Cant request certificate invalid response etc

Trying to request a certificate for one of my sites I run Virtualmin for my hosting platform on a Debian 9 install.

I have 2 SSL sites my blog which works with certificates and my community forum which has is the main site and a forum at

In virtualmin the certificate is held by the top site and community is a sub server managed by the parent.
When requesting a certificate for the community site and forum in virtual this error shows:

Requesting a certificate for, from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate : challenge did not pass: Invalid response from []: “<!-- st”
DNS-based validation failed : Failed to request certificate : challenge did not pass: No TXT record found at

The certificates were working, but I switched from Centos 6.9 to Debian 9 to rebuild the server and since I am getting errors requesting a new certificate.

My current certificate info is as follows.

Domain names listed here

    Months between automatic renewal Only renew manually
    Time since last renewal 0.37 months
    Last successful renewal 04/10/2019 1:19 PM
    Last failed renewal 06/09/2019 1:24 PM
    Renewal failed due to Web-based validation failed : Failed to request certificate : challenge did not pass: Invalid response from []: “<!-- st”

I have a test file in the acme-challenge folder which can be read so the folder can be accessed.

I don’t know what needs to be changed as I haven’t changed any settings backend in No-IP and I backed up and re-imported my server to Virtualmin.

Only thing I can think of at this stage is to wipe the forum server sub vhost and create a new one importing copying back the the web files and mysql database to get a new virtualmin config.
But I would rather fix the issue than to do that.

The error is only on the forum sub server and not the parent which shares the same certificate.

More info about my current certificate:
I have cleaned up the other domain names area to get rid of the initial unused testing sites ‘sytes’ and mail.

SSL certificate file /home/cajgo-admin/ssl.cert
SSL private key file /home/cajgo-admin/ssl.key
Web server hostname Issuer name Let’s Encrypt Authority X3
Issuer organization Let’s Encrypt, CN = Let’s Encrypt Authority X3 Expiry date Jul 9 04:19:01 2019 GMT
Certificate type Signed by CA
Other domain names,,,,

Just saw something weird.

The files are being created in the main server as I can see them.
But it’s trying to get a response from the community support. site.

Hi @drguild

checking your two domains there are no major problems visible. One thing looks critical ( )

Host T IP-Address is auth. ∑ Queries ∑ Timeout A
/Western Australia/AU yes 1 0
AAAA yes A
Beaumont/Texas/US yes 1 0
AAAA yes

your www version has another ip address. But that's not a problem because the http redirects to non-www + https


there is "manually renew". So you have to create the validation file manual -> there is something going wrong.

And you have two different certificates:
expires in 19 days,,,, - 5 entries

from your main site,
expires in 54 days, - 2 entries

from your community site ( ).

So if your community site uses an own certificate, remove the community domain name from your other certificate.

The ip for www can be easily explained as that’s no-ip doing a dns redirect.
as for the two certificates that’s very strange as the servers are sating the certificate is being shared in virtualmin and there is only 1 button to request a certificate.

As for the manual update its set for 2 months as per virtualmin defaults
There are 2 options on the same line in the virtualmin gui renew manually and months between renews.
Didn’t translate too well here on copy/paste.

I doubt there’s anyway to expire all certificates so I can redo them.

As it is I am fine with the community one totally expire and using the shared certificate from now on if that works.

For now I took out the community from the main certificate and its updated.
I will look at sharing again in the future soon.

unhooking the certificates the parent updated now my sub is showing as a privacy error and cannot update its certificate.

So I somehow lost the community ssl certificate and not sure how to fix it.

Requesting a certificate for, from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):
File “/usr/share/webmin/webmin/”, line 250, in
File “/usr/share/webmin/webmin/”, line 246, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER,
File “/usr/share/webmin/webmin/”, line 154, in get_crt
resp = urlopen(wellknown_url)
File “/usr/lib/python2.7/”, line 154, in urlopen
return, data, timeout)
File “/usr/lib/python2.7/”, line 435, in open
response = meth(req, response)
File “/usr/lib/python2.7/”, line 548, in http_response
‘http’, request, response, code, msg, hdrs)
File “/usr/lib/python2.7/”, line 467, in error
result = self._call_chain(*args)
File “/usr/lib/python2.7/”, line 407, in _call_chain
result = func(*args)
File “/usr/lib/python2.7/”, line 654, in http_error_302
return, timeout=req.timeout)
File “/usr/lib/python2.7/”, line 429, in open
response = self._open(req, data)
File “/usr/lib/python2.7/”, line 447, in _open
‘_open’, req)
File “/usr/lib/python2.7/”, line 407, in _call_chain
result = func(*args)
File “/usr/lib/python2.7/”, line 1241, in https_open
File “/usr/lib/python2.7/”, line 1195, in do_open
h.request(req.get_method(), req.get_selector(),, headers)
File “/usr/lib/python2.7/”, line 1042, in request
self._send_request(method, url, body, headers)
File “/usr/lib/python2.7/”, line 1082, in _send_request
File “/usr/lib/python2.7/”, line 1038, in endheaders
File “/usr/lib/python2.7/”, line 882, in _send_output
File “/usr/lib/python2.7/”, line 844, in send
File “/usr/lib/python2.7/”, line 1263, in connect
File “/usr/lib/python2.7/”, line 363, in wrap_socket
File “/usr/lib/python2.7/”, line 611, in init
File “/usr/lib/python2.7/”, line 848, in do_handshake
match_hostname(self.getpeercert(), self.server_hostname)
File “/usr/lib/python2.7/”, line 286, in match_hostname
% (hostname, dnsnames[0]))
ssl.CertificateError: hostname ‘’ doesn’t match ‘
DNS-based validation failed : Failed to request certificate : challenge did not pass: No TXT record found at

Now you have installed the wrong certificate ( ):
expires in 90 days - 1 entry

Looks like your Virtualmin configuration is a little bit confused.

I hit the rate limit for the hour.
As I was still getting errors about invalid TXT etc stuff trying the sub server certificate.

Sigh this is annoying.

I opened a issue with with virtualmin and hope I can get this sorted out in a reasonable time.

1 Like

Got it working.
I created a self signed certificate then I could get a certificate from let’s encrypt.
I have 2 separate certificates now one for the top one for the community.
I will need to look into a shared certificate later which was the issue which I believe I need to redirect the community well-known directory so it uses the main sites one.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.