Hello.
I own a VPS since june '21 and i had one domain (grivaseltinteractive.gr) and a subdomain (development.grivaseltinteractive.gr). For nameservers i use those provided by Linode. The SSL certificate used to renew automatically without any problems. The last 2 weeks i’ve been receiving email to the accounts related to the domains, that the renewal fails. The exast messages are the following:
Web-based validation failed:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for admin.grivaseltinteractive.gr
http-01 challenge for grivaseltinteractive.gr
http-01 challenge for mail.grivaseltinteractive.gr
http-01 challenge for webmail.grivaseltinteractive.gr
http-01 challenge for www.grivaseltinteractive.gr
Using the webroot path /home/grivaseltinteractive/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. admin.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://admin.grivaseltinteractive.gr/.well-known/acme-challenge/SRWJpcQ_cUp5mJ61kp-hRYGeaoYunnE51Sd5oJDfzrU [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", webmail.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://webmail.grivaseltinteractive.gr/.well-known/acme-challenge/g3CF0ePS7UqirxbJaKaJbxtD_DwI6KCS1OYKEGqnEq0 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://grivaseltinteractive.gr/.well-known/acme-challenge/CymSkFIhP3mZTp6RoCXApcC3IOdI3xku5vPxtLf6tno [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", mail.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.grivaseltinteractive.gr/.well-known/acme-challenge/5ogsh8B8lydI3QGyvwjQiOZiBe2HgMF2iYQvRHXPKl0 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", www.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.grivaseltinteractive.gr/.well-known/acme-challenge/4Idgx8FXvgjfLopQe3cWt5hSV5vdE_BEvFIfy4U0ws0 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: admin.grivaseltinteractive.gr
Type: unauthorized
Detail: Invalid response from
http://admin.grivaseltinteractive.gr/.well-known/acme-challenge/SRWJpcQ_cUp5mJ61kp-hRYGeaoYunnE51Sd5oJDfzrU
[2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: webmail.grivaseltinteractive.gr
Type: unauthorized
Detail: Invalid response from
http://webmail.grivaseltinteractive.gr/.well-known/acme-challenge/g3CF0ePS7UqirxbJaKaJbxtD_DwI6KCS1OYKEGqnEq0
[2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: grivaseltinteractive.gr
Type: unauthorized
Detail: Invalid response from
http://grivaseltinteractive.gr/.well-known/acme-challenge/CymSkFIhP3mZTp6RoCXApcC3IOdI3xku5vPxtLf6tno
[2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: mail.grivaseltinteractive.gr
Type: unauthorized
Detail: Invalid response from
http://mail.grivaseltinteractive.gr/.well-known/acme-challenge/5ogsh8B8lydI3QGyvwjQiOZiBe2HgMF2iYQvRHXPKl0
[2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: www.grivaseltinteractive.gr
Type: unauthorized
Detail: Invalid response from
http://www.grivaseltinteractive.gr/.well-known/acme-challenge/4Idgx8FXvgjfLopQe3cWt5hSV5vdE_BEvFIfy4U0ws0
[2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
DNS-based validation failed :
same message as above
I have uninstalled virtualmin and reinstalled it. I have set up with the exact same way the virtual servers and tried to install a SSL certificate from Let’s Encrypt but the same message occurs.
Has anyone encountered something similar?
Any suggestion is welcome,
thank you in advance!
There is a 404 error and acme challenge is failing.
If you had not uninstalled and reinstalled Virtualmin, I would have told you to check your .htaccess and attempted to diagnose the issue.
But after you have uninstalled Virtualmin and then reinstalled it (Virtualmin is supposed to be installed on a freshly formatted system with just the OS installed) I really would not know where to begin.
The .htaccess file is the first thing which I check because it could be something there which trips up Let’s Encrypt auto renewals, hence I mentioned it.
If you have uninstalled and reinstalled Virtualmin then yours is no longer a standard system. It cannot be diagnosed with all the assumptions that could be made when troubleshooting a standard Virtualmin system.
You will have to troubleshoot the old-fashioned way: start with the logs.
That’s a prudent course of action under the circumstances. Keep us informed of your progress and feel free to reach out to the community if you have questions or need information.
I am back again. Reinstalled Debian 10 in my VPS and Virtualmin.
I created a Virtual Server with the “Apache SSL website” feature enabled.
The request wasn’t successful and then i made a request for all default subdomains (www, mail, admin, webmail) from server configuration->ssl certificate->let’s encrypt with “automatically renew certificate” enabled.
I got this message:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for admin.grivaseltinteractive.gr
http-01 challenge for grivaseltinteractive.gr
http-01 challenge for mail.grivaseltinteractive.gr
http-01 challenge for webmail.grivaseltinteractive.gr
http-01 challenge for www.grivaseltinteractive.gr
Using the webroot path /home/grivaseltinteractive/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://grivaseltinteractive.gr/.well-known/acme-challenge/rxttgjm11VUbFxqJ4EaCpZku0UZU25cDHanyLsJPHg4 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", webmail.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://webmail.grivaseltinteractive.gr/.well-known/acme-challenge/SA6DCH0cDrOJx4exV8Gd730UAtSWBdZsgaKR2pC7wl0 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", www.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.grivaseltinteractive.gr/.well-known/acme-challenge/6ZZVj_Y91ORfl-V5PRCfgS36T9X6-t6c9AsjWMEtpBA [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", admin.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://admin.grivaseltinteractive.gr/.well-known/acme-challenge/mqSQO0L6ePsP_VgQHNt2CPAlXNz36CD0kAN1rIMK3S4 [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", mail.grivaseltinteractive.gr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.grivaseltinteractive.gr/.well-known/acme-challenge/VFJOfUdu2_NyMcoEUZJsVp_EDlpwSoV862gi3OtFzWw [2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: grivaseltinteractive.gr
Type: unauthorized
Detail: Invalid response from
http://grivaseltinteractive.gr/.well-known/acme-challenge/rxttgjm11VUbFxqJ4EaCpZku0UZU25cDHanyLsJPHg4
[2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: webmail.grivaseltinteractive.gr
Type: unauthorized
Detail: Invalid response from
http://webmail.grivaseltinteractive.gr/.well-known/acme-challenge/SA6DCH0cDrOJx4exV8Gd730UAtSWBdZsgaKR2pC7wl0
[2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: www.grivaseltinteractive.gr
Type: unauthorized
Detail: Invalid response from
http://www.grivaseltinteractive.gr/.well-known/acme-challenge/6ZZVj_Y91ORfl-V5PRCfgS36T9X6-t6c9AsjWMEtpBA
[2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: admin.grivaseltinteractive.gr
Type: unauthorized
Detail: Invalid response from
http://admin.grivaseltinteractive.gr/.well-known/acme-challenge/mqSQO0L6ePsP_VgQHNt2CPAlXNz36CD0kAN1rIMK3S4
[2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: mail.grivaseltinteractive.gr
Type: unauthorized
Detail: Invalid response from
http://mail.grivaseltinteractive.gr/.well-known/acme-challenge/VFJOfUdu2_NyMcoEUZJsVp_EDlpwSoV862gi3OtFzWw
[2a02:c500:2:4d4::9ba3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
It wasn’t already installed. During the installation process, i chose not to create a virtual server for my FQDN (what do you suggest, should FQDN have its own Virtual Server?).
I manually created a virtual server for grivaseltinteractive.gr. Maybe i should contact my VPS provider and make sure that when i reinstall the OS, everything is fresh. I won’t close the topic until i reinstall the OS and Virtualmin in my VPS.
Thank you for the help!
I know, terrible mistake. What do you believe triggered the Let’s Encrypt renewal to fail?
P.S. I followed your tutorials in youtube to setup Virtualmin and everything worked fine. Great work!