Letsencrypt broken after upgrade to 5.06

Updated webmin-virtual-server package this morning to 5.06. After that letsencrypt stopped working. (seen on several servers, also on Debian 8)

Requesting a certificate for * from Let's Encrypt .. .. request failed : Domain has no website, and DNS-based validation is not possible.

Comments

I have same problem here. On 5.06 Let's Encrypt does not work. I have tried with another server in 5.05, it's work. Next I have upgraded to 5.06 and now I can not Request Certificate.

Fresh install using 5.06 deb from the Webmin site. OS is Ubuntu 14.04.

Webmin version 1.831.

Source code of file ./usr/share/webmin/virtual-server/feature-ssl.pl includes this:

if ($d->{'web'} && 0) {
         ($ok, $cert, $key, $chain) = &webmin::request_letsencrypt_cert(
                $dnames, $phd, $d->{'emailto'}, $size, "web", $staging);
        }
if (!$ok && &get_webmin_version() >= 1.832 && $d->{'dns'}) {
        ($ok, $cert, $key, $chain) = &webmin::request_letsencrypt_cert(
                $dnames, undef, $d->{'emailto'}, $size, "dns", $staging);
        }
elsif (!$ok) {
        $ok = 0;
        $cert = "Domain has no website, ".
                "and DNS-based validation is not possible";
        }

Webmin 1.831 is the latest version available at their repository. apt-get update && apt-get upgrade won't update to 1.832.

Broken here too. Same error. CentOS7

Requesting a certificate for * from Let's Encrypt .. .. request failed : Domain has no website, and DNS-based validation is not possible

The same problem, 2 of my websites certificates expire tomorrow. Any temporary quick fix?

PANIC!!!

I experienced the same problem.

My temporary fix, was to install letsencrypt on the server, use Webroot authentication and move the certificates manually.
Basically:

sudo apt-get install letsencrypt
sudo letsencrypt certonly --webroot --keep-until-expiring --agree-tos --rsa-key-size 2048 --email example@example.com -w /home/{USER}/public_html -d example.com

sudo mv /home/{USER}/ssl.cert /home/{USER}/ssl.cert-old
sudo mv /home/{USER}/ssl.key /home/{USER}/ssl.key-old
sudo cp /etc/letsencrypt/live/{example.com}/fullchain.pem /home/{USER}/ssl.cert
sudo cp /etc/letsencrypt/live/{example.com}/privkey.pem /home/{USER}/ssl.key

Hope is fixed soon though...

I experienced the same problem.

My temporary fix, was to install letsencrypt on the server, use Webroot authentication and move the certificates manually.
Basically:

sudo apt-get install letsencryptsudo letsencrypt certonly --webroot --keep-until-expiring --agree-tos --rsa-key-size 2048 --email example@example.com -w /home/{USER}/public_html -d example.com
sudo mv /home/{USER}/ssl.cert /home/{USER}/ssl.cert-old
sudo mv /home/{USER}/ssl.key /home/{USER}/ssl.key-old
sudo cp /etc/letsencrypt/live/{example.com}/fullchain.pem /home/{USER}/ssl.cert
sudo cp /etc/letsencrypt/live/{example.com}/privkey.pem /home/{USER}/ssl.key

Hope is fixed soon though...

Possible temporary solution, working for me on Ubuntu 16.04:

Go into the Source code of file ./usr/share/webmin/virtual-server/feature-ssl.pl

As mentioned by 'regodon' the code starting at line 2138 contains this function / subroutine (sorry I'm not familiar with Perl phraseology):

# request_domain_letsencrypt_cert(&domain, &dnames, [staging], [size])
# Attempts to request a Let's Encrypt cert for a domain, trying both web and
# DNS modes if possible
sub request_domain_letsencrypt_cert
{
my ($d, $dnames, $staging, $size) = @_;
$size ||= $config{'key_size'};
&foreign_require("webmin");
my $phd = &public_html_dir($d);
my ($ok, $cert, $key, $chain);
if ($d->{'web'} && 0) {
<------> ($ok, $cert, $key, $chain) = &webmin::request_letsencrypt_cert(
<------><------>$dnames, $phd, $d->{'emailto'}, $size, "web", $staging);
<------>}
if (!$ok && &get_webmin_version() >= 1.832 && $d->{'dns'}) {
<------>($ok, $cert, $key, $chain) = &webmin::request_letsencrypt_cert(
<------><------>$dnames, undef, $d->{'emailto'}, $size, "dns", $staging);
<------>}
elsif (!$ok) {
<------>$ok = 0;
<------>$cert = "Domain has no website, ".
<------><------>"and DNS-based validation is not possible";
<------>}
return ($ok, $cert, $key, $chain);
}

You'll notice on line 2148 this 'if' statement:

if ($d->{'web'} && 0) {

As I mentioned I'm no Perl programmer, but assuming the && is a logical AND, then ANDing anything with 0 will always result in a 0 or false return value, causing this if statement block not to run.

Change the 0 to a 1 like so:

if ($d->{'web'} && 1) {

Save the file and then restart Webmin. I did so from the terminal with the command:

sudo service webmin restart

(I was scratching my head for while at this, but I asusme the Perl functions must be cached in memory. Might be related to me having it load Virtualmin / Webmin into memory on server start. As a result the webmin restart might not be required for everyone)

Same here on Debian 7 and 8.

I reinstalled Ubuntu and Let's Encrypt stopped working...

Jamie/Joe,

This does seem to be a confirmed bug at the core of the functionality.

After it failed inside the Virtualmin web GUI, I attempted to issue the command via the command line API using: virtualmin generate-letsencrypt-cert --domain mydomain.com --renew 2 and got the the error Requesting SSL certificate for mydomain.com www.mydomain.com .. failed : Domain has no website, and DNS-based validation is not possible as stated by others.

Test was completed using the latest version of Virtualmin 5.06 and CentOS 7.

-Peter

Maybe anybody has file "virtualmin.5.05.sh" ? I tried to find it, but failed.

Damn, this was due to test code left in place as part of work to get DNS-based validation working.

Editing line 2148 and changing it from :

if ($d->{'web'} && 0) {

to :

if ($d->{'web'}) {

and then running /etc/webmin/restart will fix the issue.

Jamie,

I made the adjustment noted to /usr/libexec/webmin/virtual-server/feature-ssl.pl and it successfully resolved the bug after restarting webmin.

Cheers!

Just an FYI, we're going to be making a new release here shortly with the Let's Encrypt bugfix in it... sorry about that!

I change it("if ($d->{'web'} && 0) {"). Reboot webmin. @Requesting a certificate for softowik.by, www.softowik.by from Let's Encrypt .. .. request was successful! Configuring webserver to use new certificate and key .. .. done

Applying web server configuration .. .. done@

But... have no results. (Answer is OK. In browser "ERR_SSL_PROTOCOL_ERROR")

Can U help me?

P.S.: Domain is http://softowik.by/

Please, tell me, how can I install lower version of virtualmin. I need it!

For Ubuntu / Debian you can downgrade virtualmin to older version:
sudo apt-get install webmin-virtual-server=5.05.gpl 

and hold this virtualmin 5.05 version
sudo apt-mark hold webmin-virtual-server 

Once it's corrected version, you can unlock the package for upgrade:
sudo apt-mark unhold webmin-virtual-server 

Thanks! Maybe anybody can help me? I did all like there: https://virtualmin.com/node/46850. But have "ERR_SSL_PROTOCOL_ERROR". So interesting, why I have no message about bad sertificate, just error. Before reinstalling of Ubuntu all was great. Please, help me.

It was because of IP (127.0.0.1), I change it to external. It works now! Thanks! For developers: THANKS A LOT, GREAT JOB! WE DO INTERNET BETTER TOGETHER!!!

in CentOS6.8

on virtualmin5.06

I fixed the file in「/usr/libexec/webmin/virtual-server/feature-ssl.pl」

from:

if ($d->{'web'} && 0) {

to :

if ($d->{'web'}) {

And restart webmin.

But I get 「Requesting a certificate for * from Let's Encrypt .. .. request failed : Domain has no website, and DNS-based validation is not possible.」, when I did「Let's encrypt」

What should I do next ?

Upgrade NOW. New webmin-virtual-server (5.06.gpl-2) solves this issue.