So, I made the super awesome move to delete the self-signed certs at /home/domain/ssl.*. Because I used the instructions to automate a signed CA certs using certbot @ https://certbot.eff.org/#centosrhel7-apache
Now my sites are https no problem but when trying to go to https://domain.com:10000 I get a crash saying the site cannot be reached - refused connection. I’m assuming virtualmin is looking for /home/domain/ssl.* certs which I had the bright dumba$$ idea to delete when certbot generated the new certs somewhere else.
Any ideas how I can recover this? the sites work I just cannot re-gain access to my virtualmin panel https://domain:10000.
Please read this
Double post from me but important if you use…
If using this script or parts out of this example updated from that still problem could arise but don’t know wich virtualmin uses https://community.letsencrypt.org/t/help-test-certbot-apache-and-nginx-fixes-for-tls-sni-01-outage/50207 we strongly encourage people to move to HTTP or DNS validation rather than attempt to get on the TLS-SNI-01 whitelist.
Is not the answer to your question i know but seemly important to
For most people using the TLS-SNI validation method, moving to the HTTP validation method will be the easiest path forward.
But the http could have some probs … when using certbot for example plugin may not succeed in using HTTP-01 Challenges on webservers We have arrived at the conclusion that we cannot generally re-enable TLS-SNI validation. There are simply too many vulnerable shared hosting and infrastructure services that violate the assumptions behind TLS-SNI validation. We will be executing the following plan to mitigate impact and entirely sunset the TLS-SNI-01 and TLS-SNI-02 validation methods.
Hi thanks for the reply. I solved my issue ( not that I’m entirely sure how ) but I had to expand the certificate to add another domain and received the error ‘Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA’. I believe this is what you’re commenting on and I’m aware of this. I think there working on it. I read up on it here: http://www.zdnet.com/article/lets-encrypt-disables-tls-sni-01-validation/
As for my problem, I’m not sure what was really going on. My sites work and now when I access domain.com:10000 I can hit virtualmin but I do get a ‘Your connection is not private’ and it looks like a root certificate. The root certs are not there anymore in that /home/domain/ but my letsencrypt seem to be working on my sites generally. I also have a subdomain and it is covering them as well. tested in chrome, safari and FF.
So maybe there is another root cert somewhere for domain.com:10000? I didn’t deep dive into this…
