Letsencrypt always fails on Create Virtual Server

SYSTEM INFORMATION
OS type and version Ubuntu 20.04
Webmin version 1.994
Virtualmin version 7.1-1 Pro
Related packages

When creating a virtual server the Letsencrypt always gives a connectivity failure, but then I can immediately go to Server Configuration and request a Letsencrypt cert and it will go thru with no issues. Is there a setting in my sub-server template that needs changing to make it work while creating the server?

Thanks,

This usually happens with sub-domains since you can’t issue a certificate for www.abc.example.com but if you are not creating a sub-domain and have properly set up DNS records (A/AAA and/or CNAME) for your domain (example.com) as well as for www.example.com, mail.example.com, etc, then the issuing of a Let’s Encrypt certificate should work fine.

What error are you getting when creating a new virtual server?

This is the error: … connectivity check failed

and as I stated, I can immediately go to
Server Configuration
SSL Certificate
Letsencrypt tab and request a certificate and it goes thru just fine.
I do not make any adjustments in between the two processes.

It’s easier through Server Config…

Does it say anything else or just “connectivity check failed” and that’s all?

Is there a log that would show more information?
That is all that gets reported to the screen during the setup of the Virtual Server after it attempts to do the cert

Can you kindly provide a screenshot?

I think I have an idea why this happens.
The cert gets requested a step just before the acutal default webpage is created for the site, so that is probably why the connection fails because there is nothing there to open up. Maybe if the cert request should happen next to last??

1 Like

I think you’re probably right. I created a sub of a virtual server on a different physical machine from the domain’s parent server yesterday (making the child a top-level virtual server on the second machine), and I noticed the same thing, even after making the DNS changes on the parent server (which is the nameserver for the domain).

The sub-server resolved to the second machine correctly; but at the moment the cert was requested, there was no site to land on, and the request failed. Re-requesting it succeeded.

I’m thinking that Let’s Encrypt will issue the cert even without the acme-challenge entry if authoritative DNS for the domain points to the IP, but there still has to be a site there.

Richard

1 Like

I ran across the setting that makes this work correctly.
In System Settings: Virtualmin configuration:SSL settings/ Request Let’s Encrypt certificate at domain creation time? (choose the first radio button for Yes and skip connectivity check

This could be the case, but also it’s not checking connectivity, which is a good check in case a typo has happened. Stopping connectivity check is not ideal.

The issue I have had in the past (and still do but now know why), is that when setting up a new virtual server, often I only want a website- no ‘admin’ or ‘webmail’ subdomain.

Unfortunately, when setting up the virtual server with SSL, it automatically attempts to check all these subdomains. The solution then being to go back into server setup and change the radio option to only these domains, and enter the two I want i.e. domain.com and www.domain.com.

Annoying. But easy enough, just having lots of fails with letsencrypt is annoying.

The real fix: Virtualmin, when setting up new virtual server, should not be trying to authorise sub domains for services unselected at virtual setup! Or even better, if ticking ‘ssl’ give an option to input domains/sub domains at that point. But that would been Virtualmin to change it!