Related products version: DigitalOcean Droplet (Ubuntu 18.04 LTS)
Hello.
I am trying to install an SSL Certificate without success via Virualmin. But on every attempt I face this error:
Requesting a certificate for mydomain.com, www.mydomain.com, mail.mydomain.com, admin.mydomain.com, webmail.mydomain.com from Let's Encrypt ..
.. request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
DNS-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
However, the domain and the subdomains were indeed created in the DigitalOcean Panel with the Domain Name already registered with Namecheap.
How then to correct this error please and allow the automatic redirection in “https” of my domains and its subdomains ???
You cannot use DNS validation, since you are managing your DNS outside of control of Virtualmin. There is no point looking at DNS validation errors, since it cannot possibly work.
The web validation problem is the one you need to fix. So, figure out why the web validation is failing.
It’s pretty much always one of two things:
You don’t have DNS records for all of the names you’re trying to request a certificate for.
You’re not allowing requests to .well-known path in your domain to be served from the filesystem. Maybe you have an htaccess file or web app configuration that sucks up those requests and turns them into error pages or redirects them something else.
Thank you for your reply. But how do you authorize requesting them to the “.well-known” path of the domain ???
Do I have to create an A record with the subdomain or host “.well-known” ???
You have exceeded the number of requests that Let’s Encrypt permits you to make for a domain. You need to wait a few hours or a day before you try again.
Now, about your error:
You are requesting a certificate for the domains mentioned above. Are all these domains pointing to your Virtualmin server’s IP address? If even one of them is not, your request for a SSL certificate will fail. The first thing for you to do is look at the DNS records that you have created for the domain and insure that these exist and resolve as they should.
No! You need to create A records for the domains mentioned above. That’s all you need to do. Virtualmin will do the rest, including everything related to well-known (which is a subdirectory, not a domain, FYI): as Joe said, just make sure that your .htaccess does not have a directive which prevents access to well-known.
But when I run on my side, in my web browser the url “admin.mydomain.com”, it sends me to “https://mydomain.com:10000/” via an automatic redirection and of course we notice there , that the certificate has been taken into account:
So, why when I try to activate it for the main domain “mydomain.com” which is not yet supported by the SSL certificate, does not redirect to the “https” at all ???
And when I visit the same URL, I get the error message that I have posted in the screenshot above.
If you wait a few hours, I will be able to see what you see. To understand why this happens, Google DNS propagation.
Let’s Encrypt may be seeing what I see or may be seeing what you see when it tries to validate your request for a SSL certificate. The only sure-shot way to insure that your request is successful is to wait till the DNS changes that you have made to the domains propagate and resolve everywhere, then get Virtualmin to request a SSL certificate.