Notifications
Clear all

[Solved] Virtualmin letsencrypt error: Account creation on ACMEv1 is disabled

3 Posts
1 Users
0 Likes
58 Views
Tharindu
(@tharindu)
Reputable Member Admin
Joined: 10 years ago
Posts: 307
Topic starter  

This error started to occur from beginning of last October with the Let's Encrypt's migration to API v2. Following is the error message you would receive when trying to generate SSL certificate for a domain with Virtualmin.

Error registering: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See  https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430  for details.

The issue has been reported to Virtualmin devs and they are working on a solution. Although there's no patch released as of the time writing. So until it gets an official fix, you can use following workaround which works perfectly.

This workaround was suggested by one of core devs @virtualmin. The idea is to install Let's Encrypt manually. If the Certbot is available on the system, Virtualmin will use it instead of API for certificate generation. Let's install Certbot,

Install dependencies,

apt install software-properties-common

Add universe repository to your system,

add-apt-repository universe

Add Certbot PPA to your system,

add-apt-repository ppa:certbot/certbot

Update APT cache,

apt update

Install latest version on Certbot,

apt install socat certbot

Let's Encrypt has a registration process where they ask for your email address. Following command will initiate it,

certbot register

Complete the registration with a valid email address and then request a new certificate for your domain Virtualmin SSL section.


   
Quote
Tharindu
(@tharindu)
Reputable Member Admin
Joined: 10 years ago
Posts: 307
Topic starter  

We no longer get above mentioned error on Virtualmin and Let's Encrypt. But you'll see following error when you try to generate SSL with Virtualmin.

.. request failed : Web-based validation failed : Failed to request certificate :

Traceback (most recent call last):
File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/username/public_html/.well-known/acme-challenge/EiEYniJ-DAPzSkiPDyHH1j-Fggc74aMYEBfvuM-kqY4, but couldn't download http://domain.com/.well-known/acme-challenge/EiEYniJ-DAPzSkiPDyHH1j-Fggc74aMYEBfvuM-kqY4: Error:
Url: http://domain.com/.well-known/acme-challenge/EiEYniJ-DAPzSkiPDyHH1j-Fggc74aMYEBfvuM-kqY4
Data: None
Response Code: 404
Response: <html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

DNS-based validation failed : Neither DNS zone sendy.li-wifi.com or any of its sub-domains exist on this system

This is due to the API migration I talked about in the previous post. So follow the workaround on that post to fix this issue.


   
ReplyQuote
Tharindu
(@tharindu)
Reputable Member Admin
Joined: 10 years ago
Posts: 307
Topic starter  

This issue has been fixed as of 5th May 2020.

If you still have problems with Let's Encrypt and Virtualmin, it probably due to some other error. Feel free to create a new topic. This topic is now closed.


   
ReplyQuote
Share:
Back to top button