My test server is using the wrong SSL certificate

Help! (Home for newbies)
1
SYSTEM INFORMATION
OS type and version Ubuntu Linux 20.04.6
Virtualmin version 2.005

I have two servers, one main with two aliases connected to it.

The other is a test server with it’s own .com domain.
I want to create a WordPress multisite using subdomains on the test server, but I am unable to either create a wildcard certificate from let’s encrypt or add it to the subdomain manually.

To clarify, I have two subdomains on the test site → site1.testdomain.com & site2.testdomain.com. Both are created within WordPress multisite feature.

I manage all my domains outside of Virtualmin, because I’ve never gotten the nameservers to work. I point the domains, both top and subdomains to my IP.

When I’ve tried to add a ssl cert including the subdomains I get an error, either that it’s unauthorized from the main domain or that it’s missing a TXT on my dns setup, but I have no idea what I’m supposed to put into my TXT, because I have no token or anything like that.

It’s seems so weird that my main domain is somehow including the subdomains of my test server. I’ve looked around on the server and I can’t find any information that says the test server domain I’m using is included in the main domain and server’s SSL cert.

Please help!

2
  • you cannot create a wildcard certificate unless Virtualmin completely manages your domains DNS (i.e. your child nameservers are at your virtualmin server, you set this at your registrar)
  • unless the domains site1.testdomain.com and site2.testdomain.com resolve to your Virtualmin server the lets encrypt process will fail.
  • I am not sure if the sub-domains need to be sub-servers when using a wildcard certificate.

What I would try

  • correct any issues outlined above.
  • enable lets encrypt error display
    • Virtualmin → System Settings → Virtualmin Configuration → Configuration category: SSL settings → Show Let’s Encrypt error at domain creation time?

image

  • run the lets encrypt certificate creation manually and see what the errors are

    • Virtualmin → Server Configuration → SSL Certificate → Let’s Encrypt → request certificate

    image
    image821×370 17.7 KB

3

Hi!
Thanks for a fast reply.

I did this and got the same response. This is what it looked like before and now when I did it again:

Domain: site1.testdomain.com
   Type:   unauthorized
   Detail: 0.0.0.0: Invalid response from
   https://maindomain.com/: "<!DOCTYPE html>\n<html
   lang=\"sv-SE\">\n<head>\n\t<meta charset=\"UTF-8\" />\n\t<meta
   name=\"viewport\" content=\"width=device-width, initial"

UPDATE! I noticed that I shared my IP. Changed it to something else so I don’t end up in trouble here…

The subdomains resolve to my IP and have for days now. I am completely lost. I do not want to start over, like reinstalling virtualmin and re-install my servers. I do have backups, but I don’t want to deal with that again.

4

where is this error from, the virtualmin lets encrypt get cert process?

a picture with things cut out would be easier to understand.

  • This will show you what certificate your domain is using
    • Virtualmin → Server Configuration → SSL Certificate → Current Certificate
  • The servers/hostname needs to have it SSL certiticate enables here
    • virtualmin → system settings → virtualmin configuration → Configuration category: SSL settings → Create host default domain with Let’s Encrypt certificate
    • or you can press this button Virtualmin → Server Configuration → SSL Certificate → Current Certificate ‘Set as Default Services Certificate’
      image
      image815×137 10.1 KB

I think you need to put step by step what you are doing to generate your SSL

5

Yes!

I’m just following the instructions using Let’s Encrypt. I don’t understand either where stuff went wrong. I’ve done all that you’ve shown me with that picture as well, but it does not help.

I’ve finally got access to certbot and I managed to create an SSL certificate there and add a token to my DNS TXT field for the domain I’m using, but the certificate does not show up on that page.

6

That error message is not one i have seen before. it is part of a webpage response.

this is an error message

image
image1470×540 49.2 KB

You should not be doing anything manually. :smile:

7

Yeah, I figured since I saw HTML stuff or something like it.
I know I don’t have to do anything manually, but I had to try since I don’t know wtf is wrong here.

8

if you give me your error as above I can have an idea what is going on.

9

get real letsencrypt will need the domain to resolve to an IP address to work using the mechanisms that

does not appear to listed here, and if you dig site1.testdomain.com
you get

image
image621×523 15.5 KB

notice the missing 217.76.60.120
if these domain names have been changed for this thread, he shouldn’t because there is no way the problem can be diagnosed without the real domain name

10

Ok, here’s the error from when I added the test domain + 2 subdomains in lets encrypt:

Update! Removed the photo due to me forgetting to hide my domain in one place.

I know I’m a little inconsistent with blurring the domains out, but you hopefully get the gist. I could only fit one photo here, but it’s the same for the second domain site2, and it tells me at the end that the domains need to resolve to the IP - which they do according to dns checking sites!

1 Like
11

Well, thanks a lot for showing my domains and IP that I’m trying to hide!

Yes. Those domains listed there are the ones I own. The domains I’m using in this forum are hidden. site1.testdomain.com does not exist! Please remove my stuff from your post.

If I do have to post my real domains, why? That makes no sense. I don’t want people finding out a reason to hack me etc.

I understand enough with virtualmin, so this is not needed. thank you. Disappointed.

12

it’s all in the public domain any one can search for this and get the results from the information you gave so therefore you should remove the information that allows anyone to display the information I showed

13

https://www.virtualmin.com/documentation/web/ssl-le/

14

@jimr1 what is the reverse lookup site you used, I will add it to my list :smile:

15

it is this https://dnslytics.com/reverse-ip but there are more out there if you care to look

1 Like
16

Well I thought I did. I totally missed that I shared my IP by mistake. I don’t know how do hide it otherwise. I don’t think my host can do that for free and I refuse to pay for it.

Whatever. I’m screwed anyway. This is not going well. I guess I’m gonna have to use my test site without subdomains then. That’s probably the best case.

I’ve tried changing the name servers to cloudflare, but I don’t think that will help. It could be that my registrar are just so effing slow in resolving domains. It took multiple days before I could use my test domain properly.

Thanks anyways.

17
  • You have nameserver issues
  • You left your domain in one of your pictures
18

The answer here is to see if

  1. the domain you are trying to get the cert for resolves
  2. place index.html, with some content in it, in the .well-known/acme-challenge directory under public_html
  3. can you navigate to thedomainname/.well-known/acme-challenge
    if you can what response does your browser give ?
1 Like
19

Yes, right now I’m switching name servers to cloudflare, since my registrar might be the issue here. They’re so effing slow.

I know. I acted to soon. Can I erase this thread? Or somebody else, maybe? Sorry for everything. And thanks for helping me.

20

Thank you. I shall try that tomorrow. As far as I know I don’t have a .well-known folder in my public_html directory, but I shall try doing that when my nameserver is working.

I’ll get back to you unless this thread is deleted for safety reasons.