Error while trying to renew or create a new cert. Other domains in same server update fine

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:Im running the wizard included with Webmin

It produced this output:
Traceback (most recent call last):
File “/usr/share/webmin/webmin/”, line 198, in
File “/usr/share/webmin/webmin/”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER,, disable_check=args.disable_check, directory_url=args.directory_url,
File “/usr/share/webmin/webmin/”, line 143, in get_crt
raise ValueError(“Wrote file to {0}, but couldn’t download {1}: {2}”.format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/aftercoffeedesigns/public_html/.well-known/acme-challenge/1SstSSqSzzh1Rf89EtKwtQfx_4xYanE_KGG_es4NlmU, but couldn’t download Error:
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>


usage: [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir
ACME_DIR [–quiet] [–disable-check]
[–directory-url DIRECTORY_URL] [–ca CA]
[–contact [CONTACT [CONTACT …]]] error: argument --acme-dir is required

My web server is (include version): Nginx 1.10.3

The operating system my web server runs on is (include version): Ubuntu Linux 16.04.5

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin 1.941

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I dont know

1 Like

Hi @ae3erdion1

if you have such errors: Are there updates?

Of that acme-tiny and Webmin?

1 Like

There was a recent thread about this:

(Though it’s long and I haven’t reread it!)

The issue is:

  • Your website redirects from HTTP to HTTPS. (This is fine!)
  • The ACME client, acme-tiny, makes its own HTTP request to your website to check if the validation works.
  • This request requires a valid certificate. (Even though Let’s Encrypt’s validation system ironically doesn’t.)
  • acme-tiny has an option to disable the check; Webmin doesn’t use it.
  • The website’s current certificate is expired.

I think the very long thread suggests some workarounds.


Warning: that thread also discusses at least one unrelated issue. You can ignore parts of it.

There’s a pull request to disable certificate validation for the check, but it wasn’t merged:

1 Like

It work by adding a line before it try. Same solution that the post you share. Thanks

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.