Letsencrypt SUBDOMAIN virtual subserver putting subdomain on maindomain name list ssl cert

Jfro · November 21, 2017, 2:01pm

So LE is working Virtualmin 6.01 Webmin 1.860

For maindomain ok

For virtual subserver creating also ok

Then adding this (subdomain) to the list with maindomain: (Request certificate for Domain names listed here)
New request is then working, but automated renew wasn’t ( so working for months)
The ssl keypaths i did changed to the maindomain keys ofcourse.

After the error for automate renewal i did it manual, same error, after that i did it all over so, removing sudomain out of the list, then manual LEcert for the subdomain and setting keypath to maindomain again, putting subdomain in maindomainlist back, then LE cert maindomain with the subdomain in list then working again.

Ofcourse i had to remove the www. for the subdomain, this could be done also with the domainnames list.

So is it possible i think to write or link the "http://sub.maindomain/.well-known/acme-challenge/ " somewhere else in maindomain where also at renewal?
Probably this is causing problem i hope/think?
I don’t understand wen doing it all over manually it works as it did initial?

Below message i used maindomain and sub/maindomain , also replaced key/filename with vvv

autodiscover.maindomain verified!
Verifying sub.maindomain…
Wrote file to /var/www/html/maindomain/public_html/.well-known/acme-challengevvv, but couldn’t download http://sub.maindomain/.well-known/acme-challenge/vvvv
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 235, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 184, in get_crt
domain, challenge_status))
ValueError: sub.maindomain challenge did not pass: {u’status’: u’invalid’, u’validationRecord’: [{u’addressesResolved’: [u’vvv’], u’url’: u’http://sub.maindomain/.well-known/acme-challenge/vvvv’, u’hostname’: u’sub.maindomain’, u’addressesTried’: [], u’addressUsed’: u’vvvv::1’, u’port’: u’80’}], u’keyAuthorization’: u’vvvv’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/vvv’, u’token’: u’vvv’, u’error’: {u’status’: 403, u’type’: u’urn:acme:error:unauthorized’, u’detail’: u’Invalid response from http://sub.maindomain/.well-known/acme-challenge/vvvv: “\n\n404 Not Found\n\n

Not Found

\n<p”’}, u’type’: u’http-01’}

When i do this with sub as alias and no webspace then no problems, but when you need webspace and then not as alias, but virtual subserver then not working ok

Jfro · November 21, 2017, 3:42pm

https://github.com/webmin/webmin/issues/442 also the www
no howto or solution found sofar

tathspts · April 11, 2018, 6:43pm

I spend couple of hours on it today and came up with a solution. It will work for both test.domain.com and www.test.domain.com just follow these instructions.

To Enable lets encrypt SSL on Subdomain Add these DNS records before requesting Let’s Encrypt

For example to setup SSL for test.domain.com

A record for test —> IP address or CName Record for test —> domain.com
CNAME record for www.test —> test.domain.com

These settings are for cloudflare, might be a little different for your provider. If you dont want www.test.domain.com just use request certificate for test.domain.com and it should work just fine. But if you do this way, www.test.domain.com will throw you a 500 error.

Jfro · April 11, 2018, 7:13pm

No that is not the problem dns and ns and so on all ok i did such kind off setting in september. ( thanks anyway for your time)

LE cert was always OK, only fo 1 or 2 month ago the renew starting to fail because of autodiscover and autoconfig not going well.
With default setting so automaticly LE cert and not using the domain list below that.

Now i have to use the manual domainlist do it manually and autoconfig.domain is no more in it while no working, this was always something from Virtualmin the autoconfig.
So i think there is changed something after an update of virtualmin id on;t know when or what is cuasing this.
Because the renew is only once in a time not many domains on that server so…

I did had only problems with mail.domain after that. this seems better now, another problem is in place.

tathspts · April 11, 2018, 7:16pm

so you saying you only had problem with the auto renewal?

Jfro · April 11, 2018, 7:37pm

Yup and only with autoconfig.domain and autodiscover part as error. ( edit: i think the real webspace subdomain problem could still be there also the renewal problem not sure for now)

But ok didn’t do new LE certs for new domains so don’t know that status for now.

Only about 10 to 20 domains / subdmains on that Virtualmin server.

Still a kind of tryout ( but though production server since decembre), and for the rest using other Controlpanels for different kind of reasons, one of these reasons is to have support possibilitys at the hosting companys in Germany Holland and Austria.

For a long time now using http2 and php fpm at them now, so i managed to get this working on Virtualmin 6x box centos 7x since august/september 2017 to and learning curve and so on. (CODEITGURU for http2 apache and remiphp repos on this box)

O yep renewal did worked before to without any changes to default
Last successful renewal 01/15/2018 1:27 PM

So problems are with autodiscover and autoconfig , manualy and automatic renewal.
This wasn’t before as id did write and say

UH sorry i reply on this comment with in my head this topic just opened today myself but pure coincidence funny
https://www.virtualmin.com/node/56819