I just did a fresh install and I asked for a LE cert for the default host domain.
It failed, then generated a new self-signed certificate.
The virtualmin-install.sh filesize is 38586 Bytes if that helps identify which one I used.
After the wizard finished, trying for an LE certificate shows that it wan’t to use all the aliases.
So probably best for me to go back to not trying to use LE in the Wizard.
Doing it all again, this time asking for server to be created with the self-signed cert re-generates the cert, and then going to ask for an LE cert after is trying for all the alias again. This didn’t happen a couple of days ago and is possibly a step backwards.
This might be my fault, I usually select to Edit Virt Server, untick DNS domain enabled - I missed doing that before requesting the LE cert.
@Randomz is that self-signed cert being applied to Virtualmin on port 10000 as well?
@Randomz Jamie just fixed a bug requesting LE certificate for aliases on default domain creation in wizard. The only issue that is still present though (with all checked in code), is that self-signed certificate is applied, making connection error popup appear.
Alright, I have taken a deeper look at the problem and fixed it fully. This no longer an issue.
I am getting confused here.
I am using this:
wget https://software.virtualmin.com/gpl/scripts/virtualmin-install.sh
I just did a fresh install, then ran the Wizard. First go I selected to create the domain with self-signed and it created a new certificate along with the error message.
The I restored snapshot and ran the Wizard but this time I selected for an LE certificate. Again it created a self-signed with the error message.
So what is supposed to have changed, or am I not getting the up to date installer?
The change is not released yet.
What you could do is to install using install.sh script first and then apply recent patches (which I cannot recommend doing).
I tried 7.1 a couple of times today, it works well and fixed the MySql root password bug - thanks guys.
I am still curious about the option to create the default domain which defaults to using a LetsEncrypt certificate, but still fails to do that. Looking at the files, .etc/letsencrypt directory created but with nothing entered apart from the one line cli.ini file.
What is supposed to happen?
Thanks guys for also stopping it from regenerating the self certificate.
Yes, we finally fixed that.
Perhaps, what could work in your case is to first deleting the default domain created earlier and then, going to, System Settings ⇾ Virtualmin Virtual Servers ⇾ Configuration: Defaults for new domains and set Address format for Apache virtual hosts option to Always use *, and then re-run the wizard and create default domain anew – does it fix the problem for you?
I usually finish the Wizard and then go:
Edit Virtual Server
untick DND domain enabled, Save
Server Configuration
PHP Options
set execution mode to FPM
Website Options
Redirest to SSL - Yes
SSL Certficate
Let's mEncrypt
Request Certficate
I just edited to include unticking DNS first. That means I just get a certificate for the domain which is all I need.
My question still is - why offer to create the default domain with an LE certificate if it never works inside the Wizard?
Another thing, doing this on 7.1 doesn’t apply the LE cert to port 10000 for Web/Virtualmin. It used to which was the only real reason I used it as the default domain for me is just to run Virtualmin.
EDIT! It appears to not be applying it at all to the default domain if I go back to Server Config, SSL Cert and have a look.
Looking via command line it appears to be in place in /etc/letsencrypt/live etc
It would work if DNS pre-configured correctly (cloud DNS or glue records on registrar side).
It will apply Let’s Encrypt certificate if request is successful. Self-signed certificate will not be applied, as there is no point in doing it, because miniserv already has a self-signed certificate.
Try going to virtual-server.name - Server Configuration ⇾ SSL Certificate / Let’s Encrypt page, disabling validation with choosing Skip tests and requesting a certificate.
Well this is weird. I wrote this:
I have no idea what you’re talking about.
[quote=“Randomz, post:26, topic:115089”]
I am getting confused here.
I am using this:
wget https://software.virtualmin.com/gpl/scripts/virtualmin-install.sh
Works fine for me.
Jaimee819 quoted a post from me but the link in his post is very different to the link in my original post.
I am wondering why?
Spammer. I have deleted the user, blocked them, and removed their links. I didn’t see this earlier.
Edit: Also, don’t repeat the spam links when a spammer posts! You very well could have gotten yourself reported as a spammer, either automatically or by a user.
I would just like to add that with headless servers I decided to create one cert for ALL domain names, and a wildcard (*.domain.tld) cert for all those names. Yes, using LE. This made it so much easier.
Assuming one machine has no more than 100 domain-names this works fine.
Would be nice if VM would offer this as an option.
That is dangerous, and I don’t recommend it. Wildcards already have security implications (and I don’t recommend them!), but one cert for all domains is even worse. Anyone on the server can impersonate anyone else, and can copy the cert off and re-use it elsewhere.
Absolutely not! It’s crazy dangerous.
Nobody ever do this, please!