Virtualmin: Failed to request certificate


I moved the server from Ubuntu 18.04 to Centos 7, I installed Virtumin from the beginning, I requested a new SSL certificate for my domain and got the following error:

Requesting a certificate for, from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):
  File "/usr/libexec/webmin/webmin/", line 198, in <module>
  File "/usr/libexec/webmin/webmin/", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER,, disable_check=args.disable_check, directory_url=args.directory_url,
  File "/usr/libexec/webmin/webmin/", line 143, in get_crt
    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/hunacoffee/public_html/.well-known/acme-challenge/SN2cXtQKkU9szRbgW5MGUv-HVezHk57LI3tFj4ncdEI, but couldn't download Error:
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)>
DNS-based validation failed : Failed to request certificate :
usage: [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir
                    ACME_DIR [--quiet] [--disable-check]
                    [--directory-url DIRECTORY_URL] [--ca CA]
                    [--contact [CONTACT [CONTACT ...]]] error: argument --acme-dir is required

Please guide me how to fix it. Thanks!

1 Like

Hi @thanhhx,

Welcome to the community forum!

What versions of webmin, virtualmin, and acme_tiny are you using?


Hi @Phil ,

Webmin version 1.941
Virtualmin version 6.08
Usermin version 1.791
Operating system CentOS Linux 7.7.1908
How to view the version of acme_tiny?


1 Like

The script can be found at the following location. Checking the project source code at github doesn’t show a version flag which is unfortunate.


However, checking webmin source shows that was reintroduced to the project ~20 days ago.

How did you attempt to request a certificate through webmin? Can you show us a screenshot please?'s_Encrypt


Hi @thanhhx

checking your domain that may not work -

You have redirects http -> https (that's ok), but the redirect goes to your index page:

Domainname Http-Status redirect Sec. G
β€’ 302 Html is minified: 100,00 % 0.490 A
β€’ 302 Html is minified: 100,00 % 0.570 A
β€’ 301 Html is minified: 100,00 % 5.280 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
β€’ No GZip used - 14660 / 91510 - 16,02 % possible Inline-JavaScript (βˆ‘/total): 6/1948 Inline-CSS (βˆ‘/total): 9/41506 200 Html is minified: 210,87 % 7.520 N
Certificate error: RemoteCertificateChainErrors
β€’ Inline-JavaScript (βˆ‘/total): 0/0 Inline-CSS (βˆ‘/total): 0/0 302 Html is minified: 100,00 % 0.473 A
Visible Content: Found The document has moved here .
β€’ Inline-JavaScript (βˆ‘/total): 0/0 Inline-CSS (βˆ‘/total): 0/0 302 Html is minified: 100,00 % 0.493 A
Visible Content: Found The document has moved here .

http + /.well-known/acme-challenge/random-filename is redirected to https + /index.php.

And there is a Precheck - that fails, because the certificate is invalid.

You should have a redirect

http + /.well-known/acme-challenge/random-filename -> https + /.well-known/acme-challenge/random-filename

or no redirect.

So may be the easiest solution: Remove that wrong redirect temporary or change it, so /.well-known/acme-challenge isn't redirected.


Here is a screenshot of the steps I have taken:


Thank you. I edited it.

1 Like

Ah, now your redirect is correct.

D:\temp>download -h
Pragma: no-cache
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Date: Tue, 21 Jan 2020 17:45:26 GMT
Expires: Wed, 17 Aug 2005 00:00:00 GMT
Last-Modified: Tue, 21 Jan 2020 17:45:27 GMT
Set-Cookie: be4be8aecb5843cb693fd62a27abd11a=8fc5ae3dbf8aaaa6ad9b24f138763a30; path=/; secure; HttpOnly
Server: Apache/2.4.6
X-Powered-By: PHP/7.2.24

Status: 301 MovedPermanently

But there is a problem: That tool you use has a pre-check. And the pre-check doesn't ignore certificate errors.

Letsencrypt ignores certificate errors.

And your screenshot doesn't show an option to skip that pre-check.


@JuergenAuer ,

After following your instructions. I have fixed the problem. Thank you everyone for your help.


Ah, good to know. :+1:

Looks like that precheck error message is a little bit incomplete.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.