Sorry again but I’m seeing:
And not
mail A 208.67.39.33
webmail A 208.67.39.33
mars A 208.67.39.33
Same for the second picture I have:
mail.johnhintonwoodturner.com
webmail.johnhintonwoodturner.com
and not:
mail.johnhintonwoodturner.com
webmail.johnhintonwoodturner.com
mars.ew3d.com
Again maybe it’s me who didn’t understand anything to the current setup (It’s possible no worries. I try to help as much as I can. But often happens I say mistakes)
Yes. This is a mailserver only. I set up a different domain name, dumor3d.com on that system. The A record for this domain goes to a different server along with www to the domains web pages. Only email is directed to this system.
As for mars.ew3d.com, the hostname, after deleting the Virtual Server for mars.ew3d.com, I can no longer create one. Every way I have tried, Virtualmin states that I cannot create a certificate for the hostname. I had to remove that from my Apache ServerAliases which was included with the mail3 setup. What I have done is generate a self signed cert from within Webmin Configuration. It does allow login using Firefox by adding a security exclusion. The cert is used for Webmin connectivity. So it is working at least for miniserv.
I then read that Virtualmin 7.2 stopped allowing hostname Virtual Servers. Either way, I can’t get new certs even for a new domain name added to this system. Something is badly broken. I’m wondering if I need to uninstall LetsEncrypt/Certbot and reinstall, or if that will totally screw up Virtualmin.
OK, if DNS is right for all names, and there isn’t a redirect or proxy sucking up requests for any of the names, then we need to see the error before the max retries failure. We need to know why it failed a bunch to trigger the max retries error.
No. That’s never the right answer.
Isn’t it @Ilia who did this ?
It’s to protect people from making a mistake. But, it continues to have nothing to do with the problem of getting certificates for Virtualmin domains.
Yes indeed you are right. But I told me maybe @Ilia could be aware of something we missed
@dumorian So when you try to create an alias even without asking anything related to ssl. You can’t create it and still get an error ??? (With picture it would be great)
What did I do?
Many excellent things, and we all appreciate it.
Thank you for your appreciation and kind words! 
Only if I try to create an alias for the hostname. I can create aliases for it seems anything else. For instance, if I create a Virtual Server for ew3d.com, I can create mail3.ew3d.com. On this server, I cannot create mars.ew3d.com because it is the hostname. Virtualmin throws an error.
Of interest, if I try to generate a Letsencrypt cert using the Virtualmin setup config for SSL, there is a checkbox there… and then run recheck configuration, it fails. I wonder if that should have been removed when 7.2 was released?
What is the error from Let’s Encrypt before the max retries error?
Well you start to convince me. Something seems broken. I don’t see what to do (Except reinstall everything, but if you are in production better don’t do it).
Maybe you can simply create a different subdomain (You suggested mail3 above) and simply move from mars.ew3d.com to mail3.ew3d.com. Might be the simpliest
The full letsencrypt.log is posted at the top of this thread. Is there something else you need?
Also, I turned off the firewall for a moment and tried again, just in case. Same error. Firewall is now back on.
I think I’ve been misinterpreting the error (everybody else has, too, though). This thread indicates it’s possibly an IPv6 misconfiguration. Or something else that could lead to a failure to reliably connect to the Let’s Encrypt server. I don’t think your server can make requests to Let’s Encrypt, which is a whole new failure mode I don’t think I’ve ever seen.
Can you curl that URL from your server?
e.g.
curl -v https://acme-v02.api.letsencrypt.org/directory
If you change the hostname to something unique (nothing a vritual server will use) does it fix the problem.
[root@mars etc]# curl -v https://acme-v02.api.letsencrypt.org/directory
GET /directory HTTP/2
Host: acme-v02.api.letsencrypt.org
User-Agent: curl/7.61.1
Accept: /
I do not run IPv6. Although an IPv6 address was set on the system by Virtualmin. It is turned off on the interface and has been for years.
Stefan. Thanks for the suggestion. At the moment, I don’t want to do anything that drastic as the system is functioning except for LetsEncrypt. I’m a bit gunshy at the moment.
Virtualmin doesn’t alter network configuration unless explicitly configured to do so.
I’m not sure what’s going on. If you try to create a certificate manually for a domain that has auto-renewal disabled (we want to make sure it’s not being blocked because of too many requests, so you need one that hasn’t tried to get a cert in the past day or two), what errors do you get?
All domains are failing to update. I put another domain on that system to try a new request and it failed as well.