Since last renewal I backed up the server and imported it into a new webmin install on a vm while I setup my physical server which I am just about to copy the virtual servers back.
As the certificate will expire July 9 a month from now I need to work out how to request a new one for the server and not have it error out.
I moved the servers back to the physical server and the certificate for my blog updated fine.
Though I used up tried on my community forum for the week.
Even so it’s still erroring.
How would I remove the old certificate from the system?
Also how do do I do a .well-known folder for letsencrypt as it appears to gone missing or cannot be accessed with the backup and restore?
No idea what the error is if its htaccess or something else as mentioned it was working fine until a month ago and the config has been the same for ages and hasn’t really changed apart from a server change and a backup and re-import of the subserver which is erroring and the main server,
As you can see from my first post it was doing it before it reached the 50 try limit.
I’ll check again next week and see what’s what.
As its back on the physical server and at the same internal 1.1 ip as it was, my other server worked again when putting it back to the physical config so mby this one might in a week once the tries reset.
I’ll keep the post updated but have a feeling I may need some help getting the certificate.
Still cannot get a certificate as I am seeing this:
Requesting a certificate for cajgo-support.com, community.cajgo-support.com from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :
community.cajgo-support.com challenge did not pass: Invalid response from https://community.cajgo-support.com/.well-known/acme-challenge/DVF07sF9RzwdOxsWvuBnXwcu2Jy2gj11EqlMtw5FOII [220.244.244.115]: "<!-- st"
DNS-based validation failed : Failed to request certificate :
community.cajgo-support.com challenge did not pass: No TXT record found at _acme-challenge.community.cajgo-support.com
What I am seeing is the challenge files are correctly going into the top server as I can see them in WinSCP under the user root and permissions 777.
But the error is showing that it cannot read from the acme-challenge directory on the community sub server.
Certificate sharing is on.
This appears to be a bug or a misconfiguration somewhere,
I was trying to share certificates so I was erroring out about the acme directory in the sub server.
In the main certificate I had the sub server domain.
So for now I have unhooked them and managed to update the main certificate but I do want to share certificates for email etc.
So how do I create a shared certificate without it complaining about the sub server acme challenge directory.
Update: I have the certificate for main page renewed now the sub shows a invalid certificate.
Got it working.
I created a self signed certificate then I could get a certificate from let’s encrypt.
I have 2 separate certificates now one for the top one for the community.
I will need to look into a shared certificate later which was the issue which I believe I need to redirect the community well-known directory so it uses the main sites one.