Renewing sub-domain certificate (or link to the main one)

Help! (Home for newbies)
1

Hi Community!

One of my subdomains is complaining about the soon-to-expire Let’s Encrypt SSL certificate. For an unknown reason, it seems, although its configuration is exactly the same as any other subdomain, that the certificate renewal doesn’t work.

Can some explain me slowly :smile: how to proceed to certificate renewal for a subdomain? Maybe I’m doing something wrong inadvertently…

Thanks in advance for any help!

2

Hi all,

Following up this issue, I can add some precisions to the case.

  1. I’ve compared the configuration of two different sub-domains: intranet vs wiki. Both have a two-months certificate life span, use Let’s Encrypt CA with automatic renewal, point to the proper ssl.cert & ssl.key files, etc.

However, when trying to renew the wiki certificate, here’s the message I get:

Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 143, in get_crt
    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /home/admin-main/domains/wiki.mydomain.com/www/.well-known/acme-challenge/oXO9_uwlKTuVnTuo63ZHVL7Y6Ylq4zGDXfbbqKe_Or8, but couldn't download http://wiki.mydomain.com/.well-known/acme-challenge/oXO9_uwlKTuVnTuo63ZHVL7Y6Ylq4zGDXfbbqKe_Or8: Error:
Url: http://wiki.mydomain.com/.well-known/acme-challenge/oXO9_uwlKTuVnTuo63ZHVL7Y6Ylq4zGDXfbbqKe_Or8
Data: None
Response Code: 418
Response:
  1. I’ve created a brand new sub-domain “test.mydomain.com” with all default parameters ("template = “sub-domain”) and put a simple phpinfo() file in the www folder. Accessing this file through a https connection, the browser both triggers a security error (unsecured connection) and routes me to the main domain, totally ignoring my php file! The access is granted in http mode, which proves there’s an issue with the SSL certificate management.

This is driving me crazy, thanks in advance for any help!

3

Hi all!

Still drowning into the certificate nightmare… Here are the latest trials I did:

  • create a new sub-domain test1, unselecting the ‘SSL website’ option
  • put my phpinfo() file in the www directory
  • accessing the file through http://test1.mydomain.com/phpinfo.php works fine.
  • accessing the file through https://test1.mydomain.com/phpinfo.php leads to error 403, which is fine.
  • edit the subserver config and select ‘SSL website’ --> Virtualmin creates the certificate, restarts everything and returns OK. I have a look at the root directory: all ssl.* files have been created.
  • accessing the file through http://test1.mydomain.com/phpinfo.php indicates a security warning.
  • accessing the file through https://test1.mydomain.com/phpinfo.php works fine.
    So far so good…

Made bolder by thus huge success :smile:, I decided to install a real tool (php-based). Just opened my FTP client, copied all needed files into test1.mydomain.com/www and tried to trigger the installation by opening (remember: this is now a SSL website) https://test1.mydomain.com/install.php… and am immediately hit by a “Wrong redirection” message, sometimes replaced (yes, I insist by forcing cold refreh) by a redirection to the main website (mydomain.com)!

This is weird, have no logical behavior, doesn’t match the messages Virtualmin returns when applying some operations to the subserver, so I’m just totally lost and beg for help!

Not to mention the main topic of this message: renewing the wiki subserver LE certificate still miserably fails. Need some expertise here too as other subservers have the expected behavior… :cry:

Thanks in avance for any help!