I’m able to issue a “regular” let’s encrypt certificate for my domain keys-server.com and seriousweb.dev (the latter shows no error, but is not working in the browser).
I’m getting this error when requesting a Lets’Encrypt wildcard certificate:
The following errors were reported by the server:
Domain: keys-server.com
Type: unauthorized
Detail: No TXT record found at _acme-challenge.keys-server.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Where can I find the challenge that I must add on the external DNS records. my nameserver is at namesilo.
That’s the DNS validation attempt. The more interesting error for most users is the web validation request.
If Virtualmin is not managing your DNS you cannot use DNS validation, but if you fix your DNS A records (or don’t request certs for names that don’t have A records), you won’t have to. Web validation is the preferred validation method for most users.
Oh, sorry, you’re right. OP does mention they’re requesting a wildcard, I missed that.
In that case, OP can’t do that. Virtualmin is not managing their DNS, as far as I can tell. You cannot get a wildcard certificate in Virtualmin unless Virtualmin is managing DNS. It’ll have to be done with the Let’s Encrypt command line client. (Edit: Also, OP, you should tell Virtualmin it is not managing your DNS. It thinks it is, so it’s allowing you to try to do something that it can’t possibly do. Turn off features you aren’t using in Features and Plugins.)
But, also, you should not get a wildcard certificate unless you really can’t do what you need to do any other way. Let’s Encrypt certificates are free and very easy to request, there is no good reason I can come up with to use a wildcard. There are security implications to wildcards and they are harder to validate (unless Virtualmin is managing DNS).
thank you guys for your help. The wildcard is mentioned in my question. Regular certificate works fine to issue (but not actually in the browswer), wildcard does not even issue.
I do have www in my dns records Screenshot by Lightshot
The main domain of this server is seriousweb.dev and the only site with a cert that works now is https://blue.seriousweb.dev/ . This used to work flawlessly in the past…
What else should I do? I don’t care about using wildcard certificate at this stage, I can request a cert for each subdomain, I just need the subserver kd.keys-server.com to have a valid ssl …
You cannot issue a wildcard cert using Virtualmin if Virtualmin is not managing your DNS, as I said above.
It only offers the option because it thinks it is managing your DNS. You should fix that (turn off the DNS feature in Virtualmin, if you aren’t managing DNS with Virtualmin).
There is no reason, in your case to use wildcard certs, though. Just get a cert for each domain.
Hi Joe,
thanks for your comments. Pls. read my reply. I don’t care about wildcard certificate, I just want a certificate for the sub domain that works!
I have not changed anything DNS settings, if I need to disable something, pls tell me exactly where (and how to get there).
Thanks!
