Another Let's Encrypt Error

I have to set the renewal to manual on all domains because virt now tries to incessantly renew them. Parsing CSR... Registering account... Already registered! Verifying www.troubadourjohn.com... Traceback (most recent call last):   File "/usr/libexec/webmin/webmin/acme_tiny.py", line 203, in     main(sys.argv[1)   File "/usr/libexec/webmin/webmin/acme_tiny.py", line 199, in main     signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)   File "/usr/libexec/webmin/webmin/acme_tiny.py", line 109, in get_crt     raise ValueError("Error requesting challenges: {0} {1}".format(code, result)) ValueError: Error requesting challenges: 429 {   "type": "urn:acme:error:rateLimited",   "detail": "Error creating new authz :: Too many invalid authorizations recently.",   "status": 429 }

Status: 
Active

Comments

Does manual renewal succeed for these domains though?

no it does not....it also kicks the automated renewals again leading to the errors i posted.

Do you get any different error message when you try a manual renewal (after waiting a few hours) ?

My guess is that there's an underlying error which is preventing Let's Encrypt from working, but after this has been tried and failed a few times it then causes further attempts to be rate-limited.

trying a manual renewal of the renwal date only does nothing..no errors..the renwal date stays expired.
trying a mnaul certificate request gives me:

Requesting a certificate for troubadourjohn.com, www.troubadourjohn.com from Let's Encrypt .. .. request failed : Failed to request certificate : Parsing account key... Parsing CSR... Registering account... Already registered! Verifying www.troubadourjohn.com... Wrote file to /home/troubadourjohn/public_html/.well-known/acme-challenge/IEgNvwMRdbIslBg5dSm5kIwXN0FKh2GncFs8ljSng4c, but couldn't download http://www.troubadourjohn.com/.well-known/acme-challenge/IEgNvwMRdbIslBg... Traceback (most recent call last): File "/usr/libexec/webmin/webmin/acme_tiny.py", line 203, in main(sys.argv[1:]) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 199, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 154, in get_crt domain, challenge_status)) ValueError: www.troubadourjohn.com challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'url': u'http://www.troubadourjohn.com/.well-known/acme-challenge/IEgNvwMRdbIslBg...', u'hostname': u'www.troubadourjohn.com', u'addressUsed': u'199.15.253.2', u'port': u'80', u'addressesResolved': [u'199.15.253.2', u'2604:4100:2:7::14']}, {u'url': u'https://troubadourjohn.com/', u'hostname': u'troubadourjohn.com', u'addressUsed': u'199.15.253.2', u'port': u'443', u'addressesResolved': [u'199.15.253.2', u'2604:4100:2:7::14']}], u'keyAuthorization': u'IEgNvwMRdbIslBg5dSm5kIwXN0FKh2GncFs8ljSng4c.LYB6qTjH1r9315k-vWQMsAWs2Mg_34tH8eUqMbbzYRo', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/w1igDE6YWD7phEmjhg_D...', u'token': u'IEgNvwMRdbIslBg5dSm5kIwXN0FKh2GncFs8ljSng4c', u'error': {u'status': 403, u'type': u'urn:acme:error:unauthorized', u'detail': u'Invalid response from http://www.troubadourjohn.com/.well-known/acme-challenge/IEgNvwMRdbIslBg... "\r\n\r\n<!--[if IE 8]>"'}, u'type': u'http-01'} <- Return to virtual server details

So LE is broken once again. it is getting to be very time intensive to have to continue to micromanage this program...

The error you're seeing above is indicated that the challenge file was created, but that it didn't pass.

When I try to access the challenge file that was created above, I'm redirected to the main web page of that particular domain.

I believe that's the issue -- that the challenge file isn't accessible.

Is there perhaps a redirect in a .htaccess file or in Apache that's redirecting away from the challenge file?

The file that's being created would need to be accessible to the public on the web, or Let's Encrypt won't be able to verify the SSL certificate.

nothing has changed in the domains this error is coming up in..the latest VM installation update is when this started.

aha. Remember the ticket i put in about some of my domains not going ot https inside of wordpress even when i tell wordpress to use https? I was then told to use the website redirect function..which i though was odd..but i did it. That was the issue. You cannot use the http to https redirect function inside for virt because it bombs LE. Looks like Virt has another bug.

This is a tricky one, as there's no way to turn off a redirect for a sub-path like /.well-known .

The next Webmin + Virtualmin releases will support DNS-based Let's Encrypt validation though as a fallback, which should avoid this (assuming Virtualmin hosts your DNS domain).

Hi I have the same error but I used the virtualmin redirect feature to force https on my owncloud. is there a way that during renewal you can turn off this redirect automatically, and the after a successful update turn it back on again? reason for asking is that I (at the moment) dont have my server as DNS server for the public.

mmoxnes, would the DNS option Jamie described above work for you?

still unreliable: Requesting a certificate for thepublicspectacle.com, www.thepublicspectacle.com from Let's Encrypt .. .. request failed : Failed to request certificate : Parsing account key... Parsing CSR... Registering account... Already registered! Verifying www.thepublicspectacle.com... Wrote file to /home/thepublicspectacle/public_html/.well-known/acme-challenge/YVq3WEmBf584niWYDRWEGhd29elge05UtAvZu6UfgKc, but couldn't download http://www.thepublicspectacle.com/.well-known/acme-challenge/YVq3WEmBf58... Traceback (most recent call last): File "/usr/libexec/webmin/webmin/acme_tiny.py", line 203, in main(sys.argv[1:]) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 199, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 154, in get_crt domain, challenge_status)) ValueError: www.thepublicspectacle.com challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'98.138.19.143'], u'url': u'http://www.thepublicspectacle.com/.well-known/acme-challenge/YVq3WEmBf58...', u'hostname': u'www.thepublicspectacle.com', u'addressesTried': [], u'addressUsed': u'98.138.19.143', u'port': u'80'}], u'keyAuthorization': u'YVq3WEmBf584niWYDRWEGhd29elge05UtAvZu6UfgKc.LYB6qTjH1r9315k-vWQMsAWs2Mg_34tH8eUqMbbzYRo', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/dnTncUAs3fFldluDEoxL...', u'token': u'YVq3WEmBf584niWYDRWEGhd29elge05UtAvZu6UfgKc', u'error': {u'status': 403, u'type': u'urn:acme:error:unauthorized', u'detail': u'Invalid response from http://www.thepublicspectacle.com/.well-known/acme-challenge/YVq3WEmBf58... [98.138.19.143]: 400'}, u'type': u'http-01'}

I tried manually renewing and doing only a renewal of the expiration..both failed.

trying ot use only update renewal results in nothing..the page goes back to the certificate management area for the domain with zero results.

ok got it fixed..:)

Glad to hear it's working now!

Feel free to let us know if you have any additional questions.