Let's Encrypt error at domain creation time

Hello,

I allways got an error when I turned on "Request Let's Encrypt certificate at domain creation time?". When I'm creating a new sub-server Virtualmin tries to request a new certificate but always fail with this error :

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying mydomain.com...
Wrote file to /home/mydomain/domains/mydomain.com/public_html/.well-known/acme-challenge/BRomY0cjbZrwWkISZZI8E-I1QKsLA3bupCQXQ4TWGUE, but couldn't download http://mydomain.com/.well-known/acme-challenge/BRomY0cjbZrwWkISZZI8E-I1QKsLA3bupCQXQ4TWGUE
Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 235, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 231, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 184, in get_crt
    domain, challenge_status))
ValueError: mydomain.com challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'xxx.xxx.xxx.xxx'], u'url': u'https://mydomain.com/acme-challenge/BRomY0cjbZrwWkISZZI8E-I1QKsLA3bupCQXQ4TWGUE', u'hostname': u'mydomain.com', u'addressesTried': [], u'addressUsed': u'xxx.xxx.xxx.xxx', u'port': u'443'}, {u'addressesResolved': [u'xxx.xxx.xxx.xxx'], u'url': u'http://mydomain.com/.well-known/acme-challenge/BRomY0cjbZrwWkISZZI8E-I1QKsLA3bupCQXQ4TWGUE', u'hostname': u'mydomain.com', u'addressesTried': [], u'addressUsed': u'xxx.xxx.xxx.xxx', u'port': u'80'}], u'keyAuthorization': u'BRomY0cjbZrwWkISZZI8E-I1QKsLA3bupCQXQ4TWGUE.xD2B0_mCB1L4U8_6xQs5MkN5pdL5sfwJ4_5MAq1vmlk', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/3boZ4kDoE5-SMpLi9fhJAr_bFQ1zhldlIcmhbUDpPqg/1818256749', u'token': u'BRomY0cjbZrwWkISZZI8E-I1QKsLA3bupCQXQ4TWGUE', u'error': {u'status': 403, u'type': u'urn:acme:error:unauthorized', u'detail': u'Invalid response from http://mydomain.com/.well-known/acme-challenge/BRomY0cjbZrwWkISZZI8E-I1QKsLA3bupCQXQ4TWGUE: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"'}, u'type': u'http-01'}

I know how to resolv it, I have to comment one line in my vhost : (This line redirect "http://mydomain.com/.well-known/acme-challenge/..." to "https://mydomain.com/acme-challenge/..." and then never find the "code" Let's Encrypt is searching for)

#RedirectMatch /(?!.well-known)(.*)$ https://mydomain.com/$1

Then request the certificate again and remove the comment "#" in the vhost and all is fine.

I guess this is a bug...

Hope this will help me or anybody else :)

Thanks

Status: 
Closed (fixed)

Comments

Thanks, this is a bug .. the redirect really should be for ^/(?!.well-known)(.*)$

I will fix this in the next release.

For those who wants to correct this before the fix (On Ubuntu 16.04)

> /usr/share/webmin/virtual-server/feature-ssl.pl > line 217

Change

my $redir = { 'path' => '/(?!.well-known)',

by

my $redir = { 'path' => '^/(?!.well-known)',

You can also edit this in /etc/httpd/conf/httpd.conf

We're rebuilding our servers and I would like to add that to the CentOS7 Virtualmin setup. Where would I put the ^/(?!.well-known)(.*)$ change, or should I just get the cert after creation?

If it's not in /usr/share/webmin/virtual-server/feature-ssl.pl I would try to locate the file "feature-ssl.pl" with the folowing command :

# locate feature-ssl.pl

Then it should be in the same line I guess (217)

It's now fixed with the v6.01.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.