Hi I am struggling with an issue trying to install a letsencrypt ssl cert to my webmin server.
I am using /var/www/html as the Other Directory variable as I have on other webmin servers that work perfectly.
This is what I get:
Traceback (most recent call last):
File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /var/www/html/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg, but couldn't download http://myserver.co.uk/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg: Error:
Url: http://myserver.co.uk/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg
Data: None
Response Code: 404
Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"></module>
<title>404 Not Found</title>
Not Found
The requested URL was not found on this server.
myserver.co.uk resolves perfectly and is the FQDN of the webmin server.
Can someone let me know what directory to use for the form to install a letencypt ssl cert for the webmin server.
I am sure its to do with the webiste document root but things look the same between tehone that works and hte one that does not.
System is Ubuntu 18.04.3
Any help appreciated
Spart
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
some tests ...
using file manager is the letsencrypt directory .wellknown there ?
inside that directory is the letsencrypt token there ?
if yes then...
can you browse to the token using the url ?
if not then ...
check file permissions on the letsencrypt directory and token to be readable by apache
if ok then ..
is there a .htaccess item in the website directory (such as set by anti hacker or wordpress type apps) which only allows browsing of specfic file types and/or specific directories. ?
Last edit: rj elleray 2020-01-19
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
for the web based letsencrpt module to work the server MUST be operating a webserver for the each host FQDN in question.
It puts its token in the apache website root directory (defaults to /var/www/html) to check from letsencrpt server that the cert's server is owned/accessible by the webmin server. Other ownership options are available (DNS etc) as per letsencrpt wiki.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
OK but this is a new server. The DNS resoves for the webmin host. /var/www/html are there the whole www tree is owned by root. It is curently an empy virtualmin server.
I need to install an SSL cert for the webmin/virtualmin server host. myserver.co.uk which resolves fine and points to the server. If I try to go to myserver.co.uk using a browser there is nothing displayed. I would expect to get the Apache default page. I can see it is in the /var/ww/html/ tree but is not served.
So how do I solve this?
The default confs in apache point to /var/ww/html
Cheers
Spart
Last edit: sparticle 2020-01-19
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Lets start again. How can I furnish the webmin server with a letsencrypt ssl cert I can then use this with postfix, dovecot etc. This is the actual webmin server host.mydomain.co.uk which resolves correctly to the webmin server IP address.
All google foo searched state to simply go to webmin configuration page clickon letsencrypt and put /var/www/html as the Other Directory. Then request certicate and viola....except that does not work and I get teh errors listed above.
This would seem a very basic requirement and one I would expect should work OOTB.
Cheers
Spart
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There are no errors in the apache logs it shows nothing from running the letsencrypt script.
Traceback (most recent call last):
File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /var/www/html//.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg, but couldn't download http://host.myserver.co.uk/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg: Error:
Url: http://host.myserver.co.uk/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg
Data: None
Response Code: 404
Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"></module>
<title>404 Not Found</title>
Not Found
The requested URL was not found on this server.
After running the above nothing shows up in the apache error log.
This is a clean fresh Ubuntu 18.04.3 server with a clean virtualmin install. It currently has no virtual servers configured.
This is about installing a letsencrypt cert into the webmin/virtualmin server.
Surely on a clean install this is a basic function.
Do I need to create a new virtual server that matches the webmin server hostname e.g. host.myserver.co.uk that would seem crazy.
Maybe the webmin team could respond and enlighten us!
Cheers
Spart
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
does your apache webserver have host.myserver.co.uk as a server alias (otherwise apache will not respond)?
if yes
then you should see browser requests to the website.
Don't focus on letsebcrypt request but manual browser requests... hence adding a file into the web site home directory and browsing to it. test the webserver before trying ssl cert setups...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You must make sure that you yourself can access http://host.myserver.co.uk/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg: link from outside world. Go to ~/public_html/.well-known/acme-challenge/ and check, if this directory exists. Try puttin a text file in there and see if you can access it from URL bar of your browser.
Make sure that your server is not blocking Let's Encrypt server.
I would recommend installing certbot with apt-get install certbot command and use latest Webmin 1.941.
This would seem a very basic requirement and one I would expect should work OOTB.
How did you install Virtualmin on your server? Let's Encrypt with latest Webmin 1.941 indeed just works fine - in case you configured your DNS correctly.
Last edit: Ilia 2020-01-19
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I created a new virtualserver by hacking the apache config files and pointed it to the server admin user home directory. Copied the /var/ww/html contents into /home/user/html/
Pointed the apache virtual server to that directory and then used that as the Other Directory in the webmin config > SSL Config > Letsencrypt form.
It ran fine and copied the certs to the etc/webmin directory and installed them Webmin now show s that it has a valid SSL cert from letsencrypt.
Now when I connect to webmin and login I have avalid SSL encrypted site being served.
This should be a lot easier as I would imagine everyone using webmin/virtualmin will require this.
Cheers
Spart
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi I am struggling with an issue trying to install a letsencrypt ssl cert to my webmin server.
I am using /var/www/html as the Other Directory variable as I have on other webmin servers that work perfectly.
This is what I get:
<title>404 Not Found</title>Traceback (most recent call last):
File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /var/www/html/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg, but couldn't download http://myserver.co.uk/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg: Error:
Url: http://myserver.co.uk/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg
Data: None
Response Code: 404
Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"></module>
Not Found
The requested URL was not found on this server.
myserver.co.uk resolves perfectly and is the FQDN of the webmin server.
Can someone let me know what directory to use for the form to install a letencypt ssl cert for the webmin server.
I am sure its to do with the webiste document root but things look the same between tehone that works and hte one that does not.
System is Ubuntu 18.04.3
Any help appreciated
Spart
Hi
some tests ...
using file manager is the letsencrypt directory .wellknown there ?
inside that directory is the letsencrypt token there ?
if yes then...
can you browse to the token using the url ?
if not then ...
check file permissions on the letsencrypt directory and token to be readable by apache
if ok then ..
is there a .htaccess item in the website directory (such as set by anti hacker or wordpress type apps) which only allows browsing of specfic file types and/or specific directories. ?
Last edit: rj elleray 2020-01-19
This is a clean new Ubuntu 18.04.3 webmin server.
There is nothing in /ver/www/html
Which directory are you talking about. Can you provide a path to check?
This is not for a virtualmin virtual server this is for the actual webmin host server. So which directory should the form be pointing to?
Cheers
Spart
Last edit: sparticle 2020-01-19
for the web based letsencrpt module to work the server MUST be operating a webserver for the each host FQDN in question.
It puts its token in the apache website root directory (defaults to /var/www/html) to check from letsencrpt server that the cert's server is owned/accessible by the webmin server. Other ownership options are available (DNS etc) as per letsencrpt wiki.
OK but this is a new server. The DNS resoves for the webmin host. /var/www/html are there the whole www tree is owned by root. It is curently an empy virtualmin server.
I need to install an SSL cert for the webmin/virtualmin server host. myserver.co.uk which resolves fine and points to the server. If I try to go to myserver.co.uk using a browser there is nothing displayed. I would expect to get the Apache default page. I can see it is in the /var/ww/html/ tree but is not served.
So how do I solve this?
The default confs in apache point to /var/ww/html
Cheers
Spart
Last edit: sparticle 2020-01-19
looks like apache is not running (properly) for your fqdn
does the apache config include host.myserver.co.uk (server alias),
or is simply not running.
put a test.htm item in the website root and browse to that..
I suspect that the web root should at least include apache as an owner/group entry with appropriate permissions....
Check the apache logs and error logs (you should see your requests for pages)
Lets start again. How can I furnish the webmin server with a letsencrypt ssl cert I can then use this with postfix, dovecot etc. This is the actual webmin server host.mydomain.co.uk which resolves correctly to the webmin server IP address.
All google foo searched state to simply go to webmin configuration page clickon letsencrypt and put /var/www/html as the Other Directory. Then request certicate and viola....except that does not work and I get teh errors listed above.
This would seem a very basic requirement and one I would expect should work OOTB.
Cheers
Spart
well google may not be helpful as they make no mention of apache running etc..
check my prior message checks.
There are no errors in the apache logs it shows nothing from running the letsencrypt script.
Traceback (most recent call last):
<title>404 Not Found</title>File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /var/www/html//.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg, but couldn't download http://host.myserver.co.uk/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg: Error:
Url: http://host.myserver.co.uk/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg
Data: None
Response Code: 404
Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"></module>
Not Found
The requested URL was not found on this server.
After running the above nothing shows up in the apache error log.
This is a clean fresh Ubuntu 18.04.3 server with a clean virtualmin install. It currently has no virtual servers configured.
This is about installing a letsencrypt cert into the webmin/virtualmin server.
Surely on a clean install this is a basic function.
Do I need to create a new virtual server that matches the webmin server hostname e.g. host.myserver.co.uk that would seem crazy.
Maybe the webmin team could respond and enlighten us!
Cheers
Spart
May I repeat suggestions..
does your apache webserver have host.myserver.co.uk as a server alias (otherwise apache will not respond)?
if yes
then you should see browser requests to the website.
Don't focus on letsebcrypt request but manual browser requests... hence adding a file into the web site home directory and browsing to it. test the webserver before trying ssl cert setups...
Well it has the defaults enabled 000-default and default-ssl sites on 80 and 443 but nothing is served. Both have /var/www/html as the document root.
The default index.html file is in the route. It seems that this webroot is owned by root.
should this be owned by the server user or www-data ?
Cheers
Spart
Hi,
You must make sure that you yourself can access
http://host.myserver.co.uk/.well-known/acme-challenge/rTuf5-OdQ7RyXUOVUxzb51FD1fjWu0wt_3GNwXqFjxg:link from outside world. Go to~/public_html/.well-known/acme-challenge/and check, if this directory exists. Try puttin a text file in there and see if you can access it from URL bar of your browser.Make sure that your server is not blocking Let's Encrypt server.
I would recommend installing
certbotwithapt-get install certbotcommand and use latest Webmin 1.941.How did you install Virtualmin on your server? Let's Encrypt with latest Webmin 1.941 indeed just works fine - in case you configured your DNS correctly.
Last edit: Ilia 2020-01-19
I installed a new 18.04.3 Ubuntu server with ssh server only. Then used the virtualmin insatller script.
Then updated ssystem to latest everything. Then started trying to install this cert for the Webmin/virtualmin server.
Essentially a default config at this stage.
Cheers
Spart
SOLVED THIS SORT OF
I created a new virtualserver by hacking the apache config files and pointed it to the server admin user home directory. Copied the /var/ww/html contents into /home/user/html/
Pointed the apache virtual server to that directory and then used that as the Other Directory in the webmin config > SSL Config > Letsencrypt form.
It ran fine and copied the certs to the etc/webmin directory and installed them Webmin now show s that it has a valid SSL cert from letsencrypt.
Now when I connect to webmin and login I have avalid SSL encrypted site being served.
This should be a lot easier as I would imagine everyone using webmin/virtualmin will require this.
Cheers
Spart
That's good BUT all you needed to do was use the /home/user/html/ as the Letsencrypt cert setup directory ... it should have worked straight away.
*
Perhaps we could ask Ilia if webin ssl setup could check readability of the website cert directory and warn before running certbot ...*
Last edit: rj elleray 2020-01-19