Unable to request/renew Let's Encrypt certificate with server aliases (Ubuntu)

Operating system: Ubuntu Linux 12.04.1
Webmin version: 1.890
Virtualmin version: 6.03

Hello,

I added some domain aliases to a virtual server in Virtualmin.
I changed the Let’s Encrypt certificate to the server domain name only (“Domain names listed here”) because everytime I add an alias the Let’s Encrypt certificate was rerequested and it took a long time until the process finished.
After adding a bunch of aliases I tried to request a certificate with all “Domains associated with this server”.
Since then (as far as I can remember) I get the following error:

Requesting a certificate for {domain1}, www.{domain1}, {domain2}, www.{domain2}, ............... from Let's Encrypt ..

… request failed : Web-based validation failed : Failed to request certificate :

Gave up waiting for validation

DNS-based validation failed : Failed to request certificate :

{domainX} challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.{domainX}

I don’t know how to fix this.

  • I tried removing redirects http->https,
  • unchecked the server "Apache SSL website enabled?" and rechecked,
  • removed the automatically added TXT records in BIND like _acme-challenge.{domain}. 5 IN TXT 6Wl5FB5hnqOmXhF104c8tPxyHdMWVC5riTfR5QAOhsU
  • Also added .well-known/acme-challenge to the public_html/ directory including the .htaccess

And now it seems that I hit the rate limit for failed authorizations ->

Requesting a certificate for {domain1}, www.{domain1}, {domain2}, www.{domain2}, …
from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :

{domainX} challenge did not pass: Invalid response from http://{domainX/.well-known/acme-challenge/ZxOYVi70Q-TqTcix83TIEGv2cBXay4F2cKOJJ9-LN2s: "<!doctype html>

<meta name="viewport" content="width=device-"

DNS-based validation failed : Failed to request certificate :
Error requesting challenges: Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/

Additional questions:

  • Were do I find Let's Encryp specific logs on Ubuntu?
  • Can I (manually) change the Virtualmin "Manage SSL" Let's Encryp process to Staging Environment (to avoid hitting the rate limits)?
  • Do I need the directory public_html/.well-known/acme-challenge? Has this directory to remain always?

I know this topic is similar to former posts but I could not retrieve a solution from the posts for my specific problem.

Any help appreciated!

Thanks in advance!

Mars

Hello mars-vie

virtualmin generate-letsencrypt-cert --domain domain1.com --domain www.domain1.com --domain domain2

try this one from CLI

Hello thathwamasi,

I could get the Let’s Encrypt certificate running in one case.
The problem was a wrong IP for a A record in the corresponding hosts file.

In another case I can’t get it working :frowning: