Virtualmin: Failed to request certificate

Help
1

Hello,

I moved the server from Ubuntu 18.04 to Centos 7, I installed Virtumin from the beginning, I requested a new SSL certificate for my domain and got the following error:

Requesting a certificate for hunacoffee.com, www.hunacoffee.com from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 143, in get_crt
    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/hunacoffee/public_html/.well-known/acme-challenge/SN2cXtQKkU9szRbgW5MGUv-HVezHk57LI3tFj4ncdEI, but couldn't download http://hunacoffee.com/.well-known/acme-challenge/SN2cXtQKkU9szRbgW5MGUv-HVezHk57LI3tFj4ncdEI: Error:
Url: http://hunacoffee.com/.well-known/acme-challenge/SN2cXtQKkU9szRbgW5MGUv-HVezHk57LI3tFj4ncdEI
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)>
DNS-based validation failed : Failed to request certificate :
usage: acme_tiny.py [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir
                    ACME_DIR [--quiet] [--disable-check]
                    [--directory-url DIRECTORY_URL] [--ca CA]
                    [--contact [CONTACT [CONTACT ...]]]
acme_tiny.py: error: argument --acme-dir is required

Please guide me how to fix it. Thanks!

1 Like
2

Hi @thanhhx,

Welcome to the community forum!

What versions of webmin, virtualmin, and acme_tiny are you using?

2 Likes
3

Hi @Phil ,

Webmin version 1.941
Virtualmin version 6.08
Usermin version 1.791
Operating system CentOS Linux 7.7.1908
How to view the version of acme_tiny?

Thanks,

1 Like
4

The acme_tiny.py script can be found at the following location. Checking the project source code at github doesn’t show a version flag which is unfortunate.

/usr/libexec/webmin/webmin/acme_tiny.py

However, checking webmin source shows that acme_tiny.py was reintroduced to the project ~20 days ago.

How did you attempt to request a certificate through webmin? Can you show us a screenshot please? https://doxfer.webmin.com/Webmin/Let's_Encrypt

2 Likes
5

Hi @thanhhx

checking your domain that may not work - https://check-your-website.server-daten.de/?q=hunacoffee.com

You have redirects http -> https (that's ok), but the redirect goes to your index page:

Domainname Http-Status redirect Sec. G
β€’ http://hunacoffee.com/ 103.95.197.75 302 https://hunacoffee.com/ Html is minified: 100,00 % 0.490 A
β€’ http://www.hunacoffee.com/ 103.95.197.75 302 https://www.hunacoffee.com/ Html is minified: 100,00 % 0.570 A
β€’ https://www.hunacoffee.com/ 103.95.197.75 301 https://hunacoffee.com/ Html is minified: 100,00 % 5.280 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
β€’ https://hunacoffee.com/ 103.95.197.75 No GZip used - 14660 / 91510 - 16,02 % possible Inline-JavaScript (βˆ‘/total): 6/1948 Inline-CSS (βˆ‘/total): 9/41506 200 Html is minified: 210,87 % 7.520 N
Certificate error: RemoteCertificateChainErrors
β€’ http://hunacoffee.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 103.95.197.75 Inline-JavaScript (βˆ‘/total): 0/0 Inline-CSS (βˆ‘/total): 0/0 302 https://hunacoffee.com/index.php Html is minified: 100,00 % 0.473 A
Visible Content: Found The document has moved here .
β€’ http://www.hunacoffee.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 103.95.197.75 Inline-JavaScript (βˆ‘/total): 0/0 Inline-CSS (βˆ‘/total): 0/0 302 https://www.hunacoffee.com/index.php Html is minified: 100,00 % 0.493 A
Visible Content: Found The document has moved here .

http + /.well-known/acme-challenge/random-filename is redirected to https + /index.php.

And there is a Precheck - that fails, because the certificate is invalid.

You should have a redirect

http + /.well-known/acme-challenge/random-filename -> https + /.well-known/acme-challenge/random-filename

or no redirect.

So may be the easiest solution: Remove that wrong redirect temporary or change it, so /.well-known/acme-challenge isn't redirected.

3 Likes
6

Here is a screenshot of the steps I have taken:


7

@JuergenAuer

Thank you. I edited it.

1 Like
8

Ah, now your redirect is correct.

D:\temp>download http://hunacoffee.com/.well-known/acme-challenge/SN2cXtQKkU9szRbgW5MGUv-HVezHk57LI3tFj4ncdEI -h
SystemDefault
Pragma: no-cache
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Date: Tue, 21 Jan 2020 17:45:26 GMT
Expires: Wed, 17 Aug 2005 00:00:00 GMT
Last-Modified: Tue, 21 Jan 2020 17:45:27 GMT
Location: https://hunacoffee.com/.well-known/acme-challenge/SN2cXtQKkU9szRbgW5MGUv-HVezHk57LI3tFj4ncdEI
Set-Cookie: be4be8aecb5843cb693fd62a27abd11a=8fc5ae3dbf8aaaa6ad9b24f138763a30; path=/; secure; HttpOnly
Server: Apache/2.4.6
X-Powered-By: PHP/7.2.24

Status: 301 MovedPermanently

But there is a problem: That tool you use has a pre-check. And the pre-check doesn't ignore certificate errors.

Letsencrypt ignores certificate errors.

And your screenshot doesn't show an option to skip that pre-check.

3 Likes
9

@JuergenAuer ,

After following your instructions. I have fixed the problem. Thank you everyone for your help.

4 Likes
10

Ah, good to know. :+1:

Looks like that precheck error message is a little bit incomplete.

4 Likes
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.