Improving my website for Lets Encrypt problems

NB: This is an update for the previous request under:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
xorex.rocks

I ran this command:
Virtualmin:Server Configuration:SSL Certificate:Let’s Encrypt:Request certificate for: Domain names listed here:

xorex.rocks
www.xorex.rocks
mail.xorex.rocks
ftp.xorex.rocks

It produced this output:
Requesting a certificate for xorex.rocks, www.xorex.rocks, mail.xorex.rocks, ftp.xorex.rocks from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):

  • File “/usr/share/webmin/webmin/acme_tiny.py”, line 198, in *
  • main(sys.argv[1:])*
  • File “/usr/share/webmin/webmin/acme_tiny.py”, line 194, in main*
  • signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)*
  • File “/usr/share/webmin/webmin/acme_tiny.py”, line 143, in get_crt*
  • raise ValueError(“Wrote file to {0}, but couldn’t download {1}: {2}”.format(wellknown_path, wellknown_url, e))*
    ValueError: Wrote file to /home/xorex/public_html/.well-known/acme-challenge/jPro4J4ZCszZdqIdM9yN-PtXmICfY_1NJiAju06I1wU, but couldn’t download http://ftp.xorex.rocks/.well-known/acme-challenge/jPro4J4ZCszZdqIdM9yN-PtXmICfY_1NJiAju06I1wU: Error:
    Url: http://ftp.xorex.rocks/.well-known/acme-challenge/jPro4J4ZCszZdqIdM9yN-PtXmICfY_1NJiAju06I1wU
    Data: None
    Response Code: 404
    Response:

    404 Not Found

    Not Found


    The requested URL was not found on this server.


, DNS-based validation failed : Failed to request certificate :
usage: acme_tiny.py [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir

  •                ACME_DIR [--quiet] [--disable-check]*
    
  •                [--directory-url DIRECTORY_URL] [--ca CA]*
    
  •                [--contact [CONTACT [CONTACT ...]]]*
    

acme_tiny.py: error: argument --acme-dir is required

My web server is (include version):
Apache version 2.4.38 (apache2)

The operating system my web server runs on is (include version):
Debian Linux 10

My hosting provider, if applicable, is:
OVH

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes. Webmin version 1.942 Virtualmin version 6.09
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
No. Automated Virtualmin process


My site is currently working but “check-your-website.server-daten.de” tells me there are still more faults to conquer. Some of the issues are not clear to me and I wondered if there is a help guide for the site or a key that explains each error? For example, why does https://my IP address give a privacy error? The reverse dns is correctly set and I have never (to my knowledge) added and IP address to a certificate request. Is something else causing this?

So, Lets Encrypt is generating a certificate for the base domain and the “mail.” and “www.” Subdomains. However, as soon as I try to generate a certificate with one of the other subdomains (m., ftp. Webmail., admin., etc) if gives me an error. Normal http calls to the domain are being redirected to https successfully and the certificate is recognised through the redirection but a direct call on e.g., https://admin.xorex.rocks does not redirect (correct) but tells me ‘This Connection Is Not Private’, presumably because admin.xorex.rocks is not covered by the domain certificate.

All the subdomains are set up as A records not CNAME records which I understand is better and should not interfere with the Lets Encrypt process but can anyone confirm this please?

I also run a nameserver ns1.xorex.rocks on the server. For this subdomain I am able to generate a certificate for more of the subdomains. This far it covers

ns1.xorex.rocks
www.ns1.xorex.rocks
mail.ns1.xorex.rocks
m.ns1.xorex.rocks
ftp.ns1.xorex.rocks

However it will not accept “admin.” or “webmail.”

Why do the two servers react differently? How do I get them both to openly accept certification of the subdomains?

Hi @GeoffatMM

that’s outside of this forum. Compare your result with other results and fix your errors.

That’s a configuration problem of your VirtualMin. May be you don’t have a working vHost configuration.

That’s completely unrelevant.

??? Not really.

I cannot compare with others if I do not understand what I am comparing. Hence my request for a link to some form of guide for the check-your-website output. I can see what the letters refer to on the home page but there is no explanation of the colour coding etc. I am triying hard to sort this myself but it is not easy when the information is cryptic and there is not an explanation for it.

I have now got this running with the ftp. and m. domains. webmail. is on a redirection to Usermin and admin. to Webmin so LetsEncrypt cannot access the .well-known path as a consequence. However these now have the certificate copied to them so work fine.

However, xerxes.xorex.rocks which is configured identically to ftp. and m. will not work. On its own it correctly redirects to the https site for xorex.rocks and it can display the index file I have placed in the .well-known file when the path is added to the http request. Trying https to access it fails as there is no certificate. There is a redirection that excludes the .well-known path and http://xerxes.xorex.rocks/.well-known/acme-challenge/n_s-D6y57da7RCT00eqBxcGKcZXTa_pQz73wRIzhYZE opens the dummy acme-challenge folder and the file that I have inserted (feel free to check for yourselves).

So if everything is working correctly for this subdomain, why am I getting this error:

Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/usr/share/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 143, in get_crt
raise ValueError(“Wrote file to {0}, but couldn’t download {1}: {2}”.format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/xorex/public_html/.well-known/acme-challenge/n_s-D6y57da7RCT00eqBxcGKcZXTa_pQz73wRIzhYZE, but couldn’t download http://xerxes.xorex.rocks/.well-known/acme-challenge/n_s-D6y57da7RCT00eqBxcGKcZXTa_pQz73wRIzhYZE: Error:
Url: http://xerxes.xorex.rocks/.well-known/acme-challenge/n_s-D6y57da7RCT00eqBxcGKcZXTa_pQz73wRIzhYZE
Data: None
Response Code: 404
Response:

404 Not Found

Not Found

The requested URL was not found on this server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.