When creating a virtual server the Letsencrypt always gives a connectivity failure, but then I can immediately go to Server Configuration and request a Letsencrypt cert and it will go thru with no issues. Is there a setting in my sub-server template that needs changing to make it work while creating the server?
This usually happens with sub-domains since you canât issue a certificate for www.abc.example.com but if you are not creating a sub-domain and have properly set up DNS records (A/AAA and/or CNAME) for your domain (example.com) as well as for www.example.com, mail.example.com, etc, then the issuing of a Letâs Encrypt certificate should work fine.
What error are you getting when creating a new virtual server?
and as I stated, I can immediately go to
Server Configuration
SSL Certificate
Letsencrypt tab and request a certificate and it goes thru just fine.
I do not make any adjustments in between the two processes.
Is there a log that would show more information?
That is all that gets reported to the screen during the setup of the Virtual Server after it attempts to do the cert
I think I have an idea why this happens.
The cert gets requested a step just before the acutal default webpage is created for the site, so that is probably why the connection fails because there is nothing there to open up. Maybe if the cert request should happen next to last??
I think youâre probably right. I created a sub of a virtual server on a different physical machine from the domainâs parent server yesterday (making the child a top-level virtual server on the second machine), and I noticed the same thing, even after making the DNS changes on the parent server (which is the nameserver for the domain).
The sub-server resolved to the second machine correctly; but at the moment the cert was requested, there was no site to land on, and the request failed. Re-requesting it succeeded.
Iâm thinking that Letâs Encrypt will issue the cert even without the acme-challenge entry if authoritative DNS for the domain points to the IP, but there still has to be a site there.
I ran across the setting that makes this work correctly.
In System Settings: Virtualmin configuration:SSL settings/ Request Letâs Encrypt certificate at domain creation time? (choose the first radio button for Yes and skip connectivity check
This could be the case, but also itâs not checking connectivity, which is a good check in case a typo has happened. Stopping connectivity check is not ideal.
The issue I have had in the past (and still do but now know why), is that when setting up a new virtual server, often I only want a website- no âadminâ or âwebmailâ subdomain.
Unfortunately, when setting up the virtual server with SSL, it automatically attempts to check all these subdomains. The solution then being to go back into server setup and change the radio option to only these domains, and enter the two I want i.e. domain.com and www.domain.com.
Annoying. But easy enough, just having lots of fails with letsencrypt is annoying.
The real fix: Virtualmin, when setting up new virtual server, should not be trying to authorise sub domains for services unselected at virtual setup! Or even better, if ticking âsslâ give an option to input domains/sub domains at that point. But that would been Virtualmin to change it!