LE certificate for Virtualmin installation

  • Virtualmin 6.08 (GPL)
  • CentOS 7.7
  • Webmin 1.941

I must be missing something in the process of trying to get a Let’s Encrypt certificate working on a new GPL server. On my Pro server I have a non-LE wildcard certificate (on *.example.NET) that I use for all Virtualmin access and various other functions requiring encrypted connections. It works fine. However, this means I don’t have experience trying to get an LE certificate to be the certificate used for Virtualmin and Webmin.

On the new GPL server I have pointed admin.example.COM to Virtualmin, and added example.COM as a virtual server. (It might be useful to know that I am only using Virtualmin for web hosting, not DNS or email.) When I try to get an LE certificate Virtualmin prompts me to get one for example.COM and www.example.COM. Instead I activate the “Domain names listed here” field and enter those two plus admin.example.COM. When I do I get this error:

Traceback (most recent call last):
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 198, in <module>
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 143, in get_crt
    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/example/public_html/.well-known/acme-challenge/cZqlH46J9nz_uYzI354bbzW4fFy37t_V5gBLxfJKHxo, but couldn't download http://admin.example.com/.well-known/acme-challenge/cZqlH46J9nz_uYzI354bbzW4fFy37t_V5gBLxfJKHxo: Error:
Url: http://admin.example.com/.well-known/acme-challenge/cZqlH46J9nz_uYzI354bbzW4fFy37t_V5gBLxfJKHxo
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)>

Of course, admin.example.COM is pointing to the server, but it doesn’t have it’s own website / virtual server. So how do I generate an LE certificate for it? Do I have to create a virtual server or sub-server for admin.example.COM in order to be able to generate the certificate?

Actually, I thought I had found the answer just by writing this all out, but that doesn’t work either! When I try to create admin.example.COM I get this error:

Failed to create virtual server : The domain admin.example.com is already hosted by your Apache webserver

Now what?



Bumpity bump bump. :thinking:

I had this same problem today.

I created the virtual domain for my servers FQDN and tried to use LE to generate a cert - I received the same error as you.

I then SSH’s into my server and tried to use wget the grab that URL

cd /tmp
wget http://admin.example.com/.well-known/acme-challenge/cZqlH46J9nz_uYzI354bbzW4fFy37t_V5gBLxfJKHxo

And it failed.

I then checked /etc/hosts and found my server was only resolving to

So I added my server’s actual IP and FQDN and then everything suddenly worked.

Hope that makes sense,

Thanks, but unfortunately it doesn’t help. I have my FQDN in /etc/hosts.

Try this:

  1. Open Virtualmin
  2. Choose the domain you want to request SSL for
  3. Go to the domain’s File Manager
  4. Create a directory called: .well-known
  5. Go to the Let’s Encrypt section of Virtualmin for that domain
  6. Request New Certificate

Make sure the domain’s A records @ & www are pointed to your servers IP.

Thanks for your suggestion Mik, but I think you missed the part where I said I had no problem with the domains in Virtualmin, but the problem was with the sub-domain I was using for access Virtualmin itself.

After poking around some I found the answer: The place to do this is at Webmin -> Webmin Configuration -> SSL Encryption -> Let’s Encrypt.

However, there is a bug there: the default entry in the “Website root directory for validation file” field is:


This includes the quotes. You have to remove the quotes or Virtualmin will throw an error.

I’ll mark this as solved.