I would be grateful for some help with this. I am unable to login to Webmin using
server1.mymaindomain.com:10000
additionally, once I have logged in using my ip address, I get
none of the hostnames could be resolved!
when attempting to recreate letsencrypt certificate for mymaindomain.com
I let Webmin/Virtualmin handle my DNS. DNS records seem fine - I’ve checked with intodns.com, with no errors. Restarted BIND. Compared all settings I can think of with a near-duplicate server: DNS Records, Network Configuration…
I did remove DNSSEC from a couple of other domains on this server, mymaindomain.com didn’t use DNSSEC.
Thank you. Disabling the check and I get both web-based and DNS-based validation failed
Renewing an existing certificate for [mymaindomain.com] and 3 more domains
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate :: Error finalizing order :: Rechecking CAA for "mail.[mymaindomain.com]" and 3 more identifiers failed. Refer to sub-problems for more information
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
I only tried renewing a current certificate in an attempt to debug the issue of not being able to login with my domain name AND not being able to download emails in my email client which uses mail.mymaindomain.com (I also obviously cannot view my mymaindomain.com website)
Worked out I had to address the “sub-problems” as mentioned in the LE log. Here’s a typical one:
“type”: “urn:ietf:params:acme:error:caa”,
“detail”: “Error finalizing order :: rechecking caa: During secondary validation: While processing CAA for mail.mymaindomain.com: DNS problem: looking up CAA for mail.mymaindomain.com: DNSSEC: DNSKEY Missing: validation failure \u003cmail.mymaindomain.com. CAA IN\u003e: No DNSKEY record from xxx.xxx.xx.xx for key mymaindomain.com. while building chain of trust”,
“status”: 403,
“identifier”: {
“type”: “dns”,
“value”: “mail.mymaindomain.com”
So it appears to be DNSSEC related. I have ‘DNSSEC signature disabled’ and there is no DNSSEC set at my Registrar (they don’t even provide it so I wonder why it’s getting flagged by LE)
That sounds like you just don’t have glue records pointing to your Virtualmin server. Is the Virtualmin server actually your DNS server or is DNS being served by your DNS registrar or some other DNS service?
Thank you @Joe and @Ilia. The reason behind the issue was that I had disabled DNSSEC on my server but had failed to to the same at my domain’s registrar.