Let's Encrypt won't follow redirect to URL with port 10000

Ok, noted. I don’t know about others but I do not use admin.example.com here. I do not apply for a SSL certificate for admin sub-domain. I leave it on http and then it always gets redirected to https on port 10000

In Virtualmin, any hosted domain can be accessed on port 10000 to lead to the Control Panel / Virtualmin GUI.

Yes, a request for http://admin.example.com gets redirected to httpS://admin.example.com:10000, but the problem is that port number. The LE request process needs to read the validation file from http://admin.example.com/validation-file, not https://admin.example.com:10000/validation-file.

As for your last post about any hosted domain on port 10000 leading to the control panel log-in page, that’s not what LE wants, obviously. It only cares about the validation file.

This is important: on all my systems a request for http://admin.example.com gets redirected to httpS://example.com:10000

Yes, exactly. And that’s the problem! :slight_smile:

So you need to solve this problem: do something to get http://admin.example.com redirected to httpS://example.com:10000 instead of applying for a SSL cert for httpS://admin.example.com:10000

Addendum: See this

Thanks for your suggestion, but that doesn’t make any sense. That redirection is what is happening now and that is the problem. And certificates are issued for domains, not for domain with port numbers. I’m not trying to get a certificate for a domain with a port number.

Also, this is a renewal, not an initial certificate, so I don’t know what changed in Virtualmin since three months ago.

I don’t see what that link has to do with my issue, especially as I don’t manage mail with Virtualmin.

Ok, so you are certain that you have not changed directives. Also the SSL application has worked in the past.

This is most puzzling…

Well, yes, actually, I have changed directives, as detailed in my last ticket. That got me part way to the resolution of the issue, but created a new problem that is the subject of this ticket.

SSL still works, but the certificate has expired, and the issue is that I cannot renew it.

Yes, I am most puzzled too!

The following sequence of events could explain your present situation:

  1. you applied for / renewed SSL certs with default directives in place. This operation was successful.

  2. you edited the directives; everything appeared to be working normally at that time.

  3. automatic SSL renewal fails due to edited directives that you have applied.

Not quite. They went in the order 1, 3, 2. I only edited the directives because the automatic renewal failed.

Hmmm. With reference to your comment from the other thread which I have quoted below, in System Settings → Server Templates → Apache website could you set URL for admin redirect to use domain name. The custom URL you have applied there could be the cause of all your troubles.

But that is the default, as far as I recall. Anything else I apply there would be custom.

It does occur to me that I can change the URL there to https://admin.example.com/ (without the port number) and then I can probably renew the certificate and then change it back, but that goes against all common sense.

I meant, in System Settings -> Server Templates -> Apache website could you set URL for admin redirect to the radio button captioned “use domain name”. Since you currently have https://admin.example.COM:10000/ in the text box, you have overridden the default URL with this custom URL.

Again, the default URL is https://example.COM:10000 and the custom URL which you are forcing Virtualmin to use is https://admin.example.COM:10000 and this is what I think is causing all your problems.

OK, I see what you mean. I tried that and tried renewing the certificate, but that didn’t change the error. However, I’m not sure that changing the template changed the configuration of the domain.

I’ll change the Apache directive that needs to be changed and see if that helps.

Yes, the directive as well as the server template must be set to their original default values for SSL renewals to work normally.

So you’re saying that if the domain is example.com, I have to change this directive at Virtualmin -> EXAMPLE.COM -> Services -> Configure Website -> Edit Directives (and Virtualmin -> EXAMPLE.COM -> Services -> Configure SSL Website -> Edit Directives) from this:

RewriteCond %{HTTP_HOST} =admin.example.com
RewriteRule ^(.*) https://admin.example.com:10000/ [R]

… to this:

RewriteCond %{HTTP_HOST} =admin.example.com
RewriteRule ^(.*) https://example.com:10000/ [R]

Is that right? And I must leave the port number in?

Or should I just take them out?

OK, still get the same error referring to LE not being able to follow links to URLs with ports other than 80 or 443.

So I did the next logical thing, took the 10000 port off the RewriteRule. Now I get a slightly different error, but the attempt still fails.

Oh, and I did restart Apache in between each attempt.

If @Joe or @Ilia don’t chime in here tomorrow I’m going to report this as a bug in the Pro forum. Either my statement at the end of the OP here is correct, or I’m missing some information required to complete what should be a very straightforward operation.