Webmin version 2.021
Virtualmin version 7.5
Operating system Ubuntu Linux 20.04.5
letsencrypt.log | Files.fm. link for letsencrypt
plz can anyone help?? and im new to this…
letsencrypt.log | Files.fm. link for letsencrypt
plz can anyone help?? and im new to this…
Select “Domain names list here” and put in just the top level name, and see if that goes through ok.
I think your missing some A records, like webmin.yourdomain.com
1 Like
You are requesting certificates for names that do not have DNS records. That can’t work. Don’t do that.
Domain: admin.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for admin.vmi1063760.contaboserver.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for admin.vmi1063760.contaboserver.net - check that a DNS record exists for this domain
Domain: mail.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for mail.vmi1063760.contaboserver.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for mail.vmi1063760.contaboserver.net - check that a DNS record exists for this domain
Domain: webmail.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for webmail.vmi1063760.contaboserver.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for webmail.vmi1063760.contaboserver.net - check that a DNS record exists for this domain
Domain: www.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.vmi1063760.contaboserver.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.vmi1063760.contaboserver.net - check that a DNS record exists for this domain
1 Like
i did add the A dns @stefan1959 and also the AAAA as @Joe said when i try to click on (only update renewal) nothing happend?, and when i try to (Request Certificate) look the pic? should i wait for the DNS to work or i did something worng?
No, you cannot request certificates for this, because it’s not your domain.
You have to use a domain that you own, not Contabo’s.
but i need SSL for webmin?? @toreskev
you don’t really need it but if you want to use https://mydomain.com:10000 instead of https://my_ip:10000 you will need a cert for the domain you want to use and then use virtualmin to use the cert …
i had 1 like this but it didnt do renewal (it used to work ith SSL), its Expired rn
i did put the DNS but still aint woking? 
why did you not renew it ?
read from the start…
i did add the AAA DNS but still i get this error plus the TXT error…
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: admin.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
admin.vmi1063760.contaboserver.net - check that a DNS record exists
for this domain; DNS problem: NXDOMAIN looking up AAAA for
admin.vmi1063760.contaboserver.net - check that a DNS record exists
for this domain
Domain: mail.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
mail.vmi1063760.contaboserver.net - check that a DNS record exists
for this domain; DNS problem: NXDOMAIN looking up AAAA for
mail.vmi1063760.contaboserver.net - check that a DNS record exists
for this domain
Domain: webmail.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
webmail.vmi1063760.contaboserver.net - check that a DNS record
exists for this domain; DNS problem: NXDOMAIN looking up AAAA for
webmail.vmi1063760.contaboserver.net - check that a DNS record
exists for this domain
Domain: www.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
www.vmi1063760.contaboserver.net - check that a DNS record exists
for this domain; DNS problem: NXDOMAIN looking up AAAA for
www.vmi1063760.contaboserver.net - check that a DNS record exists
for this domain
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: admin.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.admin.vmi1063760.contaboserver.net - check that a
DNS record exists for this domain
Domain: mail.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.mail.vmi1063760.contaboserver.net - check that a
DNS record exists for this domain
Domain: webmail.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.webmail.vmi1063760.contaboserver.net - check that a
DNS record exists for this domain
Domain: www.vmi1063760.contaboserver.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.www.vmi1063760.contaboserver.net - check that a DNS
record exists for this domain
I have no idea on what you are saying, I have read from start …and TBF you said
the issue is why didnt it do the renewal… they said its from the DNS, i did added the missing DNS but still the same issue happening…
Is this a Virtualmin system hosting domains? If so, you absolutely do not need a certificate for Webmin. Just contact the system on any Virtualmin domain that has a certificate. It’s automatic in those cases.
Why make your life complicated? You’re trying to do a bunch DNS stuff that can’t work (you’re adding DNS records…locally, I guess? But, that’s not even your zone!).
Also, what I said was “stop requesting certificates for names you don’t have records for”. I did not say, “try to make records for things you can’t possibly make records for”. Just request a certificate for the name that already exists. You’re making this crazy complicated for no reason.
Anyway, summary:
- Webmin doesn’t need a certificate, if you have Virtualmin domains that have certificates. You can connect to Webmin on any Virtualmin name, and you should do that. Virtualmin has more information and control than Webmin does. It is easier to manage certs in Virtualmin than in Webmin, especially if you aren’t comfortable with how DNS works. You’re working hard for no reason.
- Always do the simpler thing, absent a reason to do otherwise. The simpler thing (and in this case, the only possible thing) is to only request a certificate for the one name that already has DNS resolution working.
As an aside, I’m confused why all these names were setup and tried to validate. These are Virtualmin automatic names (admin is a redirect to Webmin port, mail is for mail services, webmail is a redirect to Usermin). None of that should exist if you’re using the Webmin certificate management tools, AFAIK. Was this the automatic default domain in Virtualmin? If so, I need to talk to @Ilia and @Jamie , as the automatic domain isn’t supposed to have mail, and having it try to request a bunch of other names doesn’t make sense. I continue to not like the default domain with automatic SSL request, but if it’s going to exist it needs to be stupidly simple so it can’t fail in confusing ways.
1 Like
Well, if DNS feature for the domain is enabled, Virtualmin will think that the hosted DNS is in Virtualmin control, and therefore would add those records when SSL certificate is requested to domain’s list associated with the server … reasonable behaviour.
However, @Jamie, I think Virtualmin could check if domain’s zone is in Virtualmin control and not add automatically to the list of associated domains records which aren’t present in the remote zone? Although, it may be slow to check that every time, on every page load.
I continue to not like the default domain with automatic SSL request, but if it’s going to exist it needs to be stupidly simple so it can’t fail in confusing ways.
If we’re talking about default domain created by Virtualmin in post-install wizard, then I agree that we shouldn’t add anything else to the list of associated domains, other than domain itself. But this will require mail feature for the default domain to be disabled, which I already suggested to Jamie back in time.
Jamie, do you mind changing it? I don’t think that the default domain by default needs mail enabled, and all those admin and and www records added.
so damn true, i just had to Request Certificate for DNS that i already have, and it did work…should knew this from the start. and thank u 
Agh, mail should definitely be disabled! You can’t do virtual mail for the name of the system itself (without a bunch of complicated configuration hoop-jumping).
Use mxtoolbox to check that the records work first. save alot of failures.
1 Like
We’ve already established that they don’t have records (and can’t possibly have records, since this isn’t even OPs zone).
Pointing out the tool to use to check before requesting ssl