Solved: Single domain can't be HTTP validated with Let's Encrypt (Error 404 Not Found) - All other domains work just fine

7 posts / 0 new
Topic locked
Last post
#1 Tue, 05/01/2018 - 09:08
exetico

Solved: Single domain can't be HTTP validated with Let's Encrypt (Error 404 Not Found) - All other domains work just fine

Issue:
I can't get Let's Encrypt cert for one domain - all other domains works just fine.

if you need any output, please let me know! I was unsure that actually make sense to post, now that validation is working fine with all other domains, except this.

Please note that the domain-name is replaced with "{DOMAINNAME}", and a few other things is removed with {REMOVED}.

Steps in Virtualmin:
{DOMAINNAME} selected > Server Configuration > Manage SSL Certificate I select the "Let's Encrypt"-tab, followed by "Request Certicate".

The "Domains associated with this server"-option is selected, with the following domains listed: {DOMAINNAME}.dk autoconfig.{DOMAINNAME}.dk autodiscover.{DOMAINNAME}.dk

Output information (note that the DIR is removed in the output):

Let's Encrypt is a free, automated, and open certificate authority that can be used to generate an SSL certificate for use by Virtualmin. This page can be used to request a new certificate, which will overwrite any other you currently have configured for this domain. However, the Let's Encrypt service requires that your ownership of the certificate domain be validated by checking that this system hosts the website for the domain. This is done by placing a small temporary file in the website's document directory /home/{REMOVED}/public_html.

Output error (Note that domainname and some of the lettes from the .well-known directory):

{DOMAINNAME}.dk challenge did not pass: Invalid response from http://{DOMAINNAME}.dk/.well-known/acme-challenge/SSX1{REMOVED}-PUbaI9h{REMOVED}YWrA{REMOVED}: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"


System-info:

Operating system Debian Linux 7
Webmin version 1.881
Virtualmin version 6.03
Usermin version 1.741


Things i have tried:

  • Remove the domain from Virtualmin, and add it again. Tried both as alias, and normal domain-name
  • Checked SSL is enabled, but also that **force to SSL**-option isn't.
  • -Tried validate with other domains (Works just fine)
  • Tried validate {DOMAINNAME} with Webmin in Webmin > Webmin Configuration > SSL Encryption > Let's Encrypt (Directory and other settings is checked before i tried - "Staging (test only)" is also tried - Same error here...)
  • Removed the folder on the system, just to make sure that no permissions is messing with me.
  • Created .well-known/acme-challenge folder, and put in a test-file (it works just fine by opening that URL)
  • No .htaccess-file is present in the domain


Other information:

  • The domain is used for my pop3 and other mail-services with SSL-encryption, on the same server, managed by Webmin.
  • The domain is used for Webmin and Usermin-access on {DOMAINNAME}:10000, defined in the Webmin-settings
  • I don't want to take the DNS validation-option in use, at the moment.
  • Files listed in public_html also working just fine


Update : IPv6 wasn't enabled on the virtual server, but i had set IPv6 DNS-support (A-record on Cloudflare), so Let's Encrypt tried to grap the files from the IPv6... Added support in Virtualmin - and everything went just fine. Thanks for the support!

Wed, 05/02/2018 - 21:25
Wagner Cateb

Same problem here. This is the only domain I am using, it is the same where Webmin was installed.

Sat, 05/05/2018 - 12:15
exetico

Hi all,

Any input?

@Wagner Cateb - Did you manage to fix the problem? And if yes: HOW? I'm thinking about trying to remove the domain from Virtualmin, Webmin and Usermin, and adding again in Virtualmin only, but now that the domain is holding all my mail-activities, i really DON'T LIKE to do that :-(

Tue, 05/15/2018 - 02:42
exetico

Hi,

I still can't get it to work. I tried a few extra things, with no luck.

Let me know if you just dropped by, but need more info to help things out :-)

Tue, 05/15/2018 - 05:30
noisemarine

I have no idea if the issue is related to using such an old version of Debian, but it may be. Generally, when things aren't working as expected, it's good practice to use the latest versions of everything. In any case, Debian 7 becomes unsupported in a couple of weeks. If you have a system exposed to the Internet, I'd suggest it's time to upgrade. https://wiki.debian.org/LTS

Tue, 05/15/2018 - 11:32
Wagner Cateb

I solved my problem with a simple configuration change. When I created the virtual domain, Webmin/Virtualmin only enabled IPv4 address, which is why I could access my domain with a regular http. By default, IPv6 is not configured in the virtual domains created with Virtualmin. However, LetsEncrypt demands the IPv6 is configured correctly, so you can either recreate the domain, carefully enabling this option, or seach the virtual domain configuration and enabling it later. Both solutions worked and afterwards LetsEncrypt was installed very easily. Sorry I cannot access the interface now to show you the precise location of these options. If you cannot find them, please send a message and I explain it later. Good luck!

Wed, 05/16/2018 - 05:31 (Reply to #6)
exetico

@Wagner - Oh well. You're right. I'm using IPv6 for multiple things on the server, but the virtual server for this domain was not with IPv6 enabled - my other domains only have IPv4 informations on Cloudflare, if i remember correctly. After removing the domain from Virtualmin, and adding it again, with IPv6-interface enabled, i tried to press the "Request Certificate". The page didn't respons... in the creation-proces, it also tried with no luck (It's enabled by default in my setup) .

I restarted everything, and now it's working!

Thanks for the input Wagner!:-)

Absolutly no thought was in the IPv6 support, cause i'm primary using it for the mail-solution.

@noisemarine - Yes, you're right. Guess i need to take my time to fix it, sometime in near future.

Topic locked