Letsencrypt is failing for domains and subdomains, however the certificate were issued correctly. There are total 8 sites running on this server with ram of 4 gb. And only 2 are getting the certificate rest others are not. what could be the problem ?
This may not be the issue, but update your Virtualmin to the latest version of 6.17-3. There were a few bugs that were fixed with that version but I canāt recall if that was one of them.
i have a server with ~100 domains, and thereās 7-8 virtual servers that are failing constantly. fully upgraded debian 10 dedicated server with certbot/letsencrypt installed and latest virtualmin/webmin.
itās been failing for the past couple of years, not something new⦠latest expired domain show up todayā¦
and each time i have to manually run virtualmin install-cert --domain $domain --cert /etc/letsencrypt/live/$domain/cert.pem --key /etc/letsencrypt/live/$domain/privkey.pem --ca /etc/letsencrypt/live/$domain/chain.pem to make it use the new cert, as it seems that letsencrypt/certbot does renew the cert, but webmin doesnāt update those domainās certs in /home/$domain/ssl.*
manually running install-cert does fix it⦠problem is why automatic ssl updating fails on just a few specific virtual serversā¦
I would suggest using UI or virtualmin generate-letsencrypt-cert command. Additionally, if you expect virtual server to āserveā certificates from non-default location (configured on System Settings ā¾ Virtualmin Virtual Servers ā¾ Configuration: SSL settings page), outside of the serverās home directory, you would need to make sure that itās readable by services such as Apache, Dovecot, Postfix and etc.
Generally you donāt need to use CLI to make it work. Simply setup it up on virtual-server.name - Server Configuration ā¾ SSL Certificate / Letās Encrypt page and the rest will be done by Virtualmin.
original LE cert for every domain was created by Virtualmin UI, not cli⦠but these 7-8 domains certs donāt get auto renewed with Virtualmin for the past couple of years, thatās why iām using manual cli when these expired/failed.
using default location in Virtualmin SSL settings, and it seems to work for every other virtual server for years⦠so, not sure why these 7 domains fail to update their SSL keys in /home, while others do.
im guessing some virtualmin script someplace that looks for certbot cert and copies it in /home that fails for those 7, but havenāt dug much into looking at it⦠maybe it has something to do with āletsencrypt_last_successā value which seems really old in those 7 : /etc/webmin/virtual-server/domains/ (?)
I would suggest simply going to virtual-server.name - Server Configuration ā¾ SSL Certificate / Letās Encrypt page and first disable Automatically renew certificate and then re-enable it for those 7-8 malfunctioning domains.
@Jamie That new feature we discussed few days ago, to toggle domainās features, should also toggle Automatically renew certificate for SSL Certificate for the domain, in case SSL website feature is on.