Cannot renew a certificate that has been working before on a server that is hosting many other times without problems

Hi, I’m going a little bit crazy trying to renew a certificate. I have a server hosting about 10 sites and one of them failed it’s renewal (it was working without any problems). Never had a problem (and just tried adding a certificate to another site hosted in my server) but for this one I get a 502 proxy error. What could the problem be?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
tumu.mx

I ran this command:
Tried running it through webmin.

It produced this output:
Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/usr/share/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 149, in get_crt
raise ValueError(“Challenge did not pass for {0}: {1}”.format(domain, authorization))
ValueError: Challenge did not pass for tumu.mx: {‘status’: ‘invalid’, ‘expires’: ‘2020-08-25T23:22:17Z’, ‘identifier’: {‘value’: ‘tumu.mx’, ‘type’: ‘dns’}, ‘challenges’: [{‘token’: ‘eONDWuDbIj5LVSS88NihtM89N6oKwa9C0V6XIAVS8rs’, ‘status’: ‘invalid’, ‘url’: ‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6625577523/d_7pgQ’, ‘error’: {‘status’: 403, ‘type’: ‘urn:ietf:params:acme:error:unauthorized’, ‘detail’: ‘Invalid response from http://tumu.mx/.well-known/acme-challenge/eONDWuDbIj5LVSS88NihtM89N6oKwa9C0V6XIAVS8rs [167.99.111.111]: “\n\n502 Proxy Error\n\n

Proxy Error</h1”’}, ‘validationRecord’: [{‘hostname’: ‘tumu.mx’, ‘url’: ‘http://tumu.mx/.well-known/acme-challenge/eONDWuDbIj5LVSS88NihtM89N6oKwa9C0V6XIAVS8rs’, ‘addressesResolved’: [‘167.99.111.111’], ‘port’: ‘80’, ‘addressUsed’: ‘167.99.111.111’}], ‘type’: ‘http-01’}]}

My web server is (include version):
Apache 2.4.25

The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Yes, webmin (1.954) and virtualmin (6.11)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Not sure, because I am doing this through virtualmin.

1 Like

Just visiting your website gives the same error: http://tumu.mx

If we visit the www version, it works OK: http://www.tumu.mx.

Whatever is resulting in that proxy error being produced is probably the same reason your certificate renewal is not working.

My advice would be to try fix the above issue first, and then try renewal again.

1 Like

Thank you very much. I was just noticing this. One question (probably not letsencrypt related). tumu.mx is not working. But www.tumu.mx redirects through cname to tumu.mx and it works. What could be happening?

1 Like

That depends on what Webmin/Virtualmin is doing with its Apache configuration for your domains. I’m not familiar with them and don’t have any ideas, sorry…

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.