certbot 0.40.0 is installed and Virtualmin SSL creation/renew process works; both Web and DNS based.
Even there is no need to renew the certificate for the domain since renewal date is 3/30/2021.
However, every 65 minutes; system generates the email below;
An error occurred requesting a new certificate for domain .com, *.domain .com from Let’s Encrypt : DNS-based validation failed :
Use of --manual-public-ip-logging-ok is deprecated.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt .org Use of --manual-public-ip-logging-ok is deprecated.
Renewing an existing certificate for domain .com and *.domain .com Performing the following challenges:
dns-01 challenge for domain .com
dns-01 challenge for domain .com
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Waiting for verification…
Challenge failed for domain domain.com Challenge failed for domain domain.com
dns-01 challenge for domain .com
dns-01 challenge for domain .com
Cleaning up challenges
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Some challenges have failed.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: domain .com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.domain .com - check that a DNS record exists for
this domain
Domain: domain .com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.domain .com - check that a DNS record exists for
this domain
I both tried Manual(via certbot) and Auomated(via Virtualmin); they are working with no issues.
It seems something like cron jobs of webmin/virtualmin which I couldn’t find a clue on logs. Similarly, I couldn’t find that specific 65-min cron to check the problem.
I’d be happy to work with you to resolve your LE issues. I’ve recently discovered and addressed LE issues within our own servers so I’m confident we can work through this and get you back to an operational status.
I don’t think Virtualmin has any jobs that run every 65 minutes. Seems like maybe it’s something certbot is doing (though I don’t know why it would, the way Virtualmin calls it should not setup anything recurring in certbot, as it handles the renewals itself every two months by default).
Did you run certbot manually at some point?
Edit: This is a wildcard cert. Did you mean to try to setup a wildcard cert? Do you host the DNS locally? It is impossible to get a wildcard via web-based validation, so you either have to host DNS in Virtualmin (and glue records need to reflect that) or you have to generate your cert using some other process that updates the necessary TXT record on renewals (e.g. certbot supports Route 53 hosted zones, as well as some other API-based DNS options).
Yes, DNS is locally hosted; Virtualmin can run Letsencrypt renewal without any problem(both DNS validation and web validation are okay).
Every 65-min email is coming from webmin@hostname that’s why I thought it would be related with Webmin/Virtualmin cron jobs.
Just to make sure; is Virtualmin use Certbot to issue/renew certificate or another module is taking care of it?
If certbot is installed, it uses certbot. certbot is preferred because it handles several edge cases that the bundled ACME Tiny cannot. And, for wildcards, it must use certbot. The bundled ACME Tiny client does not handle wildcards.
I’m not sure what’s going on…I’ve never seen that behavior (though I rarely use wildcard certs and don’t recommend them, as they have security implications).