Lets Encrypt using ACMEv1

Hey… I saw for the first time today this error when requesting a Lets Encrypt Cert
Error requesting challenges: Error creating new authz :: Validations for new domains are disabled in the V1 API (https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430)
I have read on the forums / google that this may be resolved in Webmin 1.941
I have
Operating system Ubuntu Linux 16.04.6
Webmin version 1.932
Usermin version 1.780
Virtualmin version 6.08

It seems I cant upgrade Webmin manually since thei is governed by the Virtualmin Repo.
Also the latest Webmin seems to be 1.953

So… before I try breaking things to get CertBot to fetch Certs using the API V2, when is Virtualmin going to upgrade Webmin to support CertBot, ACMEv2, API V2 or whatever.

I only have 50 or 60 certs currently relying on Virtualmin for renewal.


Virtualmin repos all have Webmin 1.953 (and have had most stable releases soon after their release). There is nothing we’re doing keeping you from upgrading.

Are you sure you haven’t disabled the virtualmin-universal repo? Or, is there an error you’re ignoring?

Hey Joe… thats good to know and thanks for the quick reply. My Server / Virtualmin has updates enabled. I have just run some updates… Virtualmin is advising the server needs a reboot as a result of the latest. I am waiting till later tonight to perform the reboot.

How do I disable the virtualmin-universal repo.

Is there something I can check to see why I am so far behind.
The install was done on this new server October last year.

I would simply download latest install.sh script by running:

wget http://software.virtualmin.com/gpl/scripts/install.sh

… and then run:

./install.sh -s

… and then ran system packages upgrade.

Is re-running the install safe to do on a production system
Those are the steps I did last October to install Virtualmin
I have never run the install over an existing installation… dont really care to chance it unless someone has already done this.

Still curious to know why my present install seems to be stuck at Webmin Version 1.932

The ‘-s’ or ‘–setup’ flag just sets up software repos. I don’t think I would recommend even that on an existing system, though, until you understand what went wrong. It is “safe” in that it won’t reinstall Virtualmin (which would be disastrous in some cases), but it isn’t necessary, probably. At the very least, something broke on your system that made updates from our repos not work. It’d be useful for you to understand why. Maybe you broke it, maybe something you installed broke it, maybe changes to your system broke it.

Look in /etc/apt/sources.list (and on newer installs it’s be /etc/apt/sources.list.d/virtualmin.list). Are there virtualmin-* repos configured? If so, what errors do you get when you try to run apt-get update. If you have virtualmin-universal repo enabled and it can’t update, it will tell you why.

Hey Joe… this install is on a GCP instance.
/etc/apt/sources.list contains the following

Note, this file is written by cloud-init on first boot of an instance

modifications made here will not survive a re-bundle.

if you wish to make changes you can:

a.) add ‘apt_preserve_sources_list: true’ to /etc/cloud/cloud.cfg

or do the same in user-data

b.) add sources in /etc/apt/sources.list.d

c.) make changes to template file /etc/cloud/templates/sources.list.tmpl

/etc/apt/sources.list.d contains the following

None of these files contain the ‘virtualmin’ string

I am suspecting that a ‘re-bundle’ could occur upon a cpu / memory upgrade, which has been done.
Perhaps the original Virtualmin inclusions have been destroyed.

Can I manually correct this?
Will running

./install.sh -s; apt-get update

achieve this?

Yes. install.sh -s will recreate the Virtualmin repo config for your OS/version.

Hey Gents… thankyou for the education.
I have now updated my APT Repo using install.sh -s and my Webmin is now upgraded to 1.953 as well as other upgrades… all good
I note also the new file
All good and this should survive any more GCP ‘re-bundles’ I hope

I have now proceeded to my original task, being to create a new Letsencrypt certificate.
This is failing due to the VS email address that is unresolvable since the email variables are
I can see this listed also in the 'Create Signing Request" tab.
Can you advise where this comes from as I cant find an obvious field to edit.
Is it coming from the Webmin Networking modules?

Hello… Any chance of a response to this - which is really the core of my original question?

Creating a new Letsencrypt certificate is failing due to the domain portion of the VM email address that is unresolvable since the email variables are configured as $DOM@some-gcp-project-name.internal
This is done automatically when I install virtualmin on a VM @ Google Cloud
I did not want to mess with the things GCP does to their Virtual Hoosts but clearly this is messing with Virtualmin variables.

Ok, from what I understand you need to get email working in order to get SSL certs, right?

I think you can change the admin email address in Virtualmin to one that is reasonable, though I don’t know off-hand where. The Google name is silly and can never work for mail or anything except internal Google stuff. Apparently you can create a VM with a reasonable name, but you can’t change it after creation (this is wack…Google cloud is wack in a lot of areas, honestly): https://cloud.google.com/compute/docs/instances/custom-hostname-vm

Email is working. I previously had SSL certificates being issued using the ACME V1 however upon upgrading Virtualmin / Webmin, this now uses V2 and I thought all was fine, but Letsencrypt is failing the certificate issuance due to the unresolvable domain portion of the email address used by virtualmin.

The email address is generated somehow by Virtualmin and it uses the INTERNAL domain name Google Cloud creates for its Virtual Machines.

Hey Joe, yes I agree about GCP being wack in this way. AND is is bad that this cant be changed.
I tried editing the Virtual Host file under /etc/webmin/virtual-server/domains/ but this did not work. The email presented to Letsencrypt still had the GCP fake domain name.

Is Virtualmin creating the email address, or is this being dome by Certbot?

Yes, it is clear that Google Cloud has given your system a silly name and that has had a cascading effect in the configuration of many other services. Good to know that you have email working now @treken

Let’s start diagnosis from the beginning: what is your hostname? What does Webmin -> Network -> Hostname and Client show?

I don’t know, but you can change it and find out. It’s in Virtualmin Configuration->Actions Upon Server and User Creation->From: address for email sent by Virtualmin.

At least, I assume that’s where it’s coming from, but I’m guessing. I found this by clicking Virtualmin Configuration and then using the “Filter” icon in the top right and typing in “email”. There’s so much stuff in Virualmin and everything is configurable, I don’t have it memorized…I just go looking for it, just like everybody else.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.