Can't Request Certificate on Virtualmin

Help
1

please help me,
i cant request certificate on Virtualmin.
Error code:
Traceback (most recent call last):
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 198, in
main(sys.argv[1:])
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 106, in get_crt
directory, _, _ = _do_request(directory_url, err_msg="Error getting directory")
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 46, in _do_request
raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error getting directory:
Url: https://acme-v02.api.letsencrypt.org/directory
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)>

1 Like
2

Hi @dayat46, welcome to the LE community forum :slight_smile:

Have you tried asking for help on the Virtualmin forum?

1 Like
3

ok, thank you brother

2 Likes
4

I'm actually torn on whether this is a Virtualmin problem or an intermediate certificate problem.
But since you are the first to show us this problem...
I'm thinking it is within Virtualmin and either way they should be able to better pinpoint the problem.
In any case, please return here and post what they provide (hopefully a solution).

2 Likes
5

Maybe you can add some details to help us better think through this problem...

openssl version
cat /etc/issue
hostnamectl

1 Like
6

My version OpenSSL 1.0.2k-fips 26 Jan 2017

1 Like
7

Hmm… Systems using openssl 1.0.2 won't work with the default chain, which (last I checked) the Let's Encrypt API endpoint is still using. At some point they're said the plan was to move to the ISRG Root X1 rooted chain, but they haven't said yet when that will be (though we have a thread or two asking about it).

You might need to use one of the Openssl 1.0.2 workarounds to let your system connect to the Let's Encrypt API in the meantime.

4 Likes
8

Let's Encrypt has changed their API endpoint to the ISRG Root X1 rooted chain yesterday; if the only problem was the use of Openssl 1.0.2 then that should have fixed it for you.

2 Likes
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.