Let's Encrypt fails during domain creation - "Nameserver mismatch", "Failed to ping IPv6 address"

Virtualmin
1
SYSTEM INFORMATION
OS type and version Ubuntu Linux 24.04.3
Webmin version 2.610
Virtualmin version 7.50.2 Professional
Webserver version Apache/2.4.58 (Ubuntu)
Related packages SUGGESTED

Let’s Encrypt used to be fully automated during Virtualmin domain creation. Now it’s failing with at least three errors during domain creation. The three errors are shown in bold below but summarised here:

connectivity check failed:

  • Nameserver mismatch
  • Website request failed
  • Failed to ping IPv6 address

The curious thing is:

  1. This used to work.
  2. After creation, if you then immediately go to the Let’s Encrypt provisioning menu it always works.
    So Manage Virtual Server → Setup SSL Certificate → Request Certificate always works even though during creation this always fails.

Here is typical output of domain creation. We do around 10 a day and it’s all the same behavior:

Setting Up Virtual Server
In domain example.com
Saving server details ..
.. done
Creating administration group example ..
.. done
Creating administration user example ..
.. done
Creating aliases for administration user ..
.. done
Adding administration user to groups ..
.. done
Creating home directory ..
.. done
Creating mailbox for administration user ..
.. done
Adding new DNS zone ..
.. done
Adding secondary zone on ns2.example.host ns3.example.host ns1.example.host ns4.example.host ..
.. done
...
Setting up initial SSL certificate ..
.. **connectivity check failed** : **Nameserver mismatch**, **Website request failed**, **Failed to ping IPv6 address**
Creating initial website index page ..
.. done
Re-loading Webmin ..
.. done
Applying webserver configuration ..
.. done

If we focus out attention on “Nameserver mismatch” for a moment, this is strange because WHOIS for the domain is 100% correct. These are .COMs are they are registered before Virtual server creation.

To the best of my knowledge the “strictness” of kicking of the Let’s Encrypt process is controlled by at least two configuration screens:

System Settings → Virtualmin Configuration → SSL Settings:

image
image868×347 35.8 KB

On that screen I don’t really see anything that can help me.

The other strictness configuration screen is controlled by manual creation menu:
Setup SSL Certificate → Request Certificate

image
image868×852 81.8 KB

In my opinion there is some kind of connectivity check now happening that didn’t take place before and I would expect to be able to switch this off somewhere.

@staff please assist

2

Apologies, after I wrote the entire post and showed it to the client, he mentioned this page:

image
image1129×975 127 KB

“Check before certificate request” was “From default settings”, but we’re going to try “Skip tests” and report back.

1 Like
3

Ok let us know how it goes!

Also, make sure that if you have IPv6 enabled in Virtualmin that your system is reachable via it’s public IPv6 address.

4

Hi there! I turned out switching on this setting was the solution:

Yes, and skip connectivity check in the section Request SSL certificate from provider at domain creation time:

image
image1124×969 133 KB

5

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.