like it says here: LE (still) not renewing automatically in Webmin
I’ll ask @Jamie to chime in on this.
Oh, but check to see if the problem happens with Virtualmin 6.10 and Webmin 1.953, since they both just came out today and have a ton of changes related to this area (though I don’t know about this specific problem as it isn’t one we’ve heard about much).
after creating a new virtual server yesterday afternoon, i noticed dovecot and postfix both refusing connections. mail.err indicated a malformed /etc/dovecot/dovecot.conf. and indeed the file was half a mess. a } was missing and entries had run together. furthermore, entries for the virtual machines were not entirely consistent. besides local_name directives for domain.tld and www.domain.tld, most had directives for autoconfig.domain.tld and autodiscover.domain.tld, but not all. inside the local_name directives, all had ssl_cert and ssl_key, but some also had ssl_ca. and some of the ssl_cert’s pointed to /home/user/ssl.cert, while others read /home/user/ssl.combined.
wasnt sure if this could be related to my ghost domain le renewal log issue, even though that particular domain was not found in the jumbled /etc/dovecot/dovecot.conf?
not sure why i didnt think of this before, but i searched the system for files containing the text of the ghost virtual server’s name. i found several files, three of them suspicious. the first was /etc/letsencrypt/renewal/domain.tld, which i deleted since the only other files in that directory were for active virtual servers. the other two were expiration notices from le in the maildir of an entirely different virtural server.
we’ll see what the log looks like in a day or two.
I don’t think Virtualmin creates that. But, maybe I just don’t know how Virtualmin works with certbot. I thought we had our own scheduling outside of the certbot renewal thing. Is it possible you created it when manually using certbot to renew or generate a cert for this domain?
ive never manually used certbot to do anything more than perhaps a version check. a handful of certificates i made with openssl for an openvpn server implementation should be the only certificates on the system that weren’t created or renewed through either webmin or virtualmin. everything in /etc/letsencrypt/renewal is current. the virtualmin certificates are a month old or less and the webmin certificate less than three months old (because i have to renew it manually of course.)
that file in /etc/letsencrypt/renewal was the key. no more failed renewal attempts in /var/log/letsencrypt/letsencrypt.log.
now back to the original issue…
This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.