LetsEncrypt failure; howto fix on cmd line thru ssh

I started seeing SSL failures for my main virtualmin domain. Today I logged in with ssh and see many attempts in the .well-known/acme-challenge directory to renew the cert.

The nginx webserver is listening on port 443 for that domain. I can access the .well-known/acme-challenge directory via http. I have made no changes to the nginx config in many months.

It’s not safe to use the GUI to fix, since I can’t login via web / ssl securely due to failed cert.

I see here (LetsEncrypt Not Using "Domains Listed Here" llist) that there were changes made to letsencrypt in June. Could they be why it failed to renew in July?

How do I request another cert from the command line?

TBH I don’t use the GUI very often, only when I see a problem. Thus virtualmin may be out of date if it doesn’t update itself.

Hi,

It is still pretty safe, as long as you are sure that you’re connecting to your server. Expired certificate does not make it insecure.

How do I request another cert from the command line?

Using Virtualmin CLI, example:

~# virtualmin generate-letsencrypt-cert

    Requests and installs a Let's Encrypt cert for a virtual server.

    virtualmin generate-letsencrypt-cert --domain name
                                    [--host hostname]*
                                    [--default-hosts]
                                    [--renew months]
                                    [--size bits]
                                    [--staging]
                                    [--check-first | --validate-first]
                                    [--web | --dns]

~# virtualmin help generate-letsencrypt-cert

    Requests and installs a Let's Encrypt cert for a virtual server.

    The server must be specified with the "--domain" flag, followed by a
    domain name. By default the certificate will be the for either
    previously used hostnames for Let's Encrypt, or the default SSL
    hostnames for the domain. However, you can specify an alternate list of
    hostnames with the "--host" flag, which can be given multiple times. Or
    you can force use of the default SSL hostname list with
    "--default-hosts".

    If the optional "--renew" flag is given, automatic renewal will be
    configured for the specified number of months in the future.

    To have Virtualmin attempt to verify external Internet connectivity to
    your domain before requesting the certificate, use the "--check-first"
    flag. This will detect common errors before your Let's Encrypt service
    quota is consumed.

    To have Virtualmin perform a local validation check of the domain, use
    the "--validate-first" flag. This is automatically enabled when
    "--check-first" is set.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.