THIS IS A LOT BETTER.
I see the file just fine. http://sentinelfs.co/.well-known/acme-challenge/T5d2cmSY9zzCjdk36iPcLUA85btXXSrgyFWihbMSUiA
acme-tiny doesn't wait one second to let nginx pick it up: https://github.com/diafygi/acme-tiny/blob/master/acme_tiny.py#L135 curse the heavens.
hahah,
it doesnt want to give me a SSL cert does it!. Anything i can do to fettle the code to add a wait condition or something
from time import sleep
sleep(seconds)
and i should insert that (for say 2 seconds) in at line 134? Or something like this?
challenge = [c for c in authorization['challenges'] if c['type'] == "http-01"][0]
token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge['token'])
keyauthorization = "{0}.{1}".format(token, thumbprint)
wellknown_path = os.path.join(acme_dir, token)
from time import sleep
sleep(2)
with open(wellknown_path, "w") as wellknown_file:
wellknown_file.write(keyauthorization)that’s too early.
between 138 and 139, I’d say, after the comment and before the try block (or inside the try block)
ah right ok, makese sense now. Sorry only really a config fettler not much of a coder.
from time import sleep
sleep(2)
try:
wellknown_url = "http://{0}/.well-known/acme-challenge/{1}".format(domain, token)
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
assert(disable_check or _do_request(wellknown_url, context=ctx)[0] == keyauthorization)
except (AssertionError, ValueError) as e:
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
So did that, rebooted box.
Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 203, in
main(sys.argv[1:])
File “/usr/share/webmin/webmin/acme_tiny.py”, line 199, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 148, in get_crt
raise ValueError(“Wrote file to {0}, but couldn’t download {1}: {2}”.format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/sentinelfs/public_html/.well-known/acme-challenge/T5d2cmSY9zzCjdk36iPcLUA85btXXSrgyFWihbMSUiA, but couldn’t download http://sentinelfs.co/.well-known/acme-challenge/T5d2cmSY9zzCjdk36iPcLUA85btXXSrgyFWihbMSUiA: Error:
Url: http://sentinelfs.co/.well-known/acme-challenge/T5d2cmSY9zzCjdk36iPcLUA85btXXSrgyFWihbMSUiA
Data: None
Response Code: 404
Response:
and I get the file, it does not.
I guess two seconds is not enough.
weird, really cant believe this sort of fettling is needed. Ill up it to 5 seconds and see what happens.
Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 203, in
main(sys.argv[1:])
File “/usr/share/webmin/webmin/acme_tiny.py”, line 199, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 148, in get_crt
raise ValueError(“Wrote file to {0}, but couldn’t download {1}: {2}”.format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/sentinelfs/public_html/.well-known/acme-challenge/T5d2cmSY9zzCjdk36iPcLUA85btXXSrgyFWihbMSUiA, but couldn’t download http://sentinelfs.co/.well-known/acme-challenge/T5d2cmSY9zzCjdk36iPcLUA85btXXSrgyFWihbMSUiA: Error:
Url: http://sentinelfs.co/.well-known/acme-challenge/T5d2cmSY9zzCjdk36iPcLUA85btXXSrgyFWihbMSUiA
Data: None
Response Code: 404
Response:
still failed. It must be something else?
I don’t even.
You can try putting disable_check=True before the try block.
Requesting a certificate for sentinelfs.co, www.sentinelfs.co from Let’s Encrypt …
… request was successful!
Configuring webserver to use new certificate and key …
… done
Applying web server configuration …
… done
!!!
yay 
Thank you very much for your help, what a mess on. Would kinda love to understand why we need to disable the check. But i guess thats for people smarter than me.
All this will be lost when virtualmin upgrades. You should check if you can switch clients.
(it can be a lot of things with your software, network, or both)
True, but there has been no upgrades i’m aware of from when it worked before and now. I’ll keep an eye on this and any upgrades i might need to do to virtualmin.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.