| SYSTEM INFORMATION | |
|---|---|
| OS type and version: | CentOS Linux 7.9.2009 |
| Webmin version: | 1.98 |
| Virtualmin version: | 6.17 |
| Related products version: | Wordpress - 5.8.1 |
Letsencrypt is failing for domains and subdomains, however the certificate were issued correctly. There are total 8 sites running on this server with ram of 4 gb. And only 2 are getting the certificate rest others are not. what could be the problem ?
This may not be the issue, but update your Virtualmin to the latest version of 6.17-3. There were a few bugs that were fixed with that version but I canāt recall if that was one of them.
Thanks Gomez for your words, however I deleted these sites from the server an recreated them and they worked like charm.
Do you have certbot command installed? if not, install it and re-request your certificates.
If it still doesnāt work, specify which devices it fails on and include a domain name (if possible) for us to have a look.
i have a server with ~100 domains, and thereās 7-8 virtual servers that are failing constantly. fully upgraded debian 10 dedicated server with certbot/letsencrypt installed and latest virtualmin/webmin.
itās been failing for the past couple of years, not something newā¦ latest expired domain show up todayā¦
and each time i have to manually run virtualmin install-cert --domain $domain --cert /etc/letsencrypt/live/$domain/cert.pem --key /etc/letsencrypt/live/$domain/privkey.pem --ca /etc/letsencrypt/live/$domain/chain.pem to make it use the new cert, as it seems that letsencrypt/certbot does renew the cert, but webmin doesnāt update those domainās certs in /home/$domain/ssl.*
manually running install-cert does fix itā¦ problem is why automatic ssl updating fails on just a few specific virtual serversā¦
I would suggest using UI or virtualmin generate-letsencrypt-cert command. Additionally, if you expect virtual server to āserveā certificates from non-default location (configured on System Settings ā¾ Virtualmin Virtual Servers ā¾ Configuration: SSL settings page), outside of the serverās home directory, you would need to make sure that itās readable by services such as Apache, Dovecot, Postfix and etc.
Generally you donāt need to use CLI to make it work. Simply setup it up on virtual-server.name - Server Configuration ā¾ SSL Certificate / Letās Encrypt page and the rest will be done by Virtualmin.
original LE cert for every domain was created by Virtualmin UI, not cliā¦ but these 7-8 domains certs donāt get auto renewed with Virtualmin for the past couple of years, thatās why iām using manual cli when these expired/failed.
using default location in Virtualmin SSL settings, and it seems to work for every other virtual server for yearsā¦ so, not sure why these 7 domains fail to update their SSL keys in /home, while others do.
im guessing some virtualmin script someplace that looks for certbot cert and copies it in /home that fails for those 7, but havenāt dug much into looking at itā¦ maybe it has something to do with āletsencrypt_last_successā value which seems really old in those 7 : /etc/webmin/virtual-server/domains/ (?)
I would suggest simply going to virtual-server.name - Server Configuration ā¾ SSL Certificate / Letās Encrypt page and first disable Automatically renew certificate and then re-enable it for those 7-8 malfunctioning domains.
tested this yesterday, and indeed i saw one of the ātroubledā domains get autorenewed today without issuesā¦
thanks for the tip 
@Jamie That new feature we discussed few days ago, to toggle domainās features, should also toggle Automatically renew certificate for SSL Certificate for the domain, in case SSL website feature is on.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.