Letsencrypt mail.domain.com wrong. Common name fails

OS type and version: CentOS Linux 7.9.2009
Webmin version: 1.981
Virtualmin version: 6.17 Pro

Hi all, sorry to have to trouble you all again.

I am trying to transfer some virtual servers from an old Centos5 server to a new Centos 7 server. All is going well except for the SSL certificate for mail.domain.com. All other certificates for the domain are ok and trusted.

If I create a VS in Virtualmin (auto slave dns set up and working great) then request a Letsencrypt cert everything goes well including mail.domain.com. Testing the cert at www.digicert.com/help/ confirms that mail.domain.com is good and is trusted.

So I delete the VS in virtualmin and as expected, that works (including delete slave).

Then I return to the original host server (Centos 5) and use the " Transfer Virtual Server" (same domain, no certificate on this server) facility from the old server to the new server. That appears to go well.

On the new server I go into Server Configuration>SSL Certificate>Let’s Encrypt. In the field " Domains associated with this server" there is no entry for mail.domain.com so I enter that into " Domain names listed here" and paste the others from the default above. Then click on the “Request Certificate” and all appears to go well.

When I test the certificate again at www.digicert.com/help/ mail.domain.com fails and the common name given is the name of the hosting server instead of domain.com.

I have dug around for 6 hours trying to resolve this but without success.

Anyone have any clues how I can overcome this either by manually enabling the correct record or doing so automativally ? My hair is too short so I can’t pull it out. :slight_smile:

Thanks for reading.

by any chances are you using cloudflare as dns or you manage your own dnses?

Hi Unborn,
Thanks for your post.

I have my own separate server for slave dns.

A little update though. I have been a little busy so not had time to fully ivestigate/prove fully but it seems that the problem is related to the “Transfer Virtual Server” facility. I have twice created the VS on the host machine (slave added automatically). Then applied the Letsencrypt certificate all is good. Then manually backed up the VS to move from the old Centos 5 server using the option to omit the DNS info. When I restore that backup on the new server (Centos 7) everything looks good including the cert.

As I said, I have not tested this thoroughly yet.

If I am correct, it would be nice if the “Transfer Virtual Server” facility could be told to NOT include the DNS info. I have looked but can’t find a way to do that.

Thanks for reading

I have put this investigation on hold for a while because I may have found other symptoms that might be more appliccable. (separate post)

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.