Hostname domain SSL certificate failure

Here’s my situation. I have a domeinname registered. Let’s call it Domain1.com. This is registered at nameservers ns1.host1.com and ns2.host2.com and the website Domain1.com resides on that server.

In the DNS settings of that server I create a sub-domain. Host1.Domain1.com. I have that subdomain point to the IP address os my new virtualmin server in all the necessary records.

So, Virtualmin shows as hostname: Host1.Domain1.com. It has it’s own virtualserver with it’s own DNS settings in which Let’s Encrypt has created a certificate. Thsi worked fine for months and I was able to reach Host1.Domain.com thorugh HTTPS. Upon renewal it gives an error:

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: host1.domain1.com
    Type: unauthorized
    Detail: Incorrect TXT record
    “Oc7VzJr3K6HADNMZKiZZUF845QarxFb0ugl0KlKC6aQ” found at
    _acme-challenge.host1.domain1.com

    Domain: host1.domain1.com
    Type: unauthorized
    Detail: Incorrect TXT record
    “Oc7VzJr3K6HADNMZKiZZUF845QarxFb0ugl0KlKC6aQ” found at
    _acme-challenge.host1.domain1.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

Interestingly; that string of the TCXT records actually resides in the records of the server that has Domain1.com running on it.

It is almost as if it is sending the request to Let’s Encrypt from my virtualmin server, but Let’s encypt checks records at the place that has Domain1.com running. When we check the IP of host1.domain1.com it points correctly to the virtualmin server.

Is there anyonone who can point me out what I’m doing wrong?

@Robert71,

In the interest of diagnosis, could you reveal the real domain in question?

That’s the DNS validation error. Are you actually hosting DNS on the server itself? If not, you should be honest with Virtualmin and turn that feature off in Features and Plugins.

We would need to see the HTTP validation error, which came before the DNS validation error.

Also, you never need a certificate for the system hostname, because you never need to use the system hostname after you have Virtualmin domains. You can connect to Webmin and most services on a modern using any domain managed by Virtualmin that also has a TLS cert.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.