Starting over - Revoke LE certs initiated by Virtualmin


I’m someone who like to stick with something that works, but when I’m exploring new options I try things over and over. Especially software and servers. I have finally settled on Virtualmin and I was excited to see a LetsEncrypt module become part of the install.

LE through Virtualmin, has worked successfully for me, my problem is that after a number of tests, deletions, and rebuilds, it seems that I can no longer activate an LE cert for the domains I’m requesting. (Error below)

I’ve seen reference to revoking existing certs but, unless I’m missing something, it seems that those apply to servers that have LE manually installed. Is there a way to force revocation without waiting for expiration? Now that I understand how it works, I need a way to start over.


Requesting a certificate for from Let’s Encrypt …
… request failed : Failed to request certificate :
Parsing account key…
Parsing CSR…
Registering account…
Already registered!
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/”, line 202, in
File “/usr/libexec/webmin/webmin/”, line 198, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER,
File “/usr/libexec/webmin/webmin/”, line 153, in get_crt
domain, challenge_status))
ValueError: challenge did not pass: {u’status’: u’invalid’, u’validationRecord’: [{u’url’: u’’, u’hostname’: u’’, u’addressUsed’: u’’, u’port’: u’80’, u’addressesResolved’: None}], u’keyAuthorization’: u’4TC58DV2HINESF8sRM-lB2hCvDJ112M3-aflIbGdV_s.JkwQ3L5MpzXe_uSV9SJ–lYnFDQRXOdP69KV2X7qmA8’, u’uri’: u’’, u’token’: u’4TC58DV2HINESF8sRM-lB2hCvDJ112M3-aflIbGdV_s’, u’error’: {u’status’: 400, u’type’: u’urn:acme:error:unknownHost’, u’detail’: u’No valid IP addresses found for’}, u’type’: u’http-01’}


The error is;

Without your real domain name though it’s tricky for me to debug this much further. Are there any DNS issues with your domain ? what is the domain name, so we can check further?


Sure - domain is


Hi @evm, that domain’s DNS records are only set up for e-mail (MX) and not for other kinds of contact with an IP address (A).


For obtaining a cert (without using a web server) for a mail server, you could use the DNS challenge


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.