DNS-based validation failed : Failed to request certificate :


My domain is: pcriot.com.au

My Let’s Encrypt SSL Certificate stopped updating on 22.11.2019 (I’m not sure the date is significant, but perhaps something known changed around that time).

When I attempt to manually Request Certificate the error output is as follows:

Requesting a certificate for pcriot.com.au, www.pcriot.com.au, autoconfig.pcriot.com.au, autodiscover.pcriot.com.au, mail.pcriot.com.au from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 198, in
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 143, in get_crt
raise ValueError(“Wrote file to {0}, but couldn’t download {1}: {2}”.format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/pcriot/public_html/.well-known/acme-challenge/RxJAEpIFuQ0RLf34m3ycMHXs-Liutv7e4GFTaofeJKM, but couldn’t download http://autoconfig.pcriot.com.au/.well-known/acme-challenge/RxJAEpIFuQ0RLf34m3ycMHXs-Liutv7e4GFTaofeJKM: Error:
Url: http://autoconfig.pcriot.com.au/.well-known/acme-challenge/RxJAEpIFuQ0RLf34m3ycMHXs-Liutv7e4GFTaofeJKM
Data: None
Response Code: None
Response: <urlopen error [Errno -2] Name or service not known>

DNS-based validation failed : Failed to request certificate :
usage: acme_tiny.py [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir
ACME_DIR [–quiet] [–disable-check]
[–directory-url DIRECTORY_URL] [–ca CA]
[–contact [CONTACT [CONTACT …]]]
acme_tiny.py: error: argument --acme-dir is required

I’m running CentOS Linux 7.7.1908

I can login to a root shell on my machine.

I’m using Virtualmin version 6.08

Thanks in advance for any help.

1 Like

Your hostname autoconfig.pcriot.com.au isn’t resolvable by DNS. It’s 3 out of 4 authorative DNS servers (server.categorist.com, ns2.elitedomainservices.com and ns1.elitedomainservices.com) give a NXDOMAIN reply, 1 out of 4 authorative DNS servers (sdns2.ovh.ca) gives a SERVFAIL reply.

autodiscover.pcriot.com.au is also broken, but gives 3 out of 4 times (same servers as above) a NOERROR reply in stead of NXDOMAIN. sdns2.ovh.ca still gives a SERVFAIL. This latter DNS server gives SERVFAIL for every hostname I tried, even the working ones on the other 3 DNS servers…

You should fix your DNS service for that hostname and try again.

1 Like

Hi Osiris, thanks for the info. I will do this and report back later.

1 Like

I removed autoconfig.pcriot.com.au and autodiscover.pcriot.com.au from the certificate as they’re not important anyway. I also got rid of the sdns2.ovh.ca DNS because it’s always been near useless. The problem persisted even when the .wellknown/acme-challenge path wasn’t on a subdomain.

What did fix the problem was completely nuking the apache directives for the domain and creating them fresh. I’m not sure what entry was the problem as I didn’t look. I just removed and recreated them with Virtualmin.

Thanks for your help.

1 Like

That would have been a different error and consequently a different problem not yet discussed here. Glad to hear you've got it working again. I don't have any experience with Virtualmin, so no idea what went wrong or why it works now. But the fact it works is most important!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.