Fresh install does not get Lets Encrypt cert

Operating system: Ubuntu 20.04LTS

Fresh install. Run through the initial config wizard. Have it use its own defaults to try and set up a Lets Encrypt cert for the default domain… just fails.

Get back into the admin area after typing “thisisunsafe” into Chrome, just so I can get to the normal login page…

VirtualMin > Server Configuration > SSL Cert > Lets Encrypt

Switch to only trying the main domain (instead of the default, and unwanted/un-used server29.DOMAIN.co.uk
www.server29.DOMAIN.co.uk
admin.server29.DOMAIN.co.uk
webmail.server29.DOMAIN.co.uk)

Request Cert… fails.

Odd thing spotted… the log talks about nginx. This is a fresh default install and should be Apache? Why is nginx anywhere in these logs?

Here’s the /var/log/letsencrypt/letsencrypt.log
2021-06-08 16:28:34,069:DEBUG:certbot.main:certbot version: 0.40.0
2021-06-08 16:28:34,069:DEBUG:certbot.main:Arguments: [’-a’, ‘webroot’, ‘-d’, ‘server29.DOMAIN.co.uk’, ‘–webroot-path’, ‘/home/server29/public_html’, ‘–duplicate’, ‘–force-renewal’, ‘–manual-public-ip-logging-ok’, ‘–non-interactive’, ‘–agree-tos’, ‘–config’, ‘/tmp/.webmin/629635_97126_1_letsencrypt.cgi’, ‘–rsa-key-size’, ‘2048’, ‘–cert-name’, ‘server29.DOMAIN.co.uk’]
2021-06-08 16:28:34,070:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-06-08 16:28:34,082:DEBUG:certbot.log:Root logging level set at 20
2021-06-08 16:28:34,082:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-06-08 16:28:34,083:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2021-06-08 16:28:34,083:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f01428b0190>
Prep: True
2021-06-08 16:28:34,084:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f01428b0190> and installer None
2021-06-08 16:28:34,084:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-06-08 16:28:34,088:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/126405847’, new_authzr_uri=None, terms_of_service=None), 5544de1e5232690abbd16bf62012078c, Meta(creation_dt=datetime.datetime(2021, 6, 8, 16, 17, 6, tzinfo=), creation_host=‘server29.DOMAIN.co.uk’))>
2021-06-08 16:28:34,088:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-06-08 16:28:34,091:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-06-08 16:28:34,616:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2021-06-08 16:28:34,617:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Jun 2021 16:28:34 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“KUNp7QzIUok”: “Adding random entries to the directory - API Announcements - Let's Encrypt Community Support”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
2021-06-08 16:28:34,617:INFO:certbot.main:Obtaining a new certificate
2021-06-08 16:28:35,020:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0005_key-certbot.pem
2021-06-08 16:28:35,023:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0005_csr-certbot.pem
2021-06-08 16:28:35,025:DEBUG:acme.client:Requesting fresh nonce
2021-06-08 16:28:35,025:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-06-08 16:28:35,155:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2021-06-08 16:28:35,156:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Jun 2021 16:28:35 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0003MMshIzaBPLLMQK1Cuk1GKhdmMFPC8J0MAF-kqSUWTEs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2021-06-08 16:28:35,156:DEBUG:acme.client:Storing nonce: 0003MMshIzaBPLLMQK1Cuk1GKhdmMFPC8J0MAF-kqSUWTEs
2021-06-08 16:28:35,157:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “server29.DOMAIN.co.uk”\n }\n ]\n}’
2021-06-08 16:28:35,160:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NDA1ODQ3IiwgIm5vbmNlIjogIjAwMDNNTXNoSXphQlBMTE1RSzFDdWsxR0toZG1NRlBDOEowTUFGLWtxU1VXVEVzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ”,
“signature”: “BDqm3E3nUEmCnTVCYwP4IfN9orPpP677K1PGBlyRK9K5rBWgrRaePggcjpmwfEI-KbDOrEjK79-anY9k4nfsU8d2mTaaOdrq82s8rr25r4ig8Xc-DFxZf_9pVcdR6caWbK0DN8EBbVV-TsBjYd0hEPSAzNSXOLe4pvEFLhVPquVpfvGSVYvdsAb_qlfllQfipAeW2aFtEqbLc7C7UJG3HEF97hDGduxNJWBZX8Q98uoUFhdqhiEPvqvvWDtxSyDRTsBevIBbeZabK8qOvQJaYCWquivzn1R2xk4m6tzKMs8JRNtTE1rb_pcQNHE_4BGxMjEOi7MhJJzovloJH9bDPg”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNlcnZlcjI5LnZpZXdjcmVhdGl2ZS5jby51ayIKICAgIH0KICBdCn0”
}
2021-06-08 16:28:35,424:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 429 201
2021-06-08 16:28:35,425:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Tue, 08 Jun 2021 16:28:35 GMT
Content-Type: application/problem+json
Content-Length: 201
Connection: keep-alive
Boulder-Requester: 126405847
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0004riRyu9WqJWXdj_yeGalbly9PBGsn39geF1jJcOnKCQ8

{
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”,
“status”: 429
}
2021-06-08 16:28:35,425:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/letsencrypt”, line 11, in
load_entry_point(‘certbot==0.40.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1382, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 417, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 381, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 863, in new_order
return self.client.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 666, in new_order
response = self._post(self.directory[‘newOrder’], order)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 95, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1171, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1184, in _post_once
response = self._check_response(response, content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1042, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt
2021-06-08 16:28:35,426:ERROR:certbot.log:An unexpected error occurred:
2021-06-08 16:28:35,427:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt
2021-06-08 16:28:36,693:DEBUG:certbot.main:certbot version: 0.40.0
2021-06-08 16:28:36,693:DEBUG:certbot.main:Arguments: [’–manual’, ‘-d’, ‘server29.DOMAIN.co.uk’, ‘–preferred-challenges=dns’, ‘–manual-auth-hook’, ‘/etc/webmin/webmin/letsencrypt-dns.pl’, ‘–manual-cleanup-hook’, ‘/etc/webmin/webmin/letsencrypt-cleanup.pl’, ‘–duplicate’, ‘–force-renewal’, ‘–manual-public-ip-logging-ok’, ‘–non-interactive’, ‘–agree-tos’, ‘–config’, ‘/tmp/.webmin/456624_97126_3_letsencrypt.cgi’, ‘–rsa-key-size’, ‘2048’, ‘–cert-name’, ‘server29.DOMAIN.co.uk’]
2021-06-08 16:28:36,693:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-06-08 16:28:36,705:DEBUG:certbot.log:Root logging level set at 20
2021-06-08 16:28:36,706:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-06-08 16:28:36,706:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2021-06-08 16:28:36,707:DEBUG:certbot.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot.plugins.manual:Authenticator
Initialized: <certbot.plugins.manual.Authenticator object at 0x7f0bc6cf6100>
Prep: True
2021-06-08 16:28:36,707:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.manual.Authenticator object at 0x7f0bc6cf6100> and installer None
2021-06-08 16:28:36,707:INFO:certbot.plugins.selection:Plugins selected: Authenticator manual, Installer None
2021-06-08 16:28:36,711:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/126405847’, new_authzr_uri=None, terms_of_service=None), 5544de1e5232690abbd16bf62012078c, Meta(creation_dt=datetime.datetime(2021, 6, 8, 16, 17, 6, tzinfo=), creation_host=‘server29.DOMAIN.co.uk’))>
2021-06-08 16:28:36,712:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-06-08 16:28:36,713:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-06-08 16:28:37,224:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2021-06-08 16:28:37,225:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Jun 2021 16:28:37 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“O2bG3N2CdpE”: “Adding random entries to the directory - API Announcements - Let's Encrypt Community Support”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
2021-06-08 16:28:37,225:INFO:certbot.main:Obtaining a new certificate
2021-06-08 16:28:37,401:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0006_key-certbot.pem
2021-06-08 16:28:37,403:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0006_csr-certbot.pem
2021-06-08 16:28:37,404:DEBUG:acme.client:Requesting fresh nonce
2021-06-08 16:28:37,404:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-06-08 16:28:37,537:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2021-06-08 16:28:37,538:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Jun 2021 16:28:37 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 00038gxLRNjAJtP0iRWh_XZYUGBdNKBoBdwNH9rFIc6KApQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2021-06-08 16:28:37,538:DEBUG:acme.client:Storing nonce: 00038gxLRNjAJtP0iRWh_XZYUGBdNKBoBdwNH9rFIc6KApQ
2021-06-08 16:28:37,538:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “server29.DOMAIN.co.uk”\n }\n ]\n}’
2021-06-08 16:28:37,540:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NDA1ODQ3IiwgIm5vbmNlIjogIjAwMDM4Z3hMUk5qQUp0UDBpUldoX1haWVVHQmROS0JvQmR3Tkg5ckZJYzZLQXBRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ”,
“signature”: “WzkxlXBBgyaVxsNaywHZMwNn3b670RFa2Vouq4jMge3xz211Rl_0XVB0sGncbq_bJwkkP6ZUQSYVrsoD6D2yprLGUiasL8QNeBe2dd__cZZtXmSxjHFsGVXRUt89VaJUYjOA3SLpUidMsol5_f-yQPolUCIjL3FGks8990tGGemA0qpok6YJbqIKaVsQCI2VLM62nM2gF_-r4q4txs9hOs0bN_zKlDEY0UplRi57JWEFvHrppSm2ZoxojTjv3syjqzrQgf7u-qrk0gjGm4MHFodxr2V9_OZlMkNkfLLancSf00MSUB0_GJFVXswSCi5sPNcTuOktfjOwcViczIGyLg”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNlcnZlcjI5LnZpZXdjcmVhdGl2ZS5jby51ayIKICAgIH0KICBdCn0”
}
2021-06-08 16:28:37,804:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 429 201
2021-06-08 16:28:37,805:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Tue, 08 Jun 2021 16:28:37 GMT
Content-Type: application/problem+json
Content-Length: 201
Connection: keep-alive
Boulder-Requester: 126405847
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0004lhPT8s2re5S0JRtf46J_mNNP75p2YCbjGk7KDWToRhA

{
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”,
“status”: 429
}
2021-06-08 16:28:37,805:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/letsencrypt”, line 11, in
load_entry_point(‘certbot==0.40.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1382, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 417, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 381, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 863, in new_order
return self.client.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 666, in new_order
response = self._post(self.directory[‘newOrder’], order)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 95, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1171, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1184, in _post_once
response = self._check_response(response, content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1042, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt
2021-06-08 16:28:37,806:ERROR:certbot.log:An unexpected error occurred:
2021-06-08 16:28:37,807:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt

nginx is running on the Let’s Encrypt validation server, nothing to do with your server.

I don’t know why your validation is failing, however. The last errors are after the rate-limiting kicked in and can be ignored (mostly…it means you have to wait in between testing, since it will never work until the rate limit times out).

Thanks Joe.

Weirdly enough, rebooted the server, tried again this morning, and it’s worked!

Current theory is it failed a couple of times with the un-wanted default sub-domains which triggered the rate limit on Lets Encrypt’s end.

1 Like

Yeah, the subdomains are a common source of confusion for people not hosting DNS on the box itself. I think we need to get rid of more of those or make it more clear they need to exist in DNS before creating certs.

Sounds good to me. As it stands, by default an install will always fail - just running the intro wizard tries to set up a Lets Encrypt cert, which will always fail in that case, which will seemingly then cause a rate limit issue, which itself is not obvious, which in turn means you can spend ages doing “the right thing” and not know why it isn’t working.

Cheers tho!

Yeah, I don’t like how prone to failure the wizard is on this front. I talked about it with @Ilia and Jamie, but I guess it’s still in there. I think we need to roll it back. It’s so unlikely to ever work right on first install…it assumes so many things are going to be configured right that the vast majority of users have no idea how to get right. It’s just a mess.

I get the intention, and it’s a great intention… but yes it’s very fragile mainly because of the assumptions. The only way I can imagine it to work reliably is treating the whole set up more like an old-school wizard with a:

  1. “Do you want to use this server to administer your DNS? Y/N”
  2. “Do you want this server to act as a Mail server? Y/N”
  3. “If you want Mail, do you want to run services to help with protection from Spam / Junk? Y/N”

Which, to be fair, I’d like earlier, were one ever to be considered. I don’t ever want any DNS related anything on the server. Nor do I ever even want to install Webalizer, or any Mail handling anything, etc. At the moment, Webmin/Virtualmin is most of a kitchen, and I only want the kitchen sink.

That’s major work though, I am certain.

1 Like

Yeah, that’s actually not very hard. Reframing as what the user wants to do with the server rather than just setting the “how” might be a better way to present the questions, and is more about language than technical issues.

Whether DNS is hosted on the server is one Feature switch. But, DNS can be handled via a huge variety of mechanisms; locally hosted, cloud-hosted (Route 53), Cloudmin Services hosted, or not managed by Virtualmin at all. So, questions about DNS get complicated fast.

1 Like

Oh I can only imagine the nested tree of complexities for configuration. Might it be worth doing some of that for low hanging fruit, but pointing other more problematic outcomes to something like “The set up you requested can not be fully configured automatically; the services will be installed and you can read guides on manually configuring them here: link, link, link.”