#1 Mon, 11/11/2019 - 05:03

Let's Encrypt Failing

Vmin GPL (webmin 1.932 / virtualmin 6.08)
CentOS 7.7.1908

Renewing a LE cert for:


fails and I get these errors:

request failed : Web-based validation failed : Failed to request certificate :
mydomain.com challenge did not pass: Fetching https://mydomain.com/.well-known/acme-challenge/beYJTLRBsBzfs_kxSwUJ0MFo... Timeout during connect (likely firewall problem)

DNS-based validation failed : Failed to request certificate :
Undefined subroutine &main::restart_zone called at /usr/libexec/webmin/webmin/letsencrypt-dns.pl line 47. mydomain.com challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mydomain.com

Things I've noticed/checked:
- Firewalld settings are the same as a similar domain on another instance of Vmin, which successfully renewed.
- Added the patch in this Github commit for letsencrypt-cleanup.pl & letsencrypt-dns.pl (https://github.com/webmin/webmin/commit/771be1a754fafa02abb5d5670f3ba4a6...), no difference renewal errors still occur.
- Noticed an _acme-challenge TXT entry is created in DNS Records, this is not created in the successfully renewing domain on my other Vmin instance.
- HTTP/HTTPS redirects are the same in this domain as the other instance.
- I do not have a .well-known directory under public_html on EITHER instances - I was under the impression that this is no longer needed, but the errors perhaps indicate that it is - although I don't seem to need one on the other 'successful' instance.

Mon, 11/11/2019 - 06:18

Sorted. Removed the ipv6 addresses from the DNS records and added back the well-known folder (not sure which or both of these did it - I should have tested more precisely)

I must admit that ipv6 setup is a bit of a mystery to me - not sure what I'll do when I actually come round to needing them.

Mon, 11/11/2019 - 17:00

Because You selected all of Your domain and subdomain and maybe one of them not reachable. So, try to use only for really working domain, example domain.com and www only.

