SYSTEM INFORMATION | |
---|---|
OS type and version: | Ubuntu Linux 18.04.6 |
Webmin version: | 1.981 |
Virtualmin version: | 6.17-3 |
Related products version: | Certbot, not sure of version |
Having some massive issues with renewing the certs for webmin/virtualmin. My DNS is with Linode. My webserver is nginx.
I have several domains through virtualmin all on the same server. Here’s the obscured certbot renew
list:
1: domain1.net
2: www.domain1.net
3: domain2.com
4: numbers.domain2.com
5: www.numbers.domain2.com
6: subdomain.domain2.com ← This is my virtualmin
7: www.subdomain.domain2.com
8: www.domain2.com
9: domain3.com
10: www.domain3.com
11: domain4.com
12: blog.domain4.com
13: www.domain4.com
14: domain5.org
15: www.domain5.org
16: domain5.com
17: domain6.xyz
18: www.domain6.xyz
My Letsencrypt for domain2, including the subdomain failed to renew several years ago and I never bothered to try and fix it until now because it’s such a damn hassle.
All of the other domains have their certs maintained via certbot in commandline, but the domain2 cert was done through Letsencrypt in Virtualmin because I wanted to be able to easily copy it from there to the webmin and postfix.
Today I thought I’d give a try to fixing the domain2 cert and I’ve made a hash of it.
I went into Virtualmin > domain2 > SSL Certificate > Let’s Encrypt and tried to renew with the config as follows:
It timed me out for rate limit, but the logs show success on the bare domain and www, and failure for the webmin subdomain and the “mail” subdomain. Both have A records in the Linode DNS.
{
"identifier": {
"type": "dns",
"value": "mail.domain2.com"
},
"status": "pending",
"expires": "2021-12-20T08:47:43Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/58077849870/30ZeoQ",
"token": "-a1syo7i4JZURImdCZyVR1cJmgH5IuU1Pp6TojtnjyI"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/58077849870/6QLyeg",
"token": "-a1syo7i4JZURImdCZyVR1cJmgH5IuU1Pp6TojtnjyI"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/58077849870/ZnNwhw",
"token": "-a1syo7i4JZURImdCZyVR1cJmgH5IuU1Pp6TojtnjyI"
}
]
}
— snip —
{
"identifier": {
"type": "dns",
"value": "subdomain.domain2.com"
},
"status": "pending",
"expires": "2021-12-20T08:47:43Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/58077849880/ZssK6g",
"token": "Dlbc0gAUy-23Dpxw8akWHjybHSDoDUJvX_JItjTBRcY"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/58077849880/C_3hpA",
"token": "Dlbc0gAUy-23Dpxw8akWHjybHSDoDUJvX_JItjTBRcY"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/58077849880/8GJEZg",
"token": "Dlbc0gAUy-23Dpxw8akWHjybHSDoDUJvX_JItjTBRcY"
}
]
}
So I gave up and installed a self-signed certificate for domain2 and deleted the Let’s Encrypt CA cert because it was giving me a mismatch error.
Now all of the other domains are trying to use the self-signed cert instead of their perfectly good and functional existing CLI-generated certbot certs.
I’d like to get the other sites back to using their normal certs and get domain2’s + webmin cert sorted.
Let me know if you need any other logs etc. Thanks in advance.