Letsencrypt test certificate OR nginx reverse proxy letsencrypt cert

OS type and version almalinux 8.5
Virtualmin version 6.17

Hi, I am trying to test letsencrypt because it is failed on an nginx reverse proxy domain.

I have 2 questions:

  1. How to use letsencrypt test server on a previously have a valid letsencrypt cert, using virtualmin interface or certbot CLI? (this will help me and potentially others trying to achieve same goal).
  2. What is wrong with my nginx conf below that makes certbot unable to do temp file check? (this should be the solution of problem I have)

This is what I get if I request test cert on my domain:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
You’ve asked to renew/replace a seemingly valid certificate with a test certificate (domains: domain). We will not do that unless you use the --break-my-certs flag!
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

here is my nginx conf for that domain:

server {
	server_name ns.domain.sch.id www.ns.domain.sch.id;
	root /home/dpomainschid/domains/nsdomain.sch.id/public_html;
	index index.php index.htm index.html;
	access_log /var/log/virtualmin/ns.domain.sch.id_access_log;
	error_log /var/log/virtualmin/ns.domain.sch.id_error_log;
	location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass         "";
		proxy_set_header Host $host; # MAGIC
	location ^~ /.well-known/acme-challenge/ {
	allow all;
  	root /home/domainschid/domains/ns.domain.sch.id/public_html/.well-known/acme-challenge/;
	  default_type "text/plain";
	  try_files $uri =404;
	fastcgi_param GATEWAY_INTERFACE CGI/1.1;
	fastcgi_param SERVER_SOFTWARE nginx;
	fastcgi_param QUERY_STRING $query_string;
	fastcgi_param REQUEST_METHOD $request_method;
	fastcgi_param CONTENT_TYPE $content_type;
	fastcgi_param CONTENT_LENGTH $content_length;
	fastcgi_param SCRIPT_FILENAME /home/domainschid/domains/ns.domain.sch.id/public_html$fastcgi_script_name;
	fastcgi_param SCRIPT_NAME $fastcgi_script_name;
	fastcgi_param REQUEST_URI $request_uri;
	fastcgi_param DOCUMENT_URI $document_uri;
	fastcgi_param DOCUMENT_ROOT /home/domainschid/domains/ns.domain.sch.id/public_html;
	fastcgi_param SERVER_PROTOCOL $server_protocol;
	fastcgi_param REMOTE_ADDR $remote_addr;
	fastcgi_param REMOTE_PORT $remote_port;
	fastcgi_param SERVER_ADDR $server_addr;
	fastcgi_param SERVER_PORT $server_port;
	fastcgi_param SERVER_NAME $server_name;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	fastcgi_param HTTPS $https;
	location ~ \.php(/|$) {
		try_files $uri $fastcgi_script_name =404;
		fastcgi_pass unix:/var/php-nginx/16367117031031149.sock/socket;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	listen ssl http2;
	ssl_certificate /home/domainschid/domains/ns.domain.sch.id/ssl.cert;
	ssl_certificate_key /home/domainschid/domains/ns.domain.sch.id/ssl.key;


	location ^~ /.well-known/acme-challenge/ {
	allow all;
  	root /home/domainschid/domains/ns.domain.sch.id/public_html/.well-known/acme-challenge/;
	  default_type "text/plain";
	  try_files $uri =404;


	location /.well-known/acme-challenge/ {
	allow all;

Then you can use nginx as reverse proxy for virtualmin, and renew letsencrypt.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.