Re: [webmin-l] Let's Encrypt Failure

[Dave O. <da...@sy...>]

See if you have lots and lots of entries in the ".well-known/acme-challenge"
folder.  I had one of these, probably 200 entries in there, killed the
entire tree (.well-known/ and below) and it fixed it.



> -----Original Message-----
> From: Jamie Cameron [mailto:jca...@we...]
> Sent: Sunday, December 03, 2017 5:36 PM
> To: Webmin users list
> Subject: Re: [webmin-l] Let's Encrypt Failure
> 
> Someone else reported this error as well, however I've been unable to
> re-produce it or determine why it could happen! I do have some theories
> and have made changes to be included in Webmin 1.870 that should
> address is though.
> 
> On 02/Dec/2017 15:13 Kimberly <kim...@gm...> wrote ..
> > Any ideas on why the Let's Encrypt certificate request is failing?
> >
> >
> > Ubuntu 16.04.3 (Xenial)
> > Virtualmin 6.01-3/Webmin 1.860
> > Kernel 4.4.0-101
> > Nginx 1.12.2
> > MariaDB 10.1.29
> >
> > Requesting a certificate forREDACTED  from Let's Encrypt ..
> >   .. request failed : Web-based validation failed : Failed to request
> > certificate :Parsing account key...
> > Parsing CSR...
> > Registering account...
> > Already registered!
> > Verifying REDACTED...
> > Wrote file to
> > /home/REDACTED/public_html/.well-known/acme-
> challenge/exfJVslKruBuaXrY
> > 1_hQnAayAAWo7vQ8sJf0t1rA71o, but couldn't download
> > http://REDACTED/.well-known/acme-
> challenge/exfJVslKruBuaXrY1_hQnAayAAW
> > o7vQ8sJf0t1rA71o
> > Traceback (most recent call last):
> >    File "/usr/share/webmin/webmin/acme_tiny.py", line 235, in
> <module>
> >      main(sys.argv[1:])
> >    File "/usr/share/webmin/webmin/acme_tiny.py", line 231, in main
> >      signed_crt = get_crt(args.account_key, args.csr, args.acme_dir,
> > args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
> >    File "/usr/share/webmin/webmin/acme_tiny.py", line 184, in get_crt
> >      domain, challenge_status))
> > ValueError: REDACTED challenge did not pass: {u'status': u'invalid',
> u'validationRecord':
> > [{u'addressesResolved': [u'REDACTED'], u'url':
> > u'https://REDACTED/.well-known/acme-
> challenge/exfJVslKruBuaXrY1_hQnAay
> > AAWo7vQ8sJf0t1rA71o',
> > u'hostname': u'REDACTED', u'addressesTried': [], u'addressUsed':
> u'REDACTED', u'port':
> > u'443'}, {u'addressesResolved': [u'REDACTED'], u'url':
> > u'http://REDACTED/.well-known/acme-
> challenge/exfJVslKruBuaXrY1_hQnAayA
> > AWo7vQ8sJf0t1rA71o',
> > u'hostname': u'REDACTED', u'addressesTried': [], u'addressUsed':
> u'REDACTED', u'port':
> > u'80'}], u'keyAuthorization':
> >
> u'exfJVslKruBuaXrY1_hQnAayAAWo7vQ8sJf0t1rA71o.83QlK5VKSOV2NLNaO1RvT7uR
> > -pfnlNKPt-5HZinrs5Y',
> > u'uri':
> > u'https://acme-
> v01.api.letsencrypt.org/acme/challenge/VF3KryHRKL5PpY01
> > 6fxEmLZ5Q1WKwJ6GlJKc92pTXeg/2615538286',
> > u'token': u'exfJVslKruBuaXrY1_hQnAayAAWo7vQ8sJf0t1rA71o', u'error':
> {u'status':
> > 403, u'type': u'urn:acme:error:unauthorized', u'detail': u'Invalid
> > response from http://REDACTED/.well-known/acme-challe
> >  nge/exfJVslKruBuaXrY1_hQnAayAAWo7vQ8sJf0t1rA71o: "<!DOCTYPE
> html>\n<html>\n<head>\n<script>(function
> > () {
> > "'}, u'type': u'http-01'}
> > DNS-based validation failed : Failed to request certificate :Parsing
> account key...
> > Parsing CSR...
> > Registering account...
> > Already registered!
> > Verifying REDACTED...
> > Undefined subroutine &main::get_bind_zone_for_domain called at
> > /usr/share/webmin/webmin/letsencrypt-dns.pl
> > line 21.
> > Traceback (most recent call last):
> >    File "/usr/share/webmin/webmin/acme_tiny.py", line 235, in
> <module>
> >      main(sys.argv[1:])
> >    File "/usr/share/webmin/webmin/acme_tiny.py", line 231, in main
> >      signed_crt = get_crt(args.account_key, args.csr, args.acme_dir,
> > args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
> >    File "/usr/share/webmin/webmin/acme_tiny.py", line 184, in get_crt
> >      domain, challenge_status))
> > ValueError: REDACTED challenge did not pass: {u'status': u'invalid',
> u'keyAuthorization':
> > u'FsOUVt8L4TWb1k3Z7GgXYkGNpRXtbO_NaguSW6l-
> pgI.83QlK5VKSOV2NLNaO1RvT7uR
> > -pfnlNKPt-5HZinrs5Y',
> > u'uri':
> > u'https://acme-
> v01.api.letsencrypt.org/acme/challenge/Kh9XWI2cBDF3bbdg
> > SzkS9aBHS4TP40IgbIEmHfAPRQk/2615538548',
> > u'token': u'FsOUVt8L4TWb1k3Z7GgXYkGNpRXtbO_NaguSW6l-pgI', u'error':
> {u'status':
> > 400, u'type': u'urn:acme:error:connection', u'detail': u'DNS problem:
> > NXDOMAIN looking up TXT for _acme-challenge.REDACTED'}, u'type':
> > u'dns-01'}
> >
> >
> >
> > ---------------------------------------------------------------------
> -
> > -------- Check out the vibrant tech community on one of the world's
> > most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > -
> > Forwarded by the Webmin mailing list at
> > web...@li...
> > To remove yourself from this list, go to
> > http://lists.sourceforge.net/lists/listinfo/webadmin-list
> 
> -----------------------------------------------------------------------
> -------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> -
> Forwarded by the Webmin mailing list at webadmin-
> li...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list