SSL Certificate Failing

GeoffatMM · May 17, 2026, 8:54am

SYSTEM INFORMATION
OS type and version	REQUIRED
Virtualmin version	REQUIRED

Hi,

I have recently moved from my own nameservers to use the default IONOS nameservers. Ever since, my ssl certificate refuses to renew quoting:

Requesting a certificate for xsxtc.uk, www.xsxtc.uk, mail.xsxtc.uk, admin.xsxtc.uk, webmail.xsxtc.uk from Let’s Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/usr/share/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 121, in get_crt
order, _, order_headers = _send_signed_request(directory[‘newOrder’], order_payload, “Error creating new order”)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 60, in _send_signed_request
return _do_request(url, data=data.encode(‘utf8’), err_msg=err_msg, depth=depth)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 46, in _do_request
raise ValueError(“{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}”.format(err_msg, url, data, code, resp_data))
ValueError: Error creating new order:
Url: https://acme-v02.api.letsencrypt.org/acme/new-order
Data: b’{“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJub25jZSI6ICJ4b1pmdVJmLVliVGYxRnVfb0RLdmQyT1hkeTYxRWlGMEhPUzJpNm1TckxwZklRUXUzRFkiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYyNDk2NTcyNyJ9”, “payload”: “eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogImFkbWluLnhzeHRjLnVrIn0sIHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAieHN4dGMudWsifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJtYWlsLnhzeHRjLnVrIn0sIHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAid3d3LnhzeHRjLnVrIn0sIHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAid2VibWFpbC54c3h0Yy51ayJ9XX0”, “signature”: “sa338ANsslUdN9VQalgJLmsJmgoP3o3nW5NJRPxS88Fk2OM_s4XwznurxEMhcJr095U4eVsrh5rQJ6Ubev_hODMCR9oQJ7uQzIi9QzqZTrMdLM4msMFsOUSx9DfEFZ3ZoTYoroylzp0JnN4jmVJdgjo_7NZG4K0WgrzlqzlURXIv_p6Nk4rK8uu6du3Jr1bIKxL-XRa2S-Cy3TwdrCyFIkt1-mS4r9sgyhwrUuCOUiBRHn6SqJ4eHfj9Ook5zo9Q24cvmdzkZ9tuthIFD-nLxrrzRqa3hkvCGsYRNpnoJ_qaxasdsTvurIfzgio0_jnN-0F_OJpQKEDsx6Gj2fw7EFGKQiV3xWIIlT5eKwcd9CVB1Nu2cPiUhvkE5BbWAp7VaseRW880AIowBM373gBEzicftMqsB4omHasNDZPdrr2k3Z5mF0hsy6A84pKHRMhN8MIBM7ha_Of6Yco3iOoPLqGYufy7LJGtSYFfeuqp0L4NyumzH2vB345a_dIaaGLAsYU25DOcRJRihVhbUU5pEWUliiktKzZocq-tEWJoJcs3Tp3nmteIhAT3yvZM6KuHeciPAHMyJpb5XRBmfOYl2VdL23sVtKZlwRpwQIzvYxl0_z4KtdvlrHZkJGCCrgD8Z5ioKp5GGRf_MPxjsLL10OyIP_kUXG6lYNfdLKiXDWE”}’
Response Code: 429
Response: {‘type’: ‘urn:ietf:params:acme:error:rateLimited’, ‘detail’: ‘too many failed authorizations (5) for “admin.xsxtc.uk” in the last 1h0m0s, retry after 2026-05-17 08:47:11 UTC: see Rate Limits - Let's Encrypt’, ‘status’: 429}
DNS-based validation failed : Only the official Let’s Encrypt client supports DNS-based validation

I am in the middle of migrating to a new VPS so I would like to make sure I am not passing a problem over to the new setup.

I have reset the webmin ssl settings and that appeared to work fine. Yet the certificate will still not renew on either http or DNS validation.

Any suggestions?

toreskev · May 17, 2026, 9:13am

If that is your actual domain, you kinda left quite a few records out…

pollux:~$ host xsxtc.uk
xsxtc.uk has address 77.68.100.23
xsxtc.uk mail is handled by 10 mx00.ionos.co.uk.
xsxtc.uk mail is handled by 10 mx01.ionos.co.uk.
pollux:~$ host www.xsxtc.uk
www.xsxtc.uk has address 77.68.100.23
pollux:~$ host mail.xsxtc.uk
Host mail.xsxtc.uk not found: 3(NXDOMAIN)
pollux:~$ host admin.xsxtc.uk
Host admin.xsxtc.uk not found: 3(NXDOMAIN)
pollux:~$ host webmail.xsxtc.uk
Host webmail.xsxtc.uk not found: 3(NXDOMAIN)

stefan1959 · May 17, 2026, 10:39am

You have done too many tries by that line. Leave it one hour.

Try again with test only, and screenshot the output.

Joe · May 17, 2026, 10:02pm

That’s not the useful error. We needed to know why it failed the first several times before it started blocking you.

But, it’s always one of the same three problems:

DNS. One or more of the names you’ve requested a certificate for aren’t pointing to the server you think they are. All names you have requested a cert for must resolve to the IP of the Virtualmin server.
Something is preventing access to .well-known on that domain. Usually a proxy or redirect rule, maybe in the config file, maybe in .htaccess, maybe something else.
A “wrong site shows up” problem: Troubleshooting Websites | Virtualmin — Open Source Web Hosting Control Panel (e.g. you’ve got * and IP-based VirtualHosts intermingled, which cannot work, could also be IPv6 misconfiguration).

Oh, also, if you’re using Cloudflare. That’ll break Let’s Encrypt. Cloudflare is the termination point for TLS requests from the outside world if you’re using Cloudflare proxy features, which means you need them to handle the cert on the domain. You still want a secure connection between Cloudflare and your server, but you’ll want to read the Cloudflare docs on that.

GeoffatMM · May 18, 2026, 5:39am

Ouch!

Thanks for the responses. I will do more research and see if I can resolve all the issues. Wish I understood dns and nameservers better.

Much appreciated for pointing the issues out.

Joe · May 18, 2026, 6:28am

You do not need to be an expert at DNS. You managed to configure some of them, you just need to finish the job, or stop trying to request certs for names that don’t resolve.

toreskev listed what’s missing: SSL Certificate Failing - #2 by toreskev

GeoffatMM · May 18, 2026, 2:55pm

To the point - comme d’habitude (as usual) Joe.

You are quite right and I will sort it.

Geoff+33 6 22 93 00 53
+44 7770 58 48 38