYGeaoYunnE51Sd5oJDfzrU
   [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: webmail.grivaseltinteractive.gr
   Type:   unauthorized
   Detail: Invalid response from
   http://webmail.grivaseltinteractive.gr/.well-known/acme-challenge/g3CF0ePS7UqirxbJaKaJbxtD_DwI6KCS1OYKEGqnEq0
   [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: grivaseltinteractive.gr
   Type:   unauthorized
   Detail: Invalid response from
   http://grivaseltinteractive.gr/.well-known/acme-challenge/CymSkFIhP3mZTp6RoCXApcC3IOdI3xku5vPxtLf6tno
   [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: mail.grivaseltinteractive.gr
   Type:   unauthorized
   Detail: Invalid response from
   http://mail.grivaseltinteractive.gr/.well-known/acme-challenge/5ogsh8B8lydI3QGyvwjQiOZiBe2HgMF2iYQvRHXPKl0
   [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: www.grivaseltinteractive.gr
   Type:   unauthorized
   Detail: Invalid response from
   http://www.grivaseltinteractive.gr/.well-known/acme-challenge/4Idgx8FXvgjfLopQe3cWt5hSV5vdE_BEvFIfy4U0ws0
   [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

DNS-based validation failed :
same message as above

I have uninstalled virtualmin and reinstalled it. I have set up with the exact same way the virtual servers and tried to install a SSL certificate from Let’s Encrypt but the same message occurs.

Has anyone encountered something similar?
Any suggestion is welcome,
thank you in advance!

There is a 404 error and acme challenge is failing.

If you had not uninstalled and reinstalled Virtualmin, I would have told you to check your .htaccess and attempted to diagnose the issue.

But after you have uninstalled Virtualmin and then reinstalled it (Virtualmin is supposed to be installed on a freshly formatted system with just the OS installed) I really would not know where to begin.

Currently there is no htaccess file in public_html folder. My previous .htaccess had these lines:

RewriteEngine on
RewriteCond $1 !^(index\.php|assets|images|js|css|uploads|favicon.png)
RewriteCond %(REQUEST_FILENAME) !-f
RewriteCond %(REQUEST_FILENAME) !-d
RewriteRule ^(.*)$ ./index.php/$1 [L]

Do you believe it wal something related with this file?
This file existed from the beginning of the project and previous renewals were successful!

The .htaccess file is the first thing which I check because it could be something there which trips up Let’s Encrypt auto renewals, hence I mentioned it.

If you have uninstalled and reinstalled Virtualmin then yours is no longer a standard system. It cannot be diagnosed with all the assumptions that could be made when troubleshooting a standard Virtualmin system.

You will have to troubleshoot the old-fashioned way: start with the logs.

Thank you for your answer. I will “format” my VPS and install Virtualmin from the beginning.
If the problem insists, i will mention it again.

That’s a prudent course of action under the circumstances. Keep us informed of your progress and feel free to reach out to the community if you have questions or need information.

I am back again. Reinstalled Debian 10 in my VPS and Virtualmin.
I created a Virtual Server with the “Apache SSL website” feature enabled.
The request wasn’t successful and then i made a request for all default subdomains (www, mail, admin, webmail) from server configuration->ssl certificate->let’s encrypt with “automatically renew certificate” enabled.
I got this message:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for admin.grivaseltinteractive.gr
http-01 challenge for grivaseltinteractive.gr
http-01 challenge for mail.grivaseltinteractive.gr
http-01 challenge for webmail.grivaseltinteractive.gr
http-01 challenge for www.grivaseltinteractive.gr
Using the webroot path /home/grivaseltinteractive/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://grivaseltinteractive.gr/.well-known/acme-challenge/rxttgjm11VUbFxqJ4EaCpZku0UZU25cDHanyLsJPHg4 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", webmail.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://webmail.grivaseltinteractive.gr/.well-known/acme-challenge/SA6DCH0cDrOJx4exV8Gd730UAtSWBdZsgaKR2pC7wl0 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", www.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.grivaseltinteractive.gr/.well-known/acme-challenge/6ZZVj_Y91ORfl-V5PRCfgS36T9X6-t6c9AsjWMEtpBA [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", admin.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://admin.grivaseltinteractive.gr/.well-known/acme-challenge/mqSQO0L6ePsP_VgQHNt2CPAlXNz36CD0kAN1rIMK3S4 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", mail.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.grivaseltinteractive.gr/.well-known/acme-challenge/VFJOfUdu2_NyMcoEUZJsVp_EDlpwSoV862gi3OtFzWw [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: grivaseltinteractive.gr
   Type:   unauthorized
   Detail: Invalid response from
   http://grivaseltinteractive.gr/.well-known/acme-challenge/rxttgjm11VUbFxqJ4EaCpZku0UZU25cDHanyLsJPHg4
   [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: webmail.grivaseltinteractive.gr
   Type:   unauthorized
   Detail: Invalid response from
   http://webmail.grivaseltinteractive.gr/.well-known/acme-challenge/SA6DCH0cDrOJx4exV8Gd730UAtSWBdZsgaKR2pC7wl0
   [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: www.grivaseltinteractive.gr
   Type:   unauthorized
   Detail: Invalid response from
   http://www.grivaseltinteractive.gr/.well-known/acme-challenge/6ZZVj_Y91ORfl-V5PRCfgS36T9X6-t6c9AsjWMEtpBA
   [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: admin.grivaseltinteractive.gr
   Type:   unauthorized
   Detail: Invalid response from
   http://admin.grivaseltinteractive.gr/.well-known/acme-challenge/mqSQO0L6ePsP_VgQHNt2CPAlXNz36CD0kAN1rIMK3S4
   [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: mail.grivaseltinteractive.gr
   Type:   unauthorized
   Detail: Invalid response from
   http://mail.grivaseltinteractive.gr/.well-known/acme-challenge/VFJOfUdu2_NyMcoEUZJsVp_EDlpwSoV862gi3OtFzWw
   [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

When I visit the domain, I see Apache2 Debian Default Page. I was expecting to see the standard Virtualmin placeholder page.

This indicates that there is something amiss with your installation of Virtualmin.

Just guessing here: before you installed Virtualmin, was Apache already installed on the server?

It wasn’t already installed. During the installation process, i chose not to create a virtual server for my FQDN (what do you suggest, should FQDN have its own Virtual Server?).
I manually created a virtual server for grivaseltinteractive.gr. Maybe i should contact my VPS provider and make sure that when i reinstall the OS, everything is fresh. I won’t close the topic until i reinstall the OS and Virtualmin in my VPS.
Thank you for the help!

WTF!? Why would you do that?

I know, terrible mistake. What do you believe triggered the Let’s Encrypt renewal to fail?
P.S. I followed your tutorials in youtube to setup Virtualmin and everything worked fine. Great work!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.