Lets Encrypt and SubDomain / virtual Sub Server


have a big problem with the Lets Encrypt Certs the don't validate
i Have 2 Virtual server:
1. example.com
2. work.example.com

what i have do:

Virtualmin > Create Virtual Server …

Virtualmin > Server Configuration > Manage SSL Certificates > Let’s Encrypt: adding the sub-domain name > Request Certificate > and wait

Virtualmin > Services > Configure Website > Aliases… > Permanent URL Request and adding: / https://work.example.com/

and now when i go to the site i see that’s the Cert not Validate, but my non sub-domain works perfect

the cert: Screenshot Cert

the cert not validate: Screenshot Not Validate

Hope anyone can help me. And sry for my bad english.

I have a similar problem. masonbee.nz will get a cert but hive.masonbee.nz won’t. Error is "Nameserver lookup failed : Could not find any nameservers for hive.masonbee.nz ". I have nameservers at ns1.masonbee.nz and ns2.masonbee.nz and dig looks OK to me. I can install certbot and issue certs through that but not through the virtualmin lets encrypt interface.

Yours is a different problem from OP.

Here’s what I see when I dig your name records:

;; ANSWER SECTION: masonbee.nz. 3599 IN NS ns2.webslice.co.nz. masonbee.nz. 3599 IN NS ns1.webslice.co.nz. masonbee.nz. 3599 IN NS ns3.webslice.co.nz. masonbee.nz. 3599 IN NS ns4.webslice.co.nz.

And, when I query one of those servers, I get this:

$ host hive.masonbee.nz ns1.webslice.co.nz Using domain server: Name: ns1.webslice.co.nz Address: Aliases:

hive.masonbee.nz has address
;; connection timed out; no servers could be reached

Which is actually really weird, because it provides an answer and an error. I’m guessing Virtualmin is detecting the error without noticing that it got an address, too.

So, something is wrong with your DNS. That’s something you’ll want to fix (as it took a while to get an answer, even if we ignore the timeout error), and is probably why it’s failing in Virtualmin.

I haven’t seen this particular behavior before, that I can recall…I guess it’s querying one name server, and then when that one takes a while it queries the next, and it provides a response and then the timeout for the first finishes soon after. I’d need to look at the code for the resolver to know what’s happening there and in what order. Regardless, all of the name servers listed for your zone are returning that error and result, or returning nothing but that error.

So…to fix it, you need to fix your DNS. I’m not sure exactly what’s going wrong there, though.