installed app few month´s ago and but had already received errors back.
Wanted now the get them fixed and re-installed the app completely.

The errors remain

No config dialog appeared where the domain names could fill in.
Tested if univention setup script could fix the problem but no luck.

root@ucs # /usr/share/univention-letsencrypt/setup-letsencrypt

WARNING: UCR variable letsencrypt/domains does not match domains in CSR.
Removing domain.csr…
Creating domain.csr…
Multi domain mode
run-parts: executing /etc/univention/letsencrypt/setup.d//apache2
run-parts: executing /etc/univention/letsencrypt/setup.d//dovecot
run-parts: executing /etc/univention/letsencrypt/setup.d//postfix
Setting mail/postfix/ssl/key
Setting mail/postfix/ssl/certificate
Setting mail/postfix/ssl/cafile
Multifile: /etc/postfix/main.cf
So 6. Okt 17:59:43 CEST 2019
Refreshing certificate for following domains:
cloud.mydomain.com mail.mydomain.com sensors.mydomain.com web.mydomain.com webmail.mydomain.com
Parsing account key…
Parsing CSR…
Found domains: cloud.mydomain.com, web.mydomain.com, webmail.mydomain.com, mail.mydomain.com, sensors.mydomain.com
Getting directory…
Directory found!
Registering account…
Already registered!
Creating new order…
Order created!
Verifying mail.mydomain.com…
Traceback (most recent call last):
File “/usr/share/univention-letsencrypt/acme_tiny.py”, line 197, in
main(sys.argv[1:])
File “/usr/share/univention-letsencrypt/acme_tiny.py”, line 193, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/univention-letsencrypt/acme_tiny.py”, line 149, in get_crt
raise ValueError(“Challenge did not pass for {0}: {1}”.format(domain, authorization))
ValueError: Challenge did not pass for mail.mydomain.com: {u’status’: u’invalid’, u’challenges’: [{u’status’: u’invalid’, u’validationRecord’: [{u’url’: u’http://mail.mydomain.com/.well-known/acme-challenge/K829_B7UsOy4nPCmbEn4xaFzsryjkaw77IxxXeV6KXg’, u’hostname’: u’mail.mydomain.com’, u’addressUsed’: u’2a01:238:20a:202:1068::’, u’port’: u’80’, u’addressesResolved’: [u’81.169.145.68’, u’2a01:238:20a:202:1068::’]}], u’url’: u’https://acme-v02.api.letsencrypt.org/acme/chall-v3/660252305/v5FzXQ’, u’token’: u’K829_B7UsOy4nPCmbEn4xaFzsryjkaw77IxxXeV6KXg’, u’error’: {u’status’: 403, u’type’: u’urn:ietf:params:acme:error:unauthorized’, u’detail’: u’Invalid response from http://mail.mydomain.com/.well-known/acme-challenge/K829_B7UsOy4nPCmbEn4xaFzsryjkaw77IxxXeV6KXg [2a01:238:20a:202:1068::]: “\n\n404 Not Found\n\n

Not Found

\n<p”’}, u’type’: u’http-01’}, {u’status’: u’invalid’, u’url’: u’https://acme-v02.api.letsencrypt.org/acme/chall-v3/660252305/NQUnuw’, u’token’: u’K829_B7UsOy4nPCmbEn4xaFzsryjkaw77IxxXeV6KXg’, u’type’: u’dns-01’}, {u’status’: u’invalid’, u’url’: u’https://acme-v02.api.letsencrypt.org/acme/chall-v3/660252305/myUraQ’, u’token’: u’K829_B7UsOy4nPCmbEn4xaFzsryjkaw77IxxXeV6KXg’, u’type’: u’tls-alpn-01’}], u’identifier’: {u’type’: u’dns’, u’value’: u’mail.mydomain.com’}, u’expires’: u’2019-10-13T15:58:49Z’}
Setting letsencrypt/status

Isn´t it possible to reset the config of letsencrypt to start again ?

The issue seems to be that the tell-tale authorisation file in the web-server document root for mail.mydomain.com returns a 404 not found error. Is “mail.domain.com” correct? should it rather be “mydomain.com” ?

’http://mail.mydomain.com/.well-known/acme-challenge/K829_B7UsOy4nPCmbEn4xaFzsryjkaw77IxxXeV6KXg’

mail.domain.com is correct and is reachable from internal LAN and external i-net.
But it isn´t a website. It´s the mailserver (because of Port 80 in the above error message).

fixed !

LetsEncrypt check during this setup if the website is reachable.
In my case the NAT of the router point to a wrong internal IP/site.
After fixing that issue the procedure went through without errors.