[Solved] Impossible to renew/add Letsencrypt. First install by virtualmin was perfect, but now it's expired, impossible

3 posts / 0 new
Last post
#1 Wed, 01/09/2019 - 08:01
OliverF

[Solved] Impossible to renew/add Letsencrypt. First install by virtualmin was perfect, but now it's expired, impossible

Hello,

I have used virtualmin to add Letsencrypt to one of the virtualdomains I host, however I didn't pay attention during the setup and auto-renewal was not activated. 3 months later, I am unable to either (a) renew the certificate or (b) install a new certificate

I am quite puzzled and no googling helped (I searched a lot, though). Please, would someone have an idea? I would be most grateful if you could help!!

Technical details follow now

This is a typical debian LAMP server, webmin+virtualmin.

The error messages are:

Requesting a certificate for www.[domain that I hide].net, [domain that I hide].net from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :

www.[domain that I hide].net challenge did not pass: Invalid response from http://www.[domain that I hide].net/.well-known/acme-challenge/XQWJ4iDJFmyIdhK-X4E6PFFmk21oj-LD2zE-3jqPdGE: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->\n<!--[if IE 7]>    <html class="no-js "

DNS-based validation failed : Failed to request certificate :

www.[domain that I hide].net challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.[domain that I hide].net

I once had a similar issue, caused by the fact I had tried in the past with the standalone commandline letsencrypt client, that required of me to delete /etc/letsencrypt/ , but there is no more /etc/letsencrypt/ directory to remove (I checked, it didn't come back).

The website is using Cloudflare, but I have every reason to believe cloudflare doesn't pose a problem here. Other websites that I host are similarly with a Letsencrypt provided by virtualmin, and also behind Cloudflare, and Cloudflare is properly configured in the same way for all those websites, set to "full (strict)", meaning they only check the certificate is valid and relay it to the internet, they don't mess with it. If it works for the other websites, then it can't be cloudflare's fault, it's got to be something on the server end.

Please, would someone know how to fix it, or what workaround could be found? Really, if you can help, thank you very much!!

Thu, 01/10/2019 - 09:59
OliverF

Well, you know what, I'll allow myself to respond to my question.

I told myself "hell, I've got nothing to lose", so after (without success) disabling and re-enabling apache SSL, I went for the wet finger nuclear strike approach and tried to see what happens if I delete every certificate-apparently-with-some-luck-related files at the root of the virtualhost's directory: ssl.ca, ssl.cert, ssl.combined, ssl.everything, ssl.key. And then, again, in virtualmin, I asked virtualmin to request a certificate for that domain.

No idea why, but hey, it worked!

Sat, 01/12/2019 - 12:49
Jfro

For another time try first setting a self signed with the Virtualmin GUI, then after that it could be possible to get a LE cert again with the Virtualmin GUI. Sometimes manuel setting the domainname only ..domain.tld and www.domain.tld if that succeed you can try more and looking where when what fails.

Topic locked