Virtualmin: Failed to request certificate ( July)

Hello guys!

I have the exact problem that this guy: Virtualmin: Failed to request certificate

Same letters, nothing more nothing less…

My domain is: https://videos.nightlifeporn.com/

**Webmin version: 1.942
**Virtualmin version: 6.09
**Usermin version: 1.791

But I dont understand how he finally fix it.

Or what could be my solution… Please help

Is my new VPS in centos 7. It has wordpress thanks to virtualmin and I need to have the ssl .

I have my domain in namecheap saved in banahosting server. And this subdomain: videos.nightlifeporn.com. I am pointing in Contabo.

1 Like

Hi @Eduardo.Sorel

then first step: Check your domain to see if you have really exact the same problem.

1 Like

Hello!

I said that because when I try to active the SSL certificate I recive the exact message:

Requesting a certificate for videos.nightlifeporn.com, www.videos.nightlifeporn.com, mail.videos.nightlifeporn.com from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 143, in get_crt
raise ValueError(“Wrote file to {0}, but couldn’t download {1}: {2}”.format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/videos/public_html/.well-known/acme-challenge/JHeED70mZx212c_CK1AdwrmPkazjaHyvzeHqTbHFiDg, but couldn’t download http://videos.nightlifeporn.com/.well-known/acme-challenge/JHeED70mZx212c_CK1AdwrmPkazjaHyvzeHqTbHFiDg: Error:
Url: http://videos.nightlifeporn.com/.well-known/acme-challenge/JHeED70mZx212c_CK1AdwrmPkazjaHyvzeHqTbHFiDg
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)>

, DNS-based validation failed : Failed to request certificate :

usage: acme_tiny.py [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir
ACME_DIR [–quiet] [–disable-check]
[–directory-url DIRECTORY_URL] [–ca CA]
[–contact [CONTACT [CONTACT …]]]
acme_tiny.py: error: argument --acme-dir is required

Hi @Eduardo.Sorel,

This is a problem about the interactions of your hosting configuration with the acme_tiny used by Webmin. I understand the nature of the problem, although I’m not sure exactly who is most to blame here.

Your site is currently set to redirect http://videos.nightlifeporn.com/xyz to https://videos.nightlifeporn.com/xyz (for any value of xyz). That’s normally fine and even a good practice, but right now the HTTPS site doesn’t work yet from the point of view of most software because the certificate is invalid. Therefore, when acme_tiny goes to check whether this validation file was created properly, it complains that the certificate is invalid, and believes that the validation challenge wasn’t solved correctly.

But this is a mismatch between the behavior of acme_tiny and the Let’s Encrypt validator, because the Let’s Encrypt validator, as a special exception, will ignore certificate validation errors when downloading validation challenge files after following an HTTP-to-HTTPS redirect. Therefore, acme_tiny is being too strict in its check. The challenge is valid in this environment, from Let’s Encrypt’s point of view, and should not be rejected as invalid by client software like acme_tiny trying to predict what Let’s Encrypt will think.

One workaround for you could be to temporarily disable the HTTP-to-HTTPS redirection behavior on your site; a better fix might be to get acme_tiny to be less strict in this specific check.

I think you’ll need to ask one or more of your hosting provider, the Webmin developers, or the acme_tiny developers to make these more permanent changes.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.