Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sns.net.my

I ran this command: none, In this cases, I manage this via Virtualmin > Server Configuration > Manage SSL Certificate > Let's Encrypt

It produced this output:
Traceback (most recent call last):
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 250, in
main(sys.argv[1:])
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 246, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 107, in get_crt
"agreement": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 63, in _send_signed_request
protected["nonce"] = urlopen(CA + "/directory").headers['Replay-Nonce']
File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib64/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/lib64/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib64/python2.7/urllib2.py", line 1214, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [Errno -2] Name or service not known>

DNS-based validation failed : Failed to request certificate :

Traceback (most recent call last):
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 250, in
main(sys.argv[1:])
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 246, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 107, in get_crt
"agreement": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 63, in _send_signed_request
protected["nonce"] = urlopen(CA + "/directory").headers['Replay-Nonce']
File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib64/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/lib64/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib64/python2.7/urllib2.py", line 1214, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [Errno -2] Name or service not known>

My web server is (include version): Apache/CentOS 2.4.6-97.el7.vm.4

The operating system my web server runs on is (include version): CentOS Linux 7.5.1804

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Webmin version 1.890
Usermin version 1.741
Virtualmin version 6.03

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

Hi @keithliew, and welcome to the LE community forum

I'm not an expert with Webmin (and the problem may very well be somewhere within that), but I have some doubt on the message shown:

Please clear my conscience about it with the outputs of:
nslookup letsencrypt.org
cat /etc/resolv.conf

Hi rg305, below are the nslookup result from my server

[root@vps1 root2]# nslookup letsencrypt.org
Server: 192.168.80.21
Address: 192.168.80.21#53

Non-authoritative answer:
Name: letsencrypt.org
Address: 52.220.244.242
Name: letsencrypt.org
Address: 178.128.126.116

Seems it manage to connect to LetsEncrypt.org

? ? ?

Please show:

That is a Private IPv4 Address
Thus the reason @rg305 wants to know DNS Server configuration.
Might also be helpful to know which DNS Server program you are using BIND, Unbound, etc.

Comparison of DNS server software list several DNS Servers.

Hi rg305 and Bruce5051.

Sorry, my fault.

The 192.168.80.21 is our internal Microsoft Windows DNS server.

Below is /etc/resolv.conf result:

[root@vps1 root2]# cat /etc/resolv.conf

Generated by NetworkManager

search sns.net.my
nameserver 192.168.80.21
nameserver 192.168.80.22
[root@vps1 root2]#

Basically, both the Webmin server and Microsoft Windows DNS server able to PING letsencrypt.org

Below is the PING result from Webmin server:
[root@vps1 root2]# ping letsencrypt.org
PING letsencrypt.org (54.255.56.197) 56(84) bytes of data.
64 bytes from ec2-54-255-56-197.ap-southeast-1.compute.amazonaws.com (54.255.56.197): icmp_seq=1 ttl=42 time=13.2 ms
64 bytes from ec2-54-255-56-197.ap-southeast-1.compute.amazonaws.com (54.255.56.197): icmp_seq=2 ttl=42 time=13.0 ms
64 bytes from ec2-54-255-56-197.ap-southeast-1.compute.amazonaws.com (54.255.56.197): icmp_seq=3 ttl=42 time=13.1 ms
64 bytes from ec2-54-255-56-197.ap-southeast-1.compute.amazonaws.com (54.255.56.197): icmp_seq=4 ttl=42 time=13.0 ms

Below is the PING result from Microsoft Windows DNS server:
C:\Users\user>ping letsencrypt.org

Pinging letsencrypt.org [52.220.244.242] with 32 bytes of data:
Reply from 52.220.244.242: bytes=32 time=15ms TTL=42
Reply from 52.220.244.242: bytes=32 time=15ms TTL=42
Reply from 52.220.244.242: bytes=32 time=15ms TTL=42
Reply from 52.220.244.242: bytes=32 time=15ms TTL=42

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.