Hi,

I’m trying to install the Let’s Encrypt certificate on my domain using Virtualmin, but I keep getting the following error message:

Requesting a certificate for my-domain.com from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :
Traceback (most recent call last):  File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>    main(sys.argv[1:])  File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)  File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))ValueError: Wrote file to /home/aaronestebancoaching/public_html/.well-known/acme-challenge/MoG3aaTNE3M1-xqWYcGT4JuAuZW2Rf_u57CkDePECdQ, but couldn't download http://aaronestebancoaching.com/.well-known/acme-challenge/MoG3aaTNE3M1-xqWYcGT4JuAuZW2Rf_u57CkDePECdQ: Error:Url: http://aaronestebancoaching.com/.well-known/acme-challenge/MoG3aaTNE3M1-xqWYcGT4JuAuZW2Rf_u57CkDePECdQData: NoneResponse Code: 404Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
DNS-based validation failed : 

Neither DNS zone my-domain.com or any of its sub-domains exist on this system

The error on the Virtualmin panel.

Does anyone happen to know what is most likely causing this issue? I’d greatly appreciate your support.

Regards,
Aaron E.

edited by MattIPv4

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
4 answers

Hi @AaronEsteban1,

It looks like that your domain name does not have a valid DNS zone.

Basically in order for Let’s Encrypt to be able to issue an SSL certificate for your domain name it needs to validate that you actually own the domain name, so in order to do that Let’s Encrypt checks your domain name’s DNS zone and makes sure that your A record matches your server’s IP address.

So this would mean that you need to first register your domain name, make sure that your DNS records for your www and your non-www versions are pointing to the Droplet’s IP address and then run the SSL validation again.

Hope that this helps!
Regards,
Bobby

Hello @bobbyiliev,

I also tried to install the Let’s Encrypt certificate on my domain using Virtualmin and having the same problem with @AaronEsteban1.

My first attempt was use domainname1 hosting with namecheap and changed the DNS records pointing to DigitalOcean Droplet’s IP address.

Requesting a certificate for my-domain.com from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :

Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt
    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/sendy/public_html/.well-known/acme-challenge/0dz8L1zq6N8mHkM_Y1KCdKn6FgvyuX3Ty8AHbHrA8oY, but couldn't download http://my-domain.com/.well-known/acme-challenge/0dz8L1zq6N8mHkM_Y1KCdKn6FgvyuX3Ty8AHbHrA8oY: Error:
Url: http://my-domain.com/.well-known/acme-challenge/0dz8L1zq6N8mHkM_Y1KCdKn6FgvyuX3Ty8AHbHrA8oY
Data: None
Response Code: 404
Response: <html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.17.5</center>
</body>
</html>

DNS-based validation failed : Neither DNS zone my-domain.com or any of its sub-domains exist on this system

After that, I found this post here. I tried again but with different domain.
I also tried to add this domain to Digital Ocean account with DigitalOcean’s DNS tools ns1.digitalocean.com, ns2.digitalocean.com, and ns3.digitalocean.com. and changed the A records as @, *, subdomain.my-domain.com points to my DigitalOcean Droplet IP as https://www.digitalocean.com/docs/networking/dns/how-to/manage-records/#a-records.

I also have the same issue with Let’s Encrypt as below

Requesting a certificate for my-domain.com from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :

Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 106, in get_crt
    directory, _, _ = _do_request(directory_url, err_msg="Error getting directory")
  File "/usr/share/webmin/webmin/acme_tiny.py", line 46, in _do_request
    raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error getting directory:
Url: https://acme-v02.api.letsencrypt.org/directory
Data: None
Response Code: None
Response: <urlopen error [Errno -2] Name or service not known>

DNS-based validation failed : Neither DNS zone my-domain.com or any of its sub-domains exist on this system

Do you have any solutions?

Is it possible if we can use Let’s Encrypt here with Digital Ocean and put this into Virtualmin instead?
https://www.digitalocean.com/docs/networking/load-balancers/how-to/ssl-termination/#use-lets-encrypt

Thank you very much and appreciated your support.

Cheers,
Quang

edited by MattIPv4
  • Hi @quangmai911,

    What I could suggest here is trying to ping your domain name for example and make sure that the IP address actually matches the IP address of your Droplet, so to do that you could run:

    ping yourdomain.com
    

    If your IP actually matches the Droplet’s IP address, then I think it might be your Apache or Nginx config, would you mind sharing your Vhost/Server Block here so that I could try to advise you further?

    Regards,
    Bobby

Today I also encountered this problem , The solution is tool cannot verify the file stored in acme directory.
Solution is open ssh / terminal

sudo nano /etc/hosts/

next is point your ip and sever
example

162.165.1.1 www.yourwebsite.com
162.165.1.1 yourwebsite.com

Reboot machine if you wish.

Now try again it will work

Good luck

Hi @bobbyiliev,

I have encountered this issue as well. May I know is this issue solved?

Thanks,
Joseph

  • Hi there @josephchong,

    Can you share a little bit more information about the error that you are getting? It is not really a platform related problem but mostlikely an issue with your DNS setup or your server.

    Basically in order for Let’s Encrypt to be able to issue an SSL certificate for your domain name it needs to validate that you actually own the domain name, so in order to do that Let’s Encrypt checks your domain name’s DNS zone and makes sure that your A record matches your server’s IP address.

    If you ping your domain name do you get the same IP as your Droplet’s IP?

    Regards,
    Bobby

    • Hi @bobbyiliev,

      I am getting the error below:

      Requesting a certificate for 1to1media.my from Let's Encrypt ..
      .. request failed : Web-based validation failed : Failed to request certificate :
      
      Traceback (most recent call last):
        File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
          main(sys.argv[1:])
        File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
          signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
        File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt
          raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
      ValueError: Wrote file to /home/oneto1media/public_html/.well-known/acme-challenge/RHtMk4-71HRHRCUkt6IgasO5XO-1WJUh-OvTPlvW01s, but couldn't download http://1to1media.my/.well-known/acme-challenge/RHtMk4-71HRHRCUkt6IgasO5XO-1WJUh-OvTPlvW01s: Error:
      Url: http://1to1media.my/.well-known/acme-challenge/RHtMk4-71HRHRCUkt6IgasO5XO-1WJUh-OvTPlvW01s
      Data: None
      Response Code: 404
      Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
      <html><head>
      <title>404 Not Found</title>
      </head><body>
      <h1>Not Found</h1>
      <p>The requested URL was not found on this server.</p>
      </body></html>
      
      , DNS-based validation failed : Failed to request certificate :
      usage: acme_tiny.py [-h] --account-key ACCOUNT_KEY --csr CSR --acme-dir
                          ACME_DIR [--quiet] [--disable-check]
                          [--directory-url DIRECTORY_URL] [--ca CA]
                          [--contact [CONTACT [CONTACT ...]]]
      acme_tiny.py: error: argument --acme-dir is required
      

      My domain A record is pointing to DigitalOcean droplet. Yes, I ping my domain and get the same IP as my droplet’s.

      Joseph

      edited by MattIPv4
      • Hi there @josephchong,

        Indeed your DNS setup looks correct.

        Can you share the Apache virtual host that you are using?

        Regards,
        Bobby

        • Hi @bobbyiliev,

          Sorry I am new with VPS and server stuff. Trying to install Mailwizz into it through tutorials at youtube. I have installed Webmin to my VPS. Do you need the log in to my site?

          Joseph

          • @bobbyiliev, can you advise what info you need to check the SSL issue?

            Joseph

          • Hi there @josephchong,

            Note that this is a public community forum, where aim to answer open questions about anything SysAdmin, DigitalOcean and beyond. However, I can’t really offer to login to your server and troubleshoot the problem directly due to security and privacy reasons.

            I am more than happy to provide you with any guidance that you need.

            Feel free to share your server error logs and access logs so that I could try to advise you further on what the issue might be.

            Regards,
            Bobby

Submit an Answer