Requesting Let's Encrypt cert for hostname keeps trying to use parent domain's ssl cert

SYSTEM INFORMATION
OS type and version Ubuntu 20.04.6 LTS
Virtualmin version 7.7

I followed this tutorial to create a certificate for my hostname (sub.domain.com), on a Virtualmin server that has domain.com already hosted on it. After following the tutorial, when I try to access sub.domain.com I get the warning:

This server could not prove that it is sub.domain.com; its security certificate is from domain.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

I even re-created the let’s encrypt certificate for domain.com to not include sub.domain.com and I still get that error.

Why are you creating a cert for Webmin if you have Virtualmin domains? You can/should connect to Webmin using any of your Virtualmin domains that have a certificate. You do not need a certificate for Webmin, specifically.

1 Like

I was hoping it would fix an invalid ssl certificate error I keep getting when trying to connect to the email server (Postfix)

This is also can and should be done using Virtualmin, i.e. Server Configuration ⇾ SSL Certificate page, e.g.:

Webmin certs have nothing to do with any other services, and are generally only a useful thing to mess around with if you aren’t using Virtualmin. Virtualmin manages certs for other services, and automatically does the right thing most of the time, in terms of knowing whether SNI is supported, etc. and Webmin does not.

You never need to look at the Webmin cert page, when using Virtualmin.

Okay thank you both!

I do have a folowup question though - I had initially tried what you are suggesting, however since the hostname is a subdomain of a hosted domain, and the hostname as well - when I try to get a Let’s Encrypt certificate in Virtualmin it doesn’t work because the configuration to point to /var/www/html overrides the virtualmin sub-server.

What’s the best way to handle that?

That’s not where Virtualmin domains live. So, you’re not doing what I’m suggesting.

If you want a domain named with a subdomain, create it in Virtualmin as either a new Virtual Server or a Sub-server owned by the parent domain. You could also create it as an alias of the parent, and request a new domain for the parent+the subdomain at the same time (it’ll be the same cert that covers both names in that case, since they share a document root).

You’re making this much more complicated than it needs to be. A subdomain is just a name. But, Apache does not behave the way you think it does with regard to what you name the server. Once Apache has any VirtualHosts, the DocumentRoot outside of all VirtualHosts (the one you’re trying to use) doesn’t exist anymore. Apache goes into virtual hosting mode and no longer serves the website in /var/www/html until you create a VirtualHost that points to it. But, just create the danged thing in Virtualmin! Virtualmin is for managing websites, so stop trying all this different stuff.

But, also, I again ask why are you trying to do this? You do not need the hostname of the system to have a certificate once your have Virtualmin domains with certificates. Every Virtualmin domain with a certificate works with Webmin and Webmin will server the right certificate for that domain.

I guess I was mistaken, thank you for the help and helping me understand how this all works.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.