SYSTEM INFORMATION | |
---|---|
**OS type and version:CENTOS 8 | |
**Webmin version:1.981 | |
**Virtualmin version:6.17 | |
Related products version: | RECOMMENDED |
I have several domains where let’s encrypt certs were able to auto-renew but one subdomain is failing validation. I am only supporting https (firewall is blocking port 80). The logs look like they are looking for the validation using http. However, I don’t understand how the other domains were able to renew.
Here is an excerpt of a working domain from httpd.conf. I have no port 80 VirtualHosts
<VirtualHost xxx.xxx.xxx.xxx:443>
SuexecUserGroup "#1005" "#1004"
ServerName domain1.com
ServerAlias www.domain1.com
ServerAlias mail.domain1.com
ServerAlias webmail.domain1.com
ServerAlias admin.domain1.com
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
DocumentRoot /home/domain1.com/public_html
ErrorLog /var/log/virtualmin/domain1.com_error_log
CustomLog /var/log/virtualmin/domain1.com_access_log combined
ScriptAlias /cgi-bin/ /home/domain1.com/cgi-bin/
DirectoryIndex index.php index.php4 index.php5 index.htm index.html
<Directory /home/domain1.com/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
<Directory /home/domain1.com/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.domain1.com
RewriteRule ^(?!/.well-known)(.*) https://domain1.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.domain1.com
RewriteRule ^(?!/.well-known)(.*) https://domain1.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.2
<FilesMatch \.php$>
SetHandler proxy:fcgi://localhost:8002
</FilesMatch>
SSLEngine on
SSLCertificateFile /home/domain1.com/ssl.cert
SSLCertificateKeyFile /home/domain1.com/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/domain1.com/ssl.ca
</VirtualHost>
Here is an excerpt of the nonworking domain. This domain is a little different in that it is setup to be handled using flask. How do I carve out an exception to allow the ssl renewal. When I initially set this up, the virtual host was setup like above and I got the let’s encrypt cert. THEN, I setup the application using flask but everything was working until the cert expired.:
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerName sub.domain2.com
#DocumentRoot /home/domain2/domains/sub.domain2.com/public_html
ErrorLog /var/log/virtualmin/sub.domain2.com_error_log
CustomLog /var/log/virtualmin/sub.domain2.com_access_log combined
WSGIDaemonProcess pythonproj python-home=/home/domain2/domains/sub.domain2.com/pythonproj/venv
WSGIScriptAlias / /home/domain2/domains/sub.domain2.com/pythonproj/pythonproj.wsgi
WSGIProcessGroup pythonproj
WSGIApplicationGroup %{GLOBAL}
#DirectoryIndex index.php index.php4 index.php5 index.htm index.html
#<Directory /home/domain2/domains/sub.domain2.com/public_html>
#Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
#allow from all
#AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
#Require all granted
#</Directory>
#<Directory /home/domain2/domains/sub.domain2.com/cgi-bin>
#allow from all
#AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
#Require all granted
#</Directory>
<Directory /home/domain2/domains/sub.domain2.com/pythonproj>
Options -Indexes
Order deny,allow
Require all granted
</Directory>
RewriteEngine on
#RewriteCond %{HTTP_HOST} =webmail.sub.domain2.com
#RewriteRule ^(?!/.well-known)(.*) https://sub.domain2.com:20000/ [R]
#RewriteCond %{HTTP_HOST} =admin.sub.domain2.com
#RewriteRule ^(?!/.well-known)(.*) https://sub.domain2.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.2
<FilesMatch \.php$>
SetHandler proxy:fcgi://localhost:8004
</FilesMatch>
SSLEngine on
SSLCertificateFile /home/domain2/domains/sub.domain2.com/ssl.cert
SSLCertificateKeyFile /home/domain2/domains/sub.domain2.com/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/domain2/domains/sub.domain2.com/ssl.ca
</VirtualHost>