Let's encrypt not working

Dear team,

this is a continuation of #813 (you will see there a lot of info regarding this) but here I am re-posing the problem as it manifsts today :

(1) - I was able to create a new LE certificate from the web interface (or from a command line, no difference here) for the domain lea-art.com, and echos-partners-industrie.fr, both built on WordPress... it refused to do it through DNS (which is yes delegated to virtualmin of course), but it succeeded through the web
(2) - but for sodyna.com, which is based on joomla for example... it refuses both methods as you can see here : (is Joomla, a php-based CMS, kind of "stealing" all the URL domain, preventing anything to happen like what LE needs ? whereas WP would allow it ? or is 755 not enough to authorize LE to proceed ?) Web-based validation failed : Saving debug log to /var/log/letsencrypt/letsencrypt.log Renewing an existing certificate for sodyna.com and 4 more domains

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: autoconfig.sodyna.com Type: unauthorized Detail: 78.194.51.48: Invalid response from http://autoconfig.sodyna.com/.well-known/acme-challenge/FRyIlQzQCv3xsta-vzAPjGT5SX-M1AaJTNEqQvlChJU: "\ufeff<!doctype html>\n<html lang=\"en\" data-bs-theme=\"auto\">\n\n \n batayin.live — Domain default page </title"</p> <p>Domain: autodiscover.sodyna.com Type: unauthorized Detail: 78.194.51.48: Invalid response from <a rel="noreferrer nofollow" target="_blank" href="http://autodiscover.sodyna.com/.well-known/acme-challenge/UTewz8BYFquOorIOXAzChji9JEO1F91x0irsKrlSuS4">http://autodiscover.sodyna.com/.well-known/acme-challenge/UTewz8BYFquOorIOXAzChji9JEO1F91x0irsKrlSuS4</a>: "\ufeff<!doctype html>\n<html lang=\"en\" data-bs-theme=\"auto\">\n<head>\n <title>\n batayin.live — Domain default page </title"</p> <p>Domain: ns.sodyna.com Type: unauthorized Detail: 78.194.51.48: Invalid response from <a rel="noreferrer nofollow" target="_blank" href="http://ns.sodyna.com/.well-known/acme-challenge/9usHowlC0eeuPDBDRbs_u3sX1XL7iPbe5Yk-K4_ly24">http://ns.sodyna.com/.well-known/acme-challenge/9usHowlC0eeuPDBDRbs_u3sX1XL7iPbe5Yk-K4_ly24</a>: "\ufeff<!doctype html>\n<html lang=\"en\" data-bs-theme=\"auto\">\n<head>\n <title>\n batayin.live — Domain default page </title"</p> <p>Domain: sodyna.com Type: unauthorized Detail: 78.194.51.48: Invalid response from <a rel="noreferrer nofollow" target="_blank" href="https://sodyna.com/.well-known/acme-challenge/1qJn7GUgpz9m1sDnNdfSVpA8l7BydQuqGCkWqVzzaaA">https://sodyna.com/.well-known/acme-challenge/1qJn7GUgpz9m1sDnNdfSVpA8l7BydQuqGCkWqVzzaaA</a>: 404</p> <p>Domain: www.sodyna.com Type: unauthorized Detail: 78.194.51.48: Invalid response from <a rel="noreferrer nofollow" target="_blank" href="https://sodyna.com/.well-known/acme-challenge/6OcrHoP-6E1FB2Qz2UyNIFJTp1NFKC7OMM1D73gF2tc">https://sodyna.com/.well-known/acme-challenge/6OcrHoP-6E1FB2Qz2UyNIFJTp1NFKC7OMM1D73gF2tc</a>: 404</p> <p>Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.</p> <p>Some challenges have failed. Ask for help or search for solutions at <a rel="noreferrer nofollow" target="_blank" href="https://community.letsencrypt.org">https://community.letsencrypt.org</a>. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.</p> <p>===========</p> <ul> <li>(3) - or in the case of a cli restricted to dns because port 80 has been redirected to a python script engine : root@ns:/home/yguzzi# virtualmin generate-letsencrypt-cert --domain derechgeula.org --host derechgeula.org --ec --dns Requesting SSL certificate for derechgeula.org .. .. failed : DNS-based validation failed : Saving debug log to /var/log/letsencrypt/letsencrypt.log Renewing an existing certificate for derechgeula.org</li> </ul> <p>Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems: Domain: derechgeula.org Type: dns Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.derechgeula.org - check that a DNS record exists for this domain</p> <p>Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.</p> <p>Some challenges have failed. Ask for help or search for solutions at <a rel="noreferrer nofollow" target="_blank" href="https://community.letsencrypt.org">https://community.letsencrypt.org</a>. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/yguzzi"><img src="https://avatars.githubusercontent.com/u/1957514?v=4" />yguzzi</a> commented <strong> 1 day ago</strong> </div> <div class="markdown-body"> <p>additional info : for some mysterious reason lea-art.com redirects to batayin.live which has been deactivated and I can't find the reason... but, but.. it didn't hamper LE in granting that domain an SSL !</p> <p>correction : sodyna.com is not based on joomla but on a similar python script like derechgeula.org, and batayin.live (called Odoo) and not at all directory based... and therefore won't allow the kind of URL that web-based LE is trying to operate... fine... but why isn't your integration with LE not working on the DNS ??</p> <p>At the end of issue #813 we stopped the war against that bug based on my claims that Jamie's erasing of previous certs had allowed me to "trick" LE by manually inserting the challenges in TXT records in the DNS based on a previous attemps and surprisingly seeing that LE was accepting them.... but that doesn't work anymore... or I have lost the special recipe..</p> <p>And at any rate, the certs never renew automatically, never... and it always causes damage... and it has been now a few months now without SSL...</p> <p>Thank you SO much... I know that somehow we shall arrive at a solution together.. Cheers</p> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>

virtualmin / virtualmin-gpl

Let's encrypt not working #965