Let's Encrypt for main server host domain

DavidG · June 15, 2020, 7:19pm

I am trying to get a cert for the main server host domain. I tried setting the directory to /var/www/html and /var/www/html/, running in test mode. It fails the HTTP challenge because it can’t retrieve the token. I suspect that this might be due to the fact that when I enter the main server host in a browser, it directs to one of the other domains, rather than /var/www/html – Any ideas?

Joe · June 15, 2020, 7:46pm

Don’t name your server something you plan to use for services.

Name your server something generic (e.g. srv1.domain.tld), and then create a Virtualmin domain for your “main” domain.

DavidG · June 15, 2020, 7:50pm

So I set the server host to a fictitious domain and then create a Virtualmin domain for the real one? Then use /home/user/public_html for the path in Let’s Encrypt? Would I then be able to log in to Virtualmin at https://realdomain:10000? I just want to make sure that I am understanding correctly. Thanks, Joe

Joe · June 15, 2020, 8:00pm

No, it should be a real name. It should ideally resolve (and the IP should reverse resolve to something that forward resolves to the IP). But, you shouldn’t need certs for it, because you’re not going to be sending any clients to that name.

I do this:

Name my server srv1.virtualmin.com
Create a domain virtualmin.com
Add an A record to the virtualmin.com zone for srv1
Optionally add a PTR if I’m authoritative for the IP

DavidG · June 15, 2020, 8:09pm

And then get the cert for the domain created in Virtualmin and accessed at /home/xxx … And then access Virtualmin at that domain port 10000?
I set the hostname to srv1.davidgmedia.us, then tried to create a virtual server in Virtualmin for davidgmedia.us. I got this error: Failed to create virtual server : The domain davidgmedia.us is already hosted by your Apache webserver

DavidG · June 15, 2020, 8:38pm

Would it make sense to set hostnamectl to a fictitious name, then create the virtual server, then set hostname again?

Joe · June 15, 2020, 8:41pm

Get rid of the Apache virtual host you configured for davidgmedia.us outside of Virtualmin.

DavidG · June 15, 2020, 9:51pm

I think I’m making progress. I was able to get the cert issued and it shows as current in Webmin Config. However, the browser still shows unsecured when I go to davidgmedia.us:10000. I tried clearing the browser history and restarted both httpd and webmin.

unborn · June 17, 2020, 7:14am

Did you just read the latest message from Joe? He posted you the completed solution, your progress should be now completed by any means

DavidG · June 18, 2020, 3:19am

Got it! Thanks, Joe – You’ve been a great help!

DavidG · June 18, 2020, 3:21am

Thanks! This is certainly a helpful community. I hope that I will be able to return the favor and help others as well. Although I have a fair amount of experience with website coding and design, until now I have done little server management. I am learning a lot and appreciate the helpful attitude of those I have met here.

system · June 22, 2020, 3:21am

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.