Hi, when i add a new virtual server it adds additional subdomains to request SSL certificate however as the dns is not pointed for other it is getting failed and requires manual ssl request.
For Apache systems, you can edit the “Website for domain” template and remove the extra ServerAlias records. You can also disable Redirect admin.${DOM} and Redirect webmail.${DOM} options.
For Nginx, you can disable the redirects mentioned above, but www. and mail. records are still automatically added to the Nginx server config from hardcoded domain server names function, so they can’t be controlled directly for now.
@Jamie, we should improve this. Hardcoding these records isn’t ideal. Instead of adding mail. and www. to the Apache template by default, it should be an optional checkbox. The default Apache template should include only ServerName ${DOM}, with aliases added dynamically based on preferences—it would be simpler to implement and align the logic with Nginx for consistency.
It may be simpler to just have Virtualmin add the DNS records for these sub-domains, which can be done already via checkboxes on the “DNS for domain” section of the server template.
there is no dns server running. www, admin, webmail under the virtual server shouldn’t be added and request for SSL when it is a subdomain. currently subdomain subdomain.example.com request ssl for this specific name but not when i add sub.subdomain.example.com
ok i tried adding more domains and subdomains and it all adding www. admin. webmail. alias. i have added *.example.com pointed to ipv4 and ipv6.
strange it have seems to ipv6 and port when requesting ssl. both ipv4 and ipv6 is proxied on cloudflare. this prevents issuing let’s ssl certificate.
i manually need to request for the specific domain/subdomain.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for site1.example.com and 3 more domains
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: admin.site1.example.com
Type: connection
Detail: 2606:4700:3030::8815:7001: Fetching https://site1.example.com:10000/.well-known/acme-challenge/ID: Invalid port in redirect target. Only ports 80 and 443 are supported, not 10000
Domain: webmail.site1.example.com
Type: connection
Detail: 2606:4700:3030::8815:2001: Fetching https://site1.example.com:20000/.well-known/acme-challenge/ID: Invalid port in redirect target. Only ports 80 and 443 are supported, not 20000
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Do not request certs for domains that do not exist. It’s simple. You can choose which domains to request certs for, so do that. Select “Domain names listed here” and fill in the domains you do want to get certs for that have DNS records.
Also, if Virtualmin isn’t managing DNS, don’t lie to Virtualmin and let it think that it is. Disable the DNS feature.
i have created site1.example.com and it is adding admin. and webmail alias. and try to request SSL certificates. the acme challenge id is trying to verify it over 10000 and 20000 port.
it verify the main domain but not over port because the dns is proxied by cloudflare. cloudflare not allow to access over 10000 and 20000 port.
i have made edits to prevent using alias for main and sub servers under Server Templates but it still creating them for some reason. i think it is a bug. could you check it once if i dm details?
