Requesting a certificate for superhost.gr

Can you please explain to me this error.

Requesting a certificate for superhost.gr, www.superhost.gr, mail.superhost.gr, autoconfig.superhost.gr, autodiscover.superhost.gr from Let’s Encrypt …

… request failed : Web-based validation failed : Failed to request certificate : mail.superhost.gr challenge did not pass: Invalid response from http://mail.superhost.gr/.well-known/acme-challenge/AlOLufDWP6592aa_NuFrZtVFUJu1eKtXZ9_oD-22PdU [2a02:7b40:b0df:81dc::1]: “\n \n \n \n Error: 404 Not Found</title”

DNS-based validation failed : Failed to request certificate : Undefined subroutine &main::restart_zone called at /usr/libexec/webmin/webmin/letsencrypt-dns.pl line 47.

mail.superhost.gr challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.superhost.gr

I noticed though that a TXT record created in DNS Records
Why can’t it read it?

What does the error mean and what steps i need to take in order to request a certificate successfully?

nslookup -q=txt _acme-challenge.mail.superhost.gr 8.8.8.8
Server: dns.google
Address: 8.8.8.8
*** dns.google can't find _acme-challenge.mail.superhost.gr: Non-existent domain

Hello rg305,

Apparently i’am trying to prove to Let’s Encrypt that i’am controlling that domain by using DNS records.

But you i didn’t configure the relevant domain (or the TXT record) correctly ?!

Please tell me what steps i need to take for the request certificate to work.

WHY it cannot find it since mail.superhost.gr since i have this record?

mail A - IPv4 Address 176.223.129.220
Thank you.

I’am not sure i understand.

i just created an A record

_acme-challenge.mail A - IPv4 Address 176.223.129.220

but that wasn’t of any help.

May i ask what exactly i need to add to DNS Records of superhost.gr domain in order for this challedge to work?

Please do explain to me what exactly i need to do.

You need to stop testing with the production LE system.
There is a --staging environment entire for that purpose.
If you don’t understand how something works, read:


Running the same command over and over and over again without changing anything is not going to fix it: There have been at lest 6 real certs issued for the exact same set of names today: https://crt.sh/?q=%.superhost.gr

i read the url you gave me but it doesn not explain how to ork the HTTP or DNS validation, so when trying i get the same error messages

… request failed : Web-based validation failed : Failed to request certificate : mail.superhost.gr challenge did not pass: Invalid response from http://mail.superhost.gr/.well-known/acme-challenge/AlOLufDWP6592aa_NuFrZtVFUJu1eKtXZ9_oD-22PdU [2a02:7b40:b0df:81dc::1]: “\n \n \n \n Error: 404 Not Found</title”

DNS-based validation failed : Failed to request certificate : Undefined subroutine &main::restart_zone called at /usr/libexec/webmin/webmin/letsencrypt-dns.pl line 47.

mail.superhost.gr challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.superhost.gr

I dont seem to undertand why it cannot find the DNS entry that ACME created.

Could you please elaborate for me so i can understand and make it work?
Thank you.

Hi @nikosgr

checking your domain via https://check-your-website.server-daten.de/?q=mail.superhost.gr

You have ipv4- and ipv6 addresses:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
mail.superhost.gr A 176.223.129.220 Vilnius/Lithuania (LT) - RACKRAY Hostname: superhost.gr yes 1 0
AAAA 2a02:7b40:b0df:81dc::1 Vilnius/Lithuania (LT) - RACKRAY yes

Checking http + /.well-known/acme-challenge/random-filename both addresses answers with the expected result http status 404 - Not Found.

But checking http + / there are different answers:

Domainname Http-Status redirect Sec. G
http://mail.superhost.gr/ 176.223.129.220 No GZip used - 2729 / 6811 - 40,07 % possible 200 Html is minified: 147,11 % 0.093 H
http://mail.superhost.gr/ 2a02:7b40:b0df:81dc::1 500 Html is minified: 154,32 % 0.127 S
Internal Server Error

Ipv4 works, ipv6 has a http status 500 - Internal Server Error.

Is the ipv6 really correct? 1 at the end?

Is the ipv6 configured in your Webmin? So Webmin knows that it should answer?

Perhaps remove the ipv6, create a new certificate, then fix the ipv6.

Yes Webmin is aware of both ipv4 & ipv6 as shown in virtualserver superhost.ge details.

Domain name superhost.gr
Created on 09/08/2018 by root
Administration username nikos Administration group nikos
Total server quota 1024 MB Server administrator’s quota 1024 MB
IP address 176.223.129.220 (Shared by all servers)
IPv6 address 2A02:7B40:B0DF:81DC::1 (Shared by all servers)
Domain ID 153638911223787

But they don’t reach the same content:

curl -Iki6 [2a02:7b40:b0df:81dc::1]
HTTP/1.1 500 Internal Server Error
Date: Tue, 05 Nov 2019 09:31:53 GMT
Server: Apache/2.4.6
Content-Length: 1524
Connection: close
Content-Type: text/html; charset=UTF-8

curl -Iki4 176.223.129.220
HTTP/1.1 200 OK
Date: Tue, 05 Nov 2019 09:32:12 GMT
Server: Apache/2.4.6
Content-Length: 6896
Content-Type: text/html; charset=UTF-8

curl -Iki6 mail.superhost.gr
HTTP/1.1 500 Internal Server Error
Date: Tue, 05 Nov 2019 09:33:42 GMT
Server: Apache/2.4.6
Content-Length: 1517
Connection: close
Content-Type: text/html; charset=UTF-8

curl -Iki4 mail.superhost.gr
HTTP/1.1 200 OK
Date: Tue, 05 Nov 2019 09:33:46 GMT
Server: Apache/2.4.6
Content-Length: 6939
Content-Type: text/html; charset=UTF-8

But it doesn't work, see the result of the check and @rg305 manual check.

Letsencrypt prefers ipv6, so that's critical. You have to fix it.

1 Like

Thanks for pointing this error to me.
Could you tell how to fix the issue with ipv6 that does not fetch the same results as ipv4 does?

Please give me commands that i issue to my VPS via SSH and i will post back the output.
I’am inexperinces with this SSL Cert stuff but i do have basic linux knowledge.
Please have a little patience and direct me on how to solve this by providing comamnds i should issue.

Thank you very much.

Check the Webmin documentation. I’ve no idea how that control panel works.

Or, as written: Remove the ipv6 AAAA record, create a certificate, then fix your ipv6.

I have removed all IPv6 DNS Records for domain superhost.gr and i try to requesta a certificate. Here is the output:

Requesting a certificate for superhost.gr, www.superhost.gr, mail.superhost.gr, autoconfig.superhost.gr, autodiscover.superhost.gr from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
mail.superhost.gr challenge did not pass: Invalid response from http://mail.superhost.gr/.well-known/acme-challenge/8ZytvGboUUyK2UD8q9199e-mckhTK5N-EhDYtnyJYB0 [176.223.129.220]: “\n \n \n \n Error: 404 Not Found</title”

DNS-based validation failed : Failed to request certificate :
Undefined subroutine &main::restart_zone called at /usr/libexec/webmin/webmin/letsencrypt-dns.pl line 47.

mail.superhost.gr challenge did not pass: Incorrect TXT record “IQ_bFSECzFcqYKWJSLWyV37-psVy57_cmF_bq-H63Sc” found at _acme-challenge.mail.superhost.gr

why does it say Incorrect TXT record found? That entry was automatically created by Virtualmin when request a certificate.

Please tell me what commands i need to try or what output i need to show you.

[root@superhost ~]# cat /var/named/superhost.gr.hosts
$ttl 38400
@ IN SOA ns1.superhost.gr. root.ns1.superhost.gr. (
1572891756
10800
3600
604800
38400 )
superhost.gr. IN A 176.223.129.220
www.superhost.gr. IN A 176.223.129.220
ftp.superhost.gr. IN A 176.223.129.220
m.superhost.gr. IN A 176.223.129.220
ns1.superhost.gr. IN A 176.223.129.220
ns2.superhost.gr. IN A 176.223.129.220
localhost.superhost.gr. IN A 127.0.0.1
webmail.superhost.gr. IN A 176.223.129.220
admin.superhost.gr. IN A 176.223.129.220
mail.superhost.gr. IN A 176.223.129.220
superhost.gr. IN MX 5 mail.superhost.gr.
superhost.gr. IN TXT “v=spf1 a mx a:superhost.gr ip4:176.223.129.220 ip4:176.223.129.220 ip6:2A02:7B40:B0DF:81DC::1 ?all”
autoconfig.superhost.gr. IN A 176.223.129.220
autodiscover.superhost.gr. IN A 176.223.129.220
superhost.gr. IN NS ns1.superhost.gr.
superhost.gr. IN NS ns2.superhost.gr.
_acme-challenge.mail.superhost.gr. 5 IN TXT OHR-_DZXStnvmr1aCl11yl_OBtfsFgdHasjcAxVz2oU

Sounds like a question more suited to be addressed on a Virtualmin forum...

I have asked there but havent received an answer.

Could you please give command line commands to try so we can correct this mess?
Please bare with me, i will post back the output of the commands you want me to try.

as you can see i have removed all IPv6 entries
and TXT record has debbn added there by ACME automatically
and A record for mail.superhost.gr exists so what does this error refers too?

DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.superhost.gr

WHAT “NON-Existent Domain” mail.superhost.gr has an A record.

Could you please explain to me whats going on?

It is NOT looking for an A record.
It needs a TXT record - not just any TXT record, a specific TXT record entry that matches the request [which proves control of the domain].
FYI - there are other ways to prove domain control.
But going outside a panel's control is NOT recommended.
This should be fixed in the control panel [VirtualMin].

Yes, it does, and that TXT record entry with specific value is applied automatically to my superhost.gr DNS Zone every time i make an attempt to request a certificate.

Since it is able to add this DNS entry by itself sucessfully WHY does it report back?

mail.superhost.gr challenge did not pass: Incorrect TXT record “IQ_bFSECzFcqYKWJSLWyV37-psVy57_cmF_bq-H63Sc” found at _acme-challenge.mail.superhost.gr

What exactly is this error message saying? that it cannot reuqest back the TXT record entry that told VirtualMin to put there in the first place?

And yet it doesn't MATCH.
Perhaps there needs to be a delay (waiting period) for DNS entry synchronization?
Or VirtualMin is simply putting the wrong entry in the right place - or the right entry in the wrong place - or anything other than the right entry in the right place [at the right time].

I been in the right place
But it must have been the wrong time
I'd have said the right thing
But must have used the wrong line

-Dr. John

Hahahaha! You made me laugh! Right to the point!
How can i investigate this further rg305?

Undefined subroutine &main::restart_zone [#67555] | Virtualmin here it says that it might be a bug in VirtualMin and that they are going to fix it in a following version, so i guess i have to wait.

Is there another way for me to read my user@superhost.gr mail via GMail ?!
Some workaround perhaps?

2 Likes

The server is having “issues”.
which would need to be fixed before anyone can access anything in it: