DNS-based validation failed : Failed to request certificate :

Hello,

My domain is: pcriot.com.au

My Let’s Encrypt SSL Certificate stopped updating on 22.11.2019 (I’m not sure the date is significant, but perhaps something known changed around that time).

When I attempt to manually Request Certificate the error output is as follows:

Requesting a certificate for pcriot.com.au, www.pcriot.com.au, autoconfig.pcriot.com.au, autodiscover.pcriot.com.au, mail.pcriot.com.au from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 143, in get_crt
raise ValueError(“Wrote file to {0}, but couldn’t download {1}: {2}”.format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/pcriot/public_html/.well-known/acme-challenge/RxJAEpIFuQ0RLf34m3ycMHXs-Liutv7e4GFTaofeJKM, but couldn’t download http://autoconfig.pcriot.com.au/.well-known/acme-challenge/RxJAEpIFuQ0RLf34m3ycMHXs-Liutv7e4GFTaofeJKM: Error:
Url: http://autoconfig.pcriot.com.au/.well-known/acme-challenge/RxJAEpIFuQ0RLf34m3ycMHXs-Liutv7e4GFTaofeJKM
Data: None
Response Code: None
Response: <urlopen error [Errno -2] Name or service not known>

DNS-based validation failed : Failed to request certificate :
usage: acme_tiny.py [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir
ACME_DIR [–quiet] [–disable-check]
[–directory-url DIRECTORY_URL] [–ca CA]
[–contact [CONTACT [CONTACT …]]]
acme_tiny.py: error: argument --acme-dir is required

I’m running CentOS Linux 7.7.1908

I can login to a root shell on my machine.

I’m using Virtualmin version 6.08

Thanks in advance for any help.

1 Like

Your hostname autoconfig.pcriot.com.au isn’t resolvable by DNS. It’s 3 out of 4 authorative DNS servers (server.categorist.com, ns2.elitedomainservices.com and ns1.elitedomainservices.com) give a NXDOMAIN reply, 1 out of 4 authorative DNS servers (sdns2.ovh.ca) gives a SERVFAIL reply.

autodiscover.pcriot.com.au is also broken, but gives 3 out of 4 times (same servers as above) a NOERROR reply in stead of NXDOMAIN. sdns2.ovh.ca still gives a SERVFAIL. This latter DNS server gives SERVFAIL for every hostname I tried, even the working ones on the other 3 DNS servers…

You should fix your DNS service for that hostname and try again.

1 Like

Hi Osiris, thanks for the info. I will do this and report back later.

1 Like

I removed autoconfig.pcriot.com.au and autodiscover.pcriot.com.au from the certificate as they’re not important anyway. I also got rid of the sdns2.ovh.ca DNS because it’s always been near useless. The problem persisted even when the .wellknown/acme-challenge path wasn’t on a subdomain.

What did fix the problem was completely nuking the apache directives for the domain and creating them fresh. I’m not sure what entry was the problem as I didn’t look. I just removed and recreated them with Virtualmin.

Thanks for your help.

1 Like

That would have been a different error and consequently a different problem not yet discussed here. Glad to hear you’ve got it working again. I don’t have any experience with Virtualmin, so no idea what went wrong or why it works now. But the fact it works is most important!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.