Letsencrypt fails for some sites on same server

OS type and version: CentOS Linux 7.9.2009
Webmin version: 1.98
Virtualmin version: 6.17
Related products version: Wordpress - 5.8.1

Letsencrypt is failing for domains and subdomains, however the certificate were issued correctly. There are total 8 sites running on this server with ram of 4 gb. And only 2 are getting the certificate rest others are not. what could be the problem ?

This may not be the issue, but update your Virtualmin to the latest version of 6.17-3. There were a few bugs that were fixed with that version but I can’t recall if that was one of them.

Thanks Gomez for your words, however I deleted these sites from the server an recreated them and they worked like charm.

Do you have certbot command installed? if not, install it and re-request your certificates.

If it still doesn’t work, specify which devices it fails on and include a domain name (if possible) for us to have a look.

i have a server with ~100 domains, and there’s 7-8 virtual servers that are failing constantly. fully upgraded debian 10 dedicated server with certbot/letsencrypt installed and latest virtualmin/webmin.
it’s been failing for the past couple of years, not something new… latest expired domain show up today…
and each time i have to manually run virtualmin install-cert --domain $domain --cert /etc/letsencrypt/live/$domain/cert.pem --key /etc/letsencrypt/live/$domain/privkey.pem --ca /etc/letsencrypt/live/$domain/chain.pem to make it use the new cert, as it seems that letsencrypt/certbot does renew the cert, but webmin doesn’t update those domain’s certs in /home/$domain/ssl.*
manually running install-cert does fix it… problem is why automatic ssl updating fails on just a few specific virtual servers…

I would suggest using UI or virtualmin generate-letsencrypt-cert command. Additionally, if you expect virtual server to “serve” certificates from non-default location (configured on System Settings ⇾ Virtualmin Virtual Servers ⇾ Configuration: SSL settings page), outside of the server’s home directory, you would need to make sure that it’s readable by services such as Apache, Dovecot, Postfix and etc.

Generally you don’t need to use CLI to make it work. Simply setup it up on virtual-server.name - Server Configuration ⇾ SSL Certificate / Let’s Encrypt page and the rest will be done by Virtualmin.

original LE cert for every domain was created by Virtualmin UI, not cli… but these 7-8 domains certs don’t get auto renewed with Virtualmin for the past couple of years, that’s why i’m using manual cli when these expired/failed.

using default location in Virtualmin SSL settings, and it seems to work for every other virtual server for years… so, not sure why these 7 domains fail to update their SSL keys in /home, while others do.
im guessing some virtualmin script someplace that looks for certbot cert and copies it in /home that fails for those 7, but haven’t dug much into looking at it… maybe it has something to do with ‘letsencrypt_last_success’ value which seems really old in those 7 : /etc/webmin/virtual-server/domains/ (?)

I would suggest simply going to virtual-server.name - Server Configuration ⇾ SSL Certificate / Let’s Encrypt page and first disable Automatically renew certificate and then re-enable it for those 7-8 malfunctioning domains.

1 Like

tested this yesterday, and indeed i saw one of the “troubled” domains get autorenewed today without issues…
thanks for the tip :slight_smile:

1 Like

@Jamie That new feature we discussed few days ago, to toggle domain’s features, should also toggle Automatically renew certificate for SSL Certificate for the domain, in case SSL website feature is on.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.