Let's Encrypt problem

20 posts / 0 new
Last post
#1 Wed, 08/03/2016 - 01:20
dakser

Let's Encrypt problem

Hi, I'm trying to install a Let's Encrypt certificate for the admin panel of Virtualmin, but in "Let's Encrypt Certificate Request" in Webmin Configuration I'm receiving an error:

"Requesting a new certificate for server26.ultranetxxi.net, using the website directory /home/ultranetxxi.net/public_html ..

.. request failed : Failed to request certificate :

Parsing account key... Parsing CSR... Registering account... Traceback (most recent call last): File "/usr/share/webmin/webmin/acme_tiny.py", line 203, in main(sys.argv[1:]) File "/usr/share/webmin/webmin/acme_tiny.py", line 199, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca) File "/usr/share/webmin/webmin/acme_tiny.py", line 97, in get_crt raise ValueError("Error registering: {0} {1}".format(code, result)) ValueError: Error registering: 400 { "type": "urn:acme:error:malformed", "detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]", "status": 400 }"

Any help is appreciated.

Wed, 08/03/2016 - 13:34
h4ns3n

I'm experiencing the same issue, with exactly the same error message. This seems to be a general webmin / letsencrypt problem.

Signature: Implement powerful CRM solutions using: Agile CRM: Advanced Marketing Automation (Note: This is an affiliate link)

Wed, 08/03/2016 - 18:57
andreychek

Howdy,

Yeah that is indeed a bug (due to the Let's Encrypt ToS changing)... there's a report for that here (including a temporary workaround):

https://www.virtualmin.com/node/41565

Mon, 08/08/2016 - 08:19
Thu, 08/11/2016 - 02:29
shiraz

@all: issue seems to be fixed in update 1.810

Wed, 08/24/2016 - 02:11
dakser

Hi Shiraz, that's right, it's working now. Thanks.

Thu, 09/15/2016 - 04:00
Tristan222

informative information thanks for sharing... Buy Viagra Online http://www.genericviagraus.net

Thu, 11/16/2017 - 13:30
icloudiap

Provided agreement URL error fix
Go to webmin -> Others -> File Manger
edit File -> /usr/share/webmin/webmin/acme_tiny.py
line 99 replace -> "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
with -> "agreement": json.loads(urlopen(CA + "/directory").read().decode('utf8'))['meta']['terms-of-service'],
hope this helpful

Work hard in silence let success be your noise

Fri, 11/17/2017 - 14:32
jaldeguer

I replaced the contents of acme_tiny.py from this https://github.com/diafygi/acme-tiny/blob/master/acme_tiny.py to make it work.

Fri, 11/17/2017 - 16:39
NigelAves

@jaldeguer .... I've just tried your bug fix and still ran into a problem, but not the original reported issue. It seems that it is expecting a "subscriber agreement ".

Nigel.

Parsing account key... Parsing CSR... Registering account... Already registered! Verifying podcasts.soft-focus-imagining.com... Traceback (most recent call last): File "/usr/libexec/webmin/webmin/acme_tiny.py", line 196, in main(sys.argv[1:]) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 192, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 104, in get_crt raise ValueError("Error requesting challenges: {0} {1}".format(code, result)) ValueError: Error requesting challenges: 403 { "type": "urn:acme:error:unauthorized", "detail": "Must agree to subscriber agreement before any further actions", "status": 403 }

DNS-based validation failed : Failed to request certificate :

usage: acme_tiny.py [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir ACME_DIR [--quiet] [--ca CA] acme_tiny.py: error: argument --acme-dir is required

Fri, 11/17/2017 - 20:50 (Reply to #10)
jaldeguer

@NigelAves Did you replace the entire contents of acme_tiny.py with this ? https://github.com/diafygi/acme-tiny/blob/master/acme_tiny.py

Fri, 11/17/2017 - 21:00
NigelAves

@jaldeguer - Yes I did, but I did run this before when it was broken, could it have left "files" behind that are now interfering?

Fri, 11/17/2017 - 21:16
NigelAves

@jaldeguer : I don't know if this will help or not, but here is the email that webmin sent me. This was from a few minutes ago. 8:14 PM 17th Nov.

reason: acme_tiny.py:106:get_crt:ValueError: Error registering: 400 { cmdline: /bin/python2.7 /usr/libexec/webmin/webmin/acme_tiny.py --account-key /etc/webmin/webmin/letsencrypt.pem --csr /tmp/.webmin/16184_25847_3_letsencrypt.cgi --acme-dir /home/podcasts/public_html/.well-known/acme-challenge executable: /usr/libexec/webmin/webmin/acme_tiny.py package: webmin-1.860-1 component: webmin pid: 25871 hostname: apache-web-server.twin-peaks-video.com count: 6 abrt_version: 2.1.11 analyzer: Python architecture: x86_64 duphash: eea2832f10a33b034751c429cc2e91f691fad601 event_log:
kernel: 3.10.0-693.5.2.el7.x86_64 last_occurrence: 1510974754 os_release: CentOS Linux release 7.4.1708 (Core) pkg_arch: noarch pkg_epoch: 0 pkg_fingerprint: D97A 3AE9 11F6 3C51 pkg_name: webmin pkg_release: 1 pkg_vendor: Jamie Cameron pkg_version: 1.860 runlevel: N 5 time: Wed 15 Nov 2017 05:50:51 AM MST type: Python uid: 0 ureports_counter: 6 username: root uuid: eea2832f10a33b034751c429cc2e91f691fad601

reported_to:
:uReport: BTHASH=6954f9fc26a96990d1c2f472c15746f92e5615b0
:ABRT Server: URL=https://retrace.fedoraproject.org/faf/reports/bthash/6954f9fc26a96990d1c...
backtrace:
:acme_tiny.py:106:get_crt:ValueError: Error registering: 400 {
"type": "urn:acme:error:malformed",
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
"status": 400 :} : :Traceback (most recent call last):
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 235, in
main(sys.argv[1:])
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 106, in get_crt
raise ValueError("Error registering: {0} {1}".format(code, result)) :ValueError: Error registering: 400 {
"type": "urn:acme:error:malformed",
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
"status": 400 :} : :Local variables in innermost frame: :code: 400 :san: u'DNS:www.podcasts.soft-focus-imagining.com' :account_key: '/etc/webmin/webmin/letsencrypt.pem' :pub_hex: u'c7:b6:eb:61:30:d5:fc:d9:e1:f5:a8:16:96:c7:\n 2d:f2:65:ac:44:c8:4d:c6:87:97:83:c1:bd:87:a4:\n 16:f2:54:87:d0:18:cd:52:0d:0f:d6:fd:d6:97:54:\n 33:a4:36:33:c9:db:f5:45:47:9c:bc:cc:11:c8:93:\n 30:bf:da:c3:28:4c:34:bf:6b:40:ac:c0:a6:88:86:\n 18:93:4c:bb:fe:63:9d:a8:6f:80:d2:fd:e1:b6:90:\n 95:d6:b1:eb:e4:61:e4:12:a0:1e:e6:2d:78:2b:d6:\n c6:dc:c5:4a:fe:f6:db:75:61:09:0e:04:67:14:03:\n 02:77:09:a3:9c:84:d9:fa:c4:87:d9:a4:ea:84:b3:\n 11:52:95:8e:ec:7d:74:54:4e:5c:27:c3:f1:e0:67:\n 0c:41:dd:1a:ea:0f:9b:61:f6:82:6f:e6:1c:35:b4:\n 06:dc:25:63:2e:a3:11:64:55:12:b4:0d:7c:b6:3e:\n 7f:18:28:a1:50:b7:9e:ea:70:63:01:ab:59:33:12:\n fa:81:95:c6:9c:e7:0c:62:52:85:1e:db:75:43:1a:\n be:71:26:ac:45:b7:25:bc:a4:65:8e:5e:70:0c:24:\n df:d4:a8:76:94:04:87:0b:91:3e:6b:33:18:9b:90:\n 2f:7e:14:bd:a7:50:62:56:2c:a7:f1:c7:c8:f5:87:\n 06:05:62:c0:d4:f6:3b:12:06:83:8b:cf:5e:a4:2f:\n 07:19:d3:4e:ea:49:06:48:6a:61:19:de:32:1a:00:\n c2:52:5c:63:26:24:55:f0:d0:dd:94:2a:2f:cd:5f:\n fa:9b:79:04:76:69:e9:e2:42:5b:02:6f:bf:6f:0a:\n ba:53:dd:d4:05:90:d1:ff:d0:1e:5e:b3:36:e8:04:\n ed:10:cc:28:b2:76:2d:dc:65:e2:14:c0:db:aa:c0:\n 29:bf:72:84:f4:1d:4e:1a:e7:7b:eb:00:9e:10:22:\n d4:5e:8b:8a:98:f4:62:3b:ae:43:71:a4:cb:9c:0f:\n d8:8e:a2:ca:bd:e0:2b:85:49:60:3b:b3:88:eb:93:\n 81:52:82:c9:66:43:fd:01:9d:6e:48:5e:58:0c:b6:\n 60:c7:bd:26:f9:53:6e:ff:ec:df:b1:75:36:ce:79:\n 20:b4:a0:07:61:f6:d8:04:63:01:01:b9:36:5c:b4:\n 40:8d:3b:fe:b8:f2:30:84:f1:31:13:d6:a4:4d:f2:\n cc:0e:2b:68:d8:aa:7d:f8:3b:68:16:6e:80:15:d3:\n 80:fe:02:c9:aa:3f:da:34:82:1a:d3:9b:b8:b8:62:\n 63:26:8f:9f:68:ce:83:87:4a:67:cf:0e:21:a5:e0:\n 23:4d:57:0e:6e:40:5f:cc:f5:e9:e0:df:3d:6e:f5:\n 8d:11:d9' :header: {'alg': 'RS256', 'jwk': {'e': u'AQAB', 'kty': 'RSA', 'n': u'x7brYTDV_Nnh9agWlsct8mWsRMhNxoeXg8G9h6QW8lSH0BjNUg0P1v3Wl1QzpDYzydv1RUecvMwRyJMwv9rDKEw0v2tArMCmiIYYk0y7_mOdqG-A0v3htpCV1rHr5GHkEqAe5i14K9bG3MVK_vbbdWEJDgRnFAMCdwmjnITZ-sSH2aTqhLMRUpWO7H10VE5cJ8Px4GcMQd0a6g-bYfaCb-YcNbQG3CVjLqMRZFUStA18tj5_GCihULee6nBjAatZMxL6gZXGnOcMYlKFHtt1Qxq-cSasRbclvKRljl5wDCTf1Kh2lASHC5E-azMYm5AvfhS9p1BiViyn8cfI9YcGBWLA1PY7EgaDi89epC8HGdNO6kkGSGphGd4yGgDCUlxjJiRV8NDdlCovzV_6m3kEdmnp4kJbAm-bwq6U93UBZDR_9AeXrM26ATtEMwosnYt3GXiFMDbqsApv3KE9B1OGud76wCeECLUXouKmPRiO65DcaTLnA_YjqLKveArhUlgO7OI65OBUoLJZkP9AZ1uSF5YDLZgx70m-VNu-zfsXU2znkgtKAHYfbYBGMBAbk2XLRAjTv-uPIwhPExE9akTfLMDito2Kp9-DtoFm6AFdOA_gLJqj_aNIIa05u4uGJjJo-faM6Dh0pnzw4hpeAjTVcObkBfzPXp4N89bvWNEdk'}} :result: '{\n "type": "urn:acme:error:malformed",\n "detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",\n "status": 400\n}' :common_name: <sre.SRE_Match object at 0x293f8a0> :dns_hook: None :out: 'Certificate Request:\n Data:\n Version: 0 (0x0)\n Subject: CN=podcasts.soft-focus-imagining.com\n Subject Public Key Info:\n Public Key Algorithm: rsaEncryption\n Public-Key: (2048 bit)\n Modulus:\n 00:b3:26:45:c5:80:76:02:9e:95:a7:ff:30:37:c7:\n cd:71:3b:cf:ca:26:91:ab:b7:9f:f6:90:2b:3c:76:\n eb:6a:a3:b6:b5:6b:3f:d6:f2:ab:87:db:2c:9c:fb:\n d2:f0:66:e3:9d:eb:fb:e6:40:03:f0:9c:33:99:80:\n 04:32:30:23:20:9d:14:93:e0:3e:2d:e3:2d:6a:ef:\n 53:d6:8b:3f:0f:7f:4b:ab:8b:47:00:ca:c3:c1:b4:\n df:37:60:86:3e:55:99:d9:a2:bc:39:56:da:74:16:\n 9b:34:2a:64:d5:bc:98:d3:fd:72:8f:5a:63:db:bb:\n 64:ef:1e:c5:43:69:3b:c1:4c:99:24:cd:b6:cb:33:\n 85:83:af:f1:9f:60:c9:15:74:40:45:1e:ad:74:44:\n 57:a5:c1:a4:00:35:a1:65:f4:ae:c1:f5:c6:2b:25:\n 2c:fb:b8:45:35:15:d8:fb:de:71:8c:89:f3:07:f4:\n 41:32:35:38:55:d0:46:ff:de:04:c2:f6:26:cc:5d:\n 41:2e:43:93:87:35:11:d5:d2:78:2a:73:6f:f1:4a:\n 47:12:89:a3:ed:6c:4c:e0:73:cb:74:41:c7:00:20:\n 24:91:89:0e:27:d7:62:16:bd:ec:04:0a:f1:2a:1c:\n 9f:ff:0d:ae:46:95:0b:3c:54:21:7f:63:b1:27:18:\n 99:e9\n Exponent: 65537 (0x10001)\n Attributes:\n Requested Extensions:\n X509v3 Subject Alternative Name: \n DNS:www.podcasts.soft-focus-imagining.com\n X509v3 Basic Constraints: \n CA:FALSE\n X509v3 Key Usage: \n Digital Signature, Non Repudiation, Key Encipherment\n Signature Algorithm: sha256WithRSAEncryption\n 0f:2d:32:d8:ca:1d:fc:35:40:87:5b:71:fa:d1:21:4e:83:ef:\n d8:0a:5a:3c:a1:fd:29:41:3f:49:cd:72:b2:8b:b1:c6:13:4c:\n 66:1c:cb:c1:f2:53:35:5a:04:3d:07:90:5b:9d:50:a5:34:df:\n 58:ed:d7:78:a4:ad:db:e5:c9:a3:54:3b:3e:02:52:0a:d1:4f:\n 80:e5:ae:43:a2:6e:56:1a:f6:5e:d6:e1:a1:e8:ec:cc:eb:20:\n 26:41:28:d7:1e:1e:3e:c2:92:bd:94:87:14:b0:ea:49:06:6a:\n e1:03:ec:70:5d:2d:da:91:3d:5a:d4:2a:96:fa:23:81:01:4e:\n 0b:43:03:ce:7b:c0:dc:a6:cb:7d:ed:43:4d:86:6a:3f:7f:71:\n 5c:97:3e:54:af:2c:af:07:bf:d6:49:e6:f1:87:b9:44:b3:fe:\n 7c:b0:af:46:76:27:a2:ae:b3:9c:35:fc:3e:0b:7d:67:1c:f4:\n 35:cc:60:de:a5:b9:4a:57:af:6f:f5:cd:d8:59:1f:65:4a:6b:\n a9:6a:d8:8f:7b:78:dd:8c:eb:28:50:22:6c:07:0f:ca:e2:ae:\n 62:99:4a:d8:d0:6e:2b:cd:ef:52:fc:ce:c4:5f:84:51:e1:e0:\n 89:e4:49:c8:c0:dc:49:a0:43:ae:d0:ef:98:e1:58:a2:7c:7b:\n 97:cc:4c:a1\n' :log: <logging.Logger object at 0x27e9f50> :acme_dir: '/home/podcasts/public_html/.well-known/acme-challenge' :proc: <subprocess.Popen object at 0x293c910> :csr: '/tmp/.webmin/16184_25847_3_letsencrypt.cgi' :cleanup_hook: None :CA: 'https://acme-v01.api.letsencrypt.org' :thumbprint: u'9qrs9sc0v1a_9zu35zBfWLp4HC0ZzR2EhR9C-L6rj9o' :subject_alt_names: <_sre.SRE_Match object at 0x293f828> :err: '' :_b64: :pub_exp: '010001' :alt_names: None :domains: set([u'www.podcasts.soft-focus-imagining.com', u'podcasts.soft-focus-imagining.com']) :_send_signed_request: :accountkey_json: '{"e":"AQAB","kty":"RSA","n":"x7brYTDV_Nnh9agWlsct8mWsRMhNxoeXg8G9h6QW8lSH0BjNUg0P1v3Wl1QzpDYzydv1RUecvMwRyJMwv9rDKEw0v2tArMCmiIYYk0y7_mOdqG-A0v3htpCV1rHr5GHkEqAe5i14K9bG3MVK_vbbdWEJDgRnFAMCdwmjnITZ-sSH2aTqhLMRUpWO7H10VE5cJ8Px4GcMQd0a6g-bYfaCb-YcNbQG3CVjLqMRZFUStA18tj5_GCihULee6nBjAatZMxL6gZXGnOcMYlKFHtt1Qxq-cSasRbclvKRljl5wDCTf1Kh2lASHC5E-azMYm5AvfhS9p1BiViyn8cfI9YcGBWLA1PY7EgaDi89epC8HGdNO6kkGSGphGd4yGgDCUlxjJiRV8NDdlCovzV_6m3kEdmnp4kJbAm-_bwq6U93UBZDR_9AeXrM26ATtEMwosnYt3GXiFMDbqsApv3KE9B1OGud76wCeECLUXouKmPRiO65DcaTLnA_YjqLKveArhUlgO7OI65OBUoLJZkP9AZ1uSF5YDLZgx70m-VNu-zfsXU2znkgtKAHYfbYBGMBAbk2XLRAjTv-uPIwhPExE9akTfLMDito2Kp9-DtoFm6AFdOA_gLJqj_aNIIa05u4uGJjJo-faM6Dh0pnzw4hpeAjTVcObkBfzPXp4N89bvWNEdk"}' environ: :DOCUMENT_REALROOT=/usr/libexec/webmin :HTTP_REFERER=https://twin-peaks-video.com:10000/virtual-server/cert_form.cgi?dom=1422... :SERVER_PROTOCOL=HTTP/1.0 :SERVER_SOFTWARE=MiniServ/1.860 :SCRIPT_NAME=/virtual-server/letsencrypt.cgi :REQUEST_METHOD=GET :PATH_INFO= :HOME=/root :QUERY_STRING=dom=142221603313276&dname_def=1&renew_def=0&renew=2 :PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin :LD_LIBRARY_PATH= :SERVER_REALROOT=/usr/libexec/webmin :BASE_REMOTE_USER= :REMOTE_USER=root :HTTP_CONNECTION=keep-alive :HTTP_COOKIE=redirect=0; testing=1; file-manager-response=; file-manager-response_count= :SERVER_NAME=twin-peaks-video.com :REMOTE_ADDR=192.168.1.50 :SHLVL=1 :SERVER_ROOT=/usr/libexec/webmin :SERVER_PORT=10000 :WEBMIN_VAR=/var/webmin :DOCUMENT_ROOT=/usr/libexec/webmin :SCRIPT_FILENAME=/usr/libexec/webmin/virtual-server/letsencrypt.cgi :SERVER_ADMIN= :PERLLIB=/usr/libexec/webmin :HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 :HTTP_HOST=twin-peaks-video.com:10000 :HTTPS=ON :HTTP_UPGRADE_INSECURE_REQUESTS=1 :_=/bin/python2.7 :REQUEST_URI=/virtual-server/letsencrypt.cgi?dom=142221603313276&dname_def=1&renew_def=0&renew=2 :HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 :GATEWAY_INTERFACE=CGI/1.1 :WEBMIN_CONFIG=/etc/webmin :HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5 :HTTP_ACCEPT_ENCODING=gzip, deflate, br :PWD=/usr/libexec/webmin/virtual-server/ :MINISERV_CONFIG=/etc/webmin/miniserv.conf :REMOTE_ADDR_PROTOCOL=4 :REMOTE_HOST=192.168.1.50 :MINISERV_PID=1760 machineid: :systemd=c3a31d8a5e454450b99eb43ff0bd5dd3 :sosreport_uploader-dmidecode=46255f390645b38f4d3e92af33dcf17afa83c0952af33eb97e0dd7bec5b1bdf9 os_info: :NAME="CentOS Linux" :VERSION="7 (Core)" :ID="centos" :ID_LIKE="rhel fedora" :VERSION_ID="7" :PRETTY_NAME="CentOS Linux 7 (Core)" :ANSI_COLOR="0;31" :CPE_NAME="cpe:/o:centos:centos:7" :HOME_URL="https://www.centos.org/" :BUG_REPORT_URL="https://bugs.centos.org/" : :CENTOS_MANTISBT_PROJECT="CentOS-7" :CENTOS_MANTISBT_PROJECT_VERSION="7" :REDHAT_SUPPORT_PRODUCT="centos" :REDHAT_SUPPORT_PRODUCT_VERSION="7" :
Mon, 11/20/2017 - 14:00
NigelAves

Any one have any ideas as to why I'm still running into an issue?

I'd really like to get this working across my web sites :)

Mon, 11/20/2017 - 21:07
NigelAves

It took some finding but I know have everything working all OK. It was a created file (from my first attempt) that caused the second issue.

etc/webmin/webmin/letsencrypt.pem

This now lead me to Lets Encrypt having issues writing the confirmation file in .well-known

This was being blocked by mod-security - once mod-security was "off" every site worked with no hiccups.

But hopefully someone can answer this. Will mod_security stop the "Update renewal" from working?

Many Thanks - Nigel

Sun, 11/26/2017 - 21:40
liveandlearn3210

Hello Guys,

I ran into the same problem and here is my solution: 1) Go to Webmin ->Others->File Manager and browse to /usr/libexec/webmin/webmin/ 2) Edit the acme_tiny.py file 3) Go to line: 99 and replace the current "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" with "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" and save the file. 4) Go to Virtualmin ->Server Configuration->Manage SSL Certificate and select Let's Encrypt tab and click on Request Certificate. 5) The above steps worked for me. I think the acme_tiny.py needed to be updated with the new "LET’S ENCRYPT SUBSCRIBER AGREEMENT". Good luck and let me know if it worked for you.

Fri, 12/08/2017 - 17:24 (Reply to #17)
4StrokeNET

You've saved my evening. Thank you very much! :)

Mon, 11/27/2017 - 15:43
benjamin_dk

Yup, that helped me out too, liveandlearn! Thanks for the tip :)

Fri, 12/15/2017 - 15:38
pragma

SOLUTION:

Issuing new Let's Encrypt certificates (or renewing ones past the reauthorization window) fails when running OpenSSL 1.1.0. you can get the error:

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Signing certificate...
Traceback (most recent call last):
  File "acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "acme_tiny.py", line 161, in get_crt
    raise ValueError("Error signing certificate: {0} {1}".format(code, result))
ValueError: Error signing certificate: 403 {
  "type": "urn:acme:error:unauthorized",
  "detail": "Error creating new cert :: Authorizations for these names not found or expired: temboz.com",
  "status": 403
}


The problem is in line 72 where extracts the CN from the certificate using the regex:

  # nano /usr/share/webmin/webmin/acme_tiny.py and search "common_name" line
    common_name = re.search(r"Subject:.*? CN=([^\s,;/]+)", out.decode('utf8'))


Unfortunately OpenSSL changed the format of openssl req -text -noout in 1.1.0 to add extraneous spaces around the = in CN=:

The fix is to change line 72 to:

  # nano /usr/share/webmin/webmin/acme_tiny.py and search "common_name" line
    common_name = re.search(r"Subject:.*? CN ?= ?([^\s,;/]+)", out.decode('utf8'))

Note: Please make sure to keep line intend before common_name when you copy and past above fix.

Tue, 03/13/2018 - 04:31
mattjones

This also applies to Virtualmin in /usr/share/webmin/virtual-server/feature-ssl.pl line 1345

if ($ex) {
        return "<tt>".&html_escape($out)."</tt>";
        }
elsif ($out !~ /subject\s*=\s*.*(CN|O)=/) {
        return $text{'cert_esubject'};
        }
else {
        return undef;
        }
}
Topic locked