How to fix invalid SSL certificate on my system hostname

I have been trying to fix my main servers system hostname SSL by requesting a letsencrypt SSL from Webmin > Webmin Configuration > SSL Encryption > Let’s Encrypt But it is failing for all the attempts and by choosing different options. I am not sure what I am missing and what needs to be done for this. This is the error:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for srv.domain.com
Using the webroot path /etc/webmin for all unmatched domains.
Waiting for verification...
Challenge failed for domain srv.domain.com
http-01 challenge for srv.domain.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: srv.domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://srv.domain.com/.well-known/acme-challenge/0mkv8DJ9gCVdwrba2axwjWNI6m2bRVg2207PDE-K0qk
   [49.12.74.48]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

The A record for srv.domain.com is added and it points to the server IP address

I don’t want to go and add a virtual server from virtualmin. Because virtualmin is to create virtual servers and if I add a virtual server for the main system domain it might cause problems.

Here are my server details:

Webmin version: 1.954
Usermin version: 1.803
Virtualmin version: 6.11
Operating system: CentOS Linux 8.2.2004

Concurrent with your post, there was another in which the member shared with us the real domain name that he was using; based on this info, one of us was able to offer the solution to his exact problem. See

I looked at this post and it doesnt offer a solution. And my DNS is pointing to the server correctly.

My point was that the community can offer specific suggestions for problems such as this if you share the domain names associated with virtual servers - absent which we are all shooting in the dark.

1 Like
  1. include srv in your A record on domain being used.
  2. Create Virtual Server in Virtualmin. srv.domain.com. Don’t include SSL option.
  3. Go to Webmin, Webmin Config, SSL Encryption, Let’s Encrypt.
    Make sure your Hostname is there: srv.domain.com
  4. Request Certificate.

Also, keep in mind, if you request certificate too many times, you maybe locked out for a week or so…
Good luck…

Tip: try to use a separate domain, than the one you’re planning on using for your affairs… Ask me how I know…

Thanks @ilouie

So I checked off the feature “Apache SSL website enabled?” by editing the virtual server I created. The only option now enabled is “DNS domain enabled?” in the “Enabled features” section

It seems like I am locked out of requesting new letsencrypt, so I will have to try that in a week or so and see if it works.

About your tip

“Tip: try to use a separate domain, than the one you’re planning on using for your affairs… Ask me how I know…”

Can you tell me how should I set this up to access my main server please?

Are you currently up and working?..or are you at the configuring phase?

My server is up and running and I have moved my sites from cpanel backups

Did you add a Host name to the domain you’re using as Host, and did you add it to the A record?. Where is your domain hosted?. At server or somewhere like Godaddy?.

Yes, after I setup the VPS with my server company. I used the install.sh script (virtualmin.com/download.html) to install virtualmin on the server. After everything is completed successfully I got this message:

[SUCCESS] to configure at https://srv.domain.com:10000 (or https://SRV.IP.ADR.ES:10000).

I setup the A record at my DNS manager (cloudflare) to point srv to my server IP address before running install.sh

I just checked the address and it’s not found. If you want to start from scratch again, follow this: https://www.hostwinds.com/guide/install-virtualmin-centos-7/, I’ve found this to be simple and quick…Make sure you install it on the hostname… I have it install on Centos 7.

yeah those addresses are not the real address of my server. Those are just placeholders

Hi,

This looks wrong to me.

ahmadkarim, try following this: https://tutorials.kurtobando.com/add-ssl-and-change-port-to-your-virtualmin-hostname/

I have the same problem recently.
I have a CentOS 8.2 instance that will not renew its Let’s Encrypt certificate. It succeeded three months ago when setup but now the URL gets a 404 error. Since the validation file remains for such a short time I can’t be sure whether it is actually created but I did create a test.txt file which causes the same 404 error.
In Webmin config/SSL/Let’s Encrypt settings I choose “other directory” (/var/www/html) as the validation root directory. I am expecting the external URL to be http://<ip_address>/.well-known/acme-challenge/test.txt.
The result displayed in Firefox is
Not Found
The requested URL /.well-known/acme-challenge/test.txt was not found on this server.

My Webmin FQDN resolves correctly with both IPv4 and IPv6 addresses. Let’s Encrypt validation appears to prefer the IPv6 address.

In my ignorance I’m not sure whether Webmin miniserv or Apache will serve this URL. Which is it?
Neither log shows any related errors. But would I need to change the log level? and where?

Permissions seem OK and certainly the same as my other CentOS 7 instance.

I’m at a loss to know why the URL is not being served, and especially why it once was, but not now.
I have installed many updates through Webmin/Virtualmin in this interval.
The Webmin FQDN domain is not a virtual domain on this server.

Virtualmin domain LE certificates are renewing perfectly as expected.
Webmin LE certifcates have always renewed manually for me, but consistently never automatically!

Any clues that can help me troubleshoot this would be most appreciated. Especially the answer to which webserver is used by Webmin for its own FQDN.
Thanks
Webmin version 1.955
Usermin version 1.803|
Virtualmin version 6.12
Authentic theme version 9.54

I realise now that miniserv only serves on port 10000, so it is Apache that serves on port 80, and the default virtual server that will serve files from /var/www/html in whcih the LE validation files will be stored (under .well-known/acme-challenge).
So my LE problem is due to Apache not serving the file, instead giving a 404 Not found response to anything in the default virtual server.