Error 403 with webmin

Help
1

Hello,

First time here, greetings.

I have been using certs from StartSSL and Let’Encrypt, my process is always the same and has been working well so far.

On a webserver administered through webmin (up to date):

  • server name was sub1.domain1.tld with ip xxx.xxx.xxx.xxx with a LE cert Debian 8
  • server was reinstalled with a new name sub2.domain2.tld with the same ip Debian 9

When requesting a cert for the newly installed server I get a:

ValueError: Error signing certificate: 403 {
“type”: “urn:acme:error:unauthorized”,
“detail”: “Error creating new cert :: authorizations for these names not found or expired: vps20.zedd.fr”,
“status”: 403
}

Address is resolving properly, I tried requesting for www. as well, same …

I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin/Virtualmin up to date

Any idea ?
Pierre.

2

Hi Pierre,

Did you copy flies from /etc on the old server to the new server?

If not, could you share your log file from /var/log/letsencrypt?

3

Hi,

Sorry didn’t get a mail for your answer, just saw it, thanks for taking some interest in my question !

The server was completely reinstalled (twice) so I guess that I cannot say that files were copied from old server.

Now funny or not, I cannot find a letsencrypt log file

find . -name ‘letsencrypt*’
./etc/webmin/webmin/letsencrypt.pem
./usr/share/webmin/virtual-server/letsencrypt.cgi
./usr/share/webmin/webmin/letsencrypt-dns.pl
./usr/share/webmin/webmin/letsencrypt-cleanup.pl
./usr/share/webmin/webmin/letsencrypt-lib.pl
./usr/share/webmin/webmin/letsencrypt.cgi

And that’s all … When requesting the cert from within Virtualmin:

Requesting a certificate for vps20.zedd.fr from Let’s Encrypt …
… request failed : Failed to request certificate :

Parsing account key…
Parsing CSR…
Registering account…
Already registered!
Signing certificate…
Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 235, in
main(sys.argv[1:])
File “/usr/share/webmin/webmin/acme_tiny.py”, line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 196, in get_crt
raise ValueError(“Error signing certificate: {0} {1}”.format(code, result))
ValueError: Error signing certificate: 403 {
“type”: “urn:acme:error:unauthorized”,
“detail”: “Error creating new cert :: authorizations for these names not found or expired: vps20.zedd.fr”,
“status”: 403
}

Et voilà :slight_smile:
The server has been installed with debian8 + Webmin and then I made a distribution upgrade to debian9 (webmin is not available yet for Debian9 so that might be an issue but everything seems to be working properly so far).

Pierre.

4

Sorry, I was somehow thinking that you had used Certbot on the old server, but I don’t know why I thought that because you didn’t actually say so anywhere.

I think this is a bug of some kind in Webmin. You are welcome to see if someone else on this forum has any experience with this problem, but you might get a faster answer on the Webmin forum or bug tracker:

https://sourceforge.net/p/webadmin/discussion/600155

http://webmin.com/bugs.html

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.