Virtualmin Letsencrypt Renewal
Solved
Hosting
-
I have a main domain chadjessen.com. I have a subdomain publicapi.chadjessen.com. Letsencrypt renewed the certificate for chadjessen.com just fine but I have been trying and pulling my hair out to try and figure out why it won’t renew for publicapi.chadjessen.com. I can ping it, I can go to dns lookup and everything goes through just fine. Below is the message that comes up after requesting the certificates. This was working before, so not sure what happened.
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for publicapi.chadjessen.com http-01 challenge for www.publicapi.chadjessen.com Using the webroot path /home/chadjessen/domains/publicapi.chadjessen.com/public_html for all unmatched domains. Waiting for verification... Challenge failed for domain publicapi.chadjessen.com Challenge failed for domain www.publicapi.chadjessen.com http-01 challenge for publicapi.chadjessen.com http-01 challenge for www.publicapi.chadjessen.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: publicapi.chadjessen.com Type: unauthorized Detail: Invalid response from http://publicapi.chadjessen.com/.well-known/acme-challenge/SvIpe5TGPgHACfcYg_ezswBJJso7CAT4S2ZoW4EHLGE [143.244.152.107]: "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /.well-known/" Domain: www.publicapi.chadjessen.com Type: unauthorized Detail: Invalid response from http://www.publicapi.chadjessen.com/.well-known/acme-challenge/_zWHJoOZf3szsMh36hmhV5O-iqQtZp60jePqgL9KH94 [143.244.152.107]: "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /.well-known/" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. DNS-based validation failed : Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Renewing an existing certificate Performing the following challenges: dns-01 challenge for publicapi.chadjessen.com dns-01 challenge for www.publicapi.chadjessen.com Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl Waiting for verification... Challenge failed for domain publicapi.chadjessen.com Challenge failed for domain www.publicapi.chadjessen.com dns-01 challenge for publicapi.chadjessen.com dns-01 challenge for www.publicapi.chadjessen.com Cleaning up challenges Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: publicapi.chadjessen.com Type: dns Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.publicapi.chadjessen.com - check that a DNS record exists for this domain Domain: www.publicapi.chadjessen.com Type: dns Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.publicapi.chadjessen.com - check that a DNS record exists for this domain -
@phenomlab I do. It is in the domains folder under chadjessen.com. I set it up as a subdomain through virtualwin.
@madchatthew that’s odd. Let’s Encrypt is complaining about the lack of
.well-knownwhich is required for activation. Seeing as you created this as a sub domain it should work without issue.Do you have
certbotinstalled at all ? If not, have a look at this and go from step 4 -
I have a main domain chadjessen.com. I have a subdomain publicapi.chadjessen.com. Letsencrypt renewed the certificate for chadjessen.com just fine but I have been trying and pulling my hair out to try and figure out why it won’t renew for publicapi.chadjessen.com. I can ping it, I can go to dns lookup and everything goes through just fine. Below is the message that comes up after requesting the certificates. This was working before, so not sure what happened.
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for publicapi.chadjessen.com http-01 challenge for www.publicapi.chadjessen.com Using the webroot path /home/chadjessen/domains/publicapi.chadjessen.com/public_html for all unmatched domains. Waiting for verification... Challenge failed for domain publicapi.chadjessen.com Challenge failed for domain www.publicapi.chadjessen.com http-01 challenge for publicapi.chadjessen.com http-01 challenge for www.publicapi.chadjessen.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: publicapi.chadjessen.com Type: unauthorized Detail: Invalid response from http://publicapi.chadjessen.com/.well-known/acme-challenge/SvIpe5TGPgHACfcYg_ezswBJJso7CAT4S2ZoW4EHLGE [143.244.152.107]: "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /.well-known/" Domain: www.publicapi.chadjessen.com Type: unauthorized Detail: Invalid response from http://www.publicapi.chadjessen.com/.well-known/acme-challenge/_zWHJoOZf3szsMh36hmhV5O-iqQtZp60jePqgL9KH94 [143.244.152.107]: "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /.well-known/" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.DNS-based validation failed : Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Renewing an existing certificate Performing the following challenges: dns-01 challenge for publicapi.chadjessen.com dns-01 challenge for www.publicapi.chadjessen.com Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl Waiting for verification... Challenge failed for domain publicapi.chadjessen.com Challenge failed for domain www.publicapi.chadjessen.com dns-01 challenge for publicapi.chadjessen.com dns-01 challenge for www.publicapi.chadjessen.com Cleaning up challenges Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: publicapi.chadjessen.com Type: dns Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.publicapi.chadjessen.com - check that a DNS record exists for this domain Domain: www.publicapi.chadjessen.com Type: dns Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.publicapi.chadjessen.com - check that a DNS record exists for this domain@madchatthew do you have a sub domain setup for
publicapi.chadjessen.comsetup n VirtualMin ? -
@madchatthew do you have a sub domain setup for
publicapi.chadjessen.comsetup n VirtualMin ?@phenomlab I do. It is in the domains folder under chadjessen.com. I set it up as a subdomain through virtualwin.
-
@phenomlab I do. It is in the domains folder under chadjessen.com. I set it up as a subdomain through virtualwin.
@madchatthew that’s odd. Let’s Encrypt is complaining about the lack of
.well-knownwhich is required for activation. Seeing as you created this as a sub domain it should work without issue.Do you have
certbotinstalled at all ? If not, have a look at this and go from step 4 -
@madchatthew that’s odd. Let’s Encrypt is complaining about the lack of
.well-knownwhich is required for activation. Seeing as you created this as a sub domain it should work without issue.Do you have
certbotinstalled at all ? If not, have a look at this and go from step 4@phenomlab I thought the same thing. I will try these steps a little later today and let you know the results. Thanks
-
So I installed certbot and went through the steps. It was successful. My publicapi.chadjessen.com is now secured again. I made sure that the auto renewal was set and did a dry run to make sure that everything would go through. I didn’t have to add the ppa like it said in the instructions. I am running Ubuntu 20.04. I just had to run the install part of the program.
It is weird that Virtualmin wouldn’t renew it. I will make sure just to use certbot if I have any other issues with it.
Thanks for your help Mark, I really appreciate it.
-
undefined Madchatthew has marked this topic as solved on 2 Oct 2021, 13:26
-
undefined Madchatthew has marked this topic as unsolved on 2 Oct 2021, 13:26
-
undefined Madchatthew has marked this topic as solved on 2 Oct 2021, 13:26
-
So I installed certbot and went through the steps. It was successful. My publicapi.chadjessen.com is now secured again. I made sure that the auto renewal was set and did a dry run to make sure that everything would go through. I didn’t have to add the ppa like it said in the instructions. I am running Ubuntu 20.04. I just had to run the install part of the program.
It is weird that Virtualmin wouldn’t renew it. I will make sure just to use certbot if I have any other issues with it.
Thanks for your help Mark, I really appreciate it.
@madchatthew no problems Chad. Always happy to help out. I’ve come across this before myself hence the suggestion as it worked for me previously as it did for you. The only gotcha here is that you won’t be able to manage that particular cert through WebMin or VirtualMin in terms of renewal etc - it needs to be done from CLI.
-
undefined phenomlab unlocked this topic on 6 Oct 2021, 17:24
-
A quick update for anyone reading this thread, and attempting to follow the links. It seems that the PPA has been deprecated, meaning that
sudo add-apt-repository ppa:certbot/certbotwill NOT work.You’ll need to download the .deb files manually from here, then use
sudoi dkpg -i <deb>to installAdditionally, if you’re a Webmin user and are looking for a way to install Certbot there, details for that are here.
-
A quick update for anyone reading this thread, and attempting to follow the links. It seems that the PPA has been deprecated, meaning that
sudo add-apt-repository ppa:certbot/certbotwill NOT work.You’ll need to download the .deb files manually from here, then use
sudoi dkpg -i <deb>to installAdditionally, if you’re a Webmin user and are looking for a way to install Certbot there, details for that are here.
@phenomlab Else ye’ can also always opt for some Dehydrated Boulders and be done with it, eh?
-
@phenomlab Else ye’ can also always opt for some Dehydrated Boulders and be done with it, eh?
@gotwf Yes, you could…
-
@phenomlab Indubitably. I have been using dehydrated since early days of Let’s Encrypt. I favor KISS engineering and Dehydrated is a “simple” shell script. And in so being, also easy to automate via cron jobs. No big mussin’ or fussin’ about with the evil systemd.
Dehydrated has been under +/- continual incremental development since those early days (who’d of thunk it?) and scratches my itches.
My $0.02. Caveat emptor.
-
@phenomlab Indubitably. I have been using dehydrated since early days of Let’s Encrypt. I favor KISS engineering and Dehydrated is a “simple” shell script. And in so being, also easy to automate via cron jobs. No big mussin’ or fussin’ about with the evil systemd.
Dehydrated has been under +/- continual incremental development since those early days (who’d of thunk it?) and scratches my itches.
My $0.02. Caveat emptor.
@gotwf KISS - now there’s a phrase I’ve not heard for a while… I have a blog article about that I’ll out up soon.
-
@phenomlab Indubitably. I have been using dehydrated since early days of Let’s Encrypt. I favor KISS engineering and Dehydrated is a “simple” shell script. And in so being, also easy to automate via cron jobs. No big mussin’ or fussin’ about with the evil systemd.
Dehydrated has been under +/- continual incremental development since those early days (who’d of thunk it?) and scratches my itches.
My $0.02. Caveat emptor.
@gotwf said in Virtualmin Letsencrypt Renewal:
I favor KISS engineering
Then I think you’ll be able to appreciate this
https://content.sudonix.com/keep-it-simple-stupid/ -
undefined phenomlab referenced this topic on 2 Oct 2023, 21:38
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (ether email, or push notification). You'll also be able to save bookmarks, use reactions, and upvote to show your appreciation to other community members.
With your input, this post could be even better 💗
RegisterLog in
