I started seeing SSL failures for my main virtualmin domain. Today I logged in with ssh and see many attempts in the .well-known/acme-challenge directory to renew the cert.
The nginx webserver is listening on port 443 for that domain. I can access the .well-known/acme-challenge directory via http. I have made no changes to the nginx config in many months.
It’s not safe to use the GUI to fix, since I can’t login via web / ssl securely due to failed cert.
It is still pretty safe, as long as you are sure that you’re connecting to your server. Expired certificate does not make it insecure.
How do I request another cert from the command line?
Using Virtualmin CLI, example:
~# virtualmin generate-letsencrypt-cert
Requests and installs a Let's Encrypt cert for a virtual server.
virtualmin generate-letsencrypt-cert --domain name
[--host hostname]*
[--default-hosts]
[--renew months]
[--size bits]
[--staging]
[--check-first | --validate-first]
[--web | --dns]
~# virtualmin help generate-letsencrypt-cert
Requests and installs a Let's Encrypt cert for a virtual server.
The server must be specified with the "--domain" flag, followed by a
domain name. By default the certificate will be the for either
previously used hostnames for Let's Encrypt, or the default SSL
hostnames for the domain. However, you can specify an alternate list of
hostnames with the "--host" flag, which can be given multiple times. Or
you can force use of the default SSL hostname list with
"--default-hosts".
If the optional "--renew" flag is given, automatic renewal will be
configured for the specified number of months in the future.
To have Virtualmin attempt to verify external Internet connectivity to
your domain before requesting the certificate, use the "--check-first"
flag. This will detect common errors before your Let's Encrypt service
quota is consumed.
To have Virtualmin perform a local validation check of the domain, use
the "--validate-first" flag. This is automatically enabled when
"--check-first" is set.