Question

CANNOT Install Let's Encrypt Certificate For Some Reason...

Posted January 22, 2020 946 views
SecurityLet's Encrypt

Hi,

I’m trying to install the Let’s Encrypt certificate on my domain using Virtualmin, but I keep getting the following error message:

Requesting a certificate for my-domain.com from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):  File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>    main(sys.argv[1:])  File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)  File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))ValueError: Wrote file to /home/aaronestebancoaching/public_html/.well-known/acme-challenge/MoG3aaTNE3M1-xqWYcGT4JuAuZW2Rf_u57CkDePECdQ, but couldn't download http://aaronestebancoaching.com/.well-known/acme-challenge/MoG3aaTNE3M1-xqWYcGT4JuAuZW2Rf_u57CkDePECdQ: Error:Url: http://aaronestebancoaching.com/.well-known/acme-challenge/MoG3aaTNE3M1-xqWYcGT4JuAuZW2Rf_u57CkDePECdQData: NoneResponse Code: 404Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
DNS-based validation failed : 

Neither DNS zone my-domain.com or any of its sub-domains exist on this system

The error on the Virtualmin panel.

Does anyone happen to know what is most likely causing this issue? I’d greatly appreciate your support.

Regards,
Aaron E.

edited by MattIPv4

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi @AaronEsteban1,

It looks like that your domain name does not have a valid DNS zone.

Basically in order for Let’s Encrypt to be able to issue an SSL certificate for your domain name it needs to validate that you actually own the domain name, so in order to do that Let’s Encrypt checks your domain name’s DNS zone and makes sure that your A record matches your server’s IP address.

So this would mean that you need to first register your domain name, make sure that your DNS records for your www and your non-www versions are pointing to the Droplet’s IP address and then run the SSL validation again.

Hope that this helps!
Regards,
Bobby

Hello @bobbyiliev,

I also tried to install the Let’s Encrypt certificate on my domain using Virtualmin and having the same problem with @AaronEsteban1.

My first attempt was use domainname1 hosting with namecheap and changed the DNS records pointing to DigitalOcean Droplet’s IP address.

Requesting a certificate for my-domain.com from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :

Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt
    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/sendy/public_html/.well-known/acme-challenge/0dz8L1zq6N8mHkM_Y1KCdKn6FgvyuX3Ty8AHbHrA8oY, but couldn't download http://my-domain.com/.well-known/acme-challenge/0dz8L1zq6N8mHkM_Y1KCdKn6FgvyuX3Ty8AHbHrA8oY: Error:
Url: http://my-domain.com/.well-known/acme-challenge/0dz8L1zq6N8mHkM_Y1KCdKn6FgvyuX3Ty8AHbHrA8oY
Data: None
Response Code: 404
Response: <html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.17.5</center>
</body>
</html>

DNS-based validation failed : Neither DNS zone my-domain.com or any of its sub-domains exist on this system

After that, I found this post here. I tried again but with different domain.
I also tried to add this domain to Digital Ocean account with DigitalOcean’s DNS tools ns1.digitalocean.com, ns2.digitalocean.com, and ns3.digitalocean.com. and changed the A records as @, *, subdomain.my-domain.com points to my DigitalOcean Droplet IP as https://www.digitalocean.com/docs/networking/dns/how-to/manage-records/#a-records.

I also have the same issue with Let’s Encrypt as below

Requesting a certificate for my-domain.com from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :

Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 106, in get_crt
    directory, _, _ = _do_request(directory_url, err_msg="Error getting directory")
  File "/usr/share/webmin/webmin/acme_tiny.py", line 46, in _do_request
    raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error getting directory:
Url: https://acme-v02.api.letsencrypt.org/directory
Data: None
Response Code: None
Response: <urlopen error [Errno -2] Name or service not known>

DNS-based validation failed : Neither DNS zone my-domain.com or any of its sub-domains exist on this system

Do you have any solutions?

Is it possible if we can use Let’s Encrypt here with Digital Ocean and put this into Virtualmin instead?
https://www.digitalocean.com/docs/networking/load-balancers/how-to/ssl-termination/#use-lets-encrypt

Thank you very much and appreciated your support.

Cheers,
Quang

edited by MattIPv4
  • Hi @quangmai911,

    What I could suggest here is trying to ping your domain name for example and make sure that the IP address actually matches the IP address of your Droplet, so to do that you could run:

    ping yourdomain.com
    

    If your IP actually matches the Droplet’s IP address, then I think it might be your Apache or Nginx config, would you mind sharing your Vhost/Server Block here so that I could try to advise you further?

    Regards,
    Bobby

Submit an Answer