Let'e Encrypt - Request Certificate - Gave up waiting for validation

4 posts / 0 new
Last post
#1 Wed, 10/09/2019 - 10:34
dsoden
dsoden's picture

Let'e Encrypt - Request Certificate - Gave up waiting for validation

I have several domains on this server and I just created 2 new virtual servers today 1 no issues, the other nothing but hell with several attempts. I'm confused because all others on the server work except my system has a bias against this domain name - my domain name, so I guess it really does hate me... LOL.

The actual error I get from the page https://A-HOST.MY-DOMAIN.com:10000/virtual-server/letsencrypt.cgi (*not real name of my server obviously) is:

Requesting a certificate for davidsoden.com, www.davidsoden.com, mail.davidsoden.com, autoconfig.davidsoden.com, autodiscover.davidsoden.com from Let's Encrypt .. .. request failed : Web-based validation failed : Failed to request certificate : Error checking challenge: 500

DNS-based validation failed : Failed to request certificate : Traceback (most recent call last): File "/usr/libexec/webmin/webmin/acme_tiny.py", line 250, in main(sys.argv[1:]) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 246, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 177, in get_crt log.error("Error checking challenge: {0}".format(e.code)) AttributeError: 'URLError' object has no attribute 'code'

DNS-based validation failed : Failed to request certificate : Gave up waiting for validation

Thu, 10/10/2019 - 00:05
noisemarine

Remove names that you don't need certs for or that don't have a valid http configuration. mail/autoconfig/autodiscover seem likely to be causing your problems.

Thu, 10/10/2019 - 09:54
dsoden
dsoden's picture

So I chose " Domain names listed here" and not the default "Domains associated with this server. I did just the domainname.com and WWW and it went through. I left off "mail", "autoconfig", and "autodiscover"

I had no issues with the other domain I setup prior to this one seconds before creating this one, the other day. The other one did take some time though, longer than usual.

As mentioned I have not had to do this before. And you bring up a GREAT point which made me take notice... I just noticed that there are now 5 domains being requested BY DEFAULT, not 3 - some recent upgrade obviously caused this as I never explicitly set this up this way. Use to be just:

1) DOMAIN.COM 2) WWW.DOMAIN.COM 3) MAIL.DOMAIN.COM

"autoconfig" and "autodiscover" are NEW hosts being added by DNS on domain creation.

Did something change in the versions I'm running? and do I need to put in a BUG report? Operating system = CentOS Linux 7.7.1908 Webmin version = 1.930 Usermin version = 1.780 Virtualmin version = 6.07 Authentic theme version = 19.39-2

Also caught this post while researching my reply above - so something wacky is going on with others too (no clue how to escalate this to the company if there is indeed an issue) https://virtualmin.com/node/65673

Best Regards,

.DS

Thu, 10/10/2019 - 13:20
anahata
anahata's picture

The autoconfig and autodiscover subdomains are there for the purpose of enabling mail clients to find out the server name, protocol and user name for a domain. If you've ever seen a mail client offer to configure itself automatically, that's how it's done. They aren't "new hosts"; the subdomain names are picked up by apache in your normal domain configuration. Search /etc/apache2/sites-available/* for 'autoconfig' and 'autodiscover' and you can see how they get redirected to a configuration script.
If you don't need autoconfiguration for mail clients that will connect to your server, you can remove them.
Letsencrypt sets them up for me OK though. I doubt they are the cause of your Letsencrypt problem.

Anahata www.treewind.co.uk West Yorkshire, UK