OS type and version: CentOS Linux 7.9.2009
Webmin version: 1.981
Virtualmin version: 6.17 Pro
Hi everyone, hope you are all safe and well.
There must be some strange mis-configuration going on here so I’m happy to accept any suggestions.
I am having problems with slave DNS and Letsencrypt. I have set up to automatically create slave DNS (on another server) and that works except when request Letsencrypt cert is set to automatically request upon VS creation.
Steps to reproduce this:
In Virtualmin>System Settings>Virtualmin Configuration>SSL Category leave “Request Let’s Encrypt certificate at domain creation time” set to “No”.
Create a new VS in Virtualmin.
On screen note that it says “Creating slave zone on …” & “Done”
Check slave DNS server and see that the slave zone is set up and it does seem to be ok.
Now request a Letsencrypt cert in Virtualmin>Server Configuration>SSL Certificate and that does complete without issue.
All good so far.
In Virtualmin, delete the VS. Note that slave DNS is also deleted.
Now, this is where the trouble starts.
If I set “Request Let’s Encrypt certificate at domain creation time” set to “Yes” in Virtualmin>System Settings>Virtualmin Configuration>SSL Category so that a cert is generated when the VS is created the cert fails because the slave zone is not created. Despite the progress report on screen says “Creating slave zone on …” & “Done”
Checking the slave server I have confirmed that the slave zone is NOT created…
Update to add that I have had to start over with this server because I SNAFU it and couldn’t even get in via SSH/Putty (lesson learned, won’t do that again, I hope!).
Anyway, a complete re-install of the operating system and Virtualmin and the same issue exists.
In short, if “Request Let’s Encrypt certificate at domain creation time” is set then the slave DNS is not created and of course the cert fails as a result.
I will just chime in and say I did this just now and did not have the same issue.
My servers run Debian 10 and Virtualmin GPL (not that the GPL vs Pro should be an issue here), but might be CentOS related…?
Further to my reply about giving you access to the two servers should you wish to dig, in I thought it might be helpful if I did so rather than incurring the delays resulting from time zone.
Something has just dawned on me. I thought my messages to Jamie were in a sort-of PM system (is why I included credentials). OK, my last brain cell is dying of loneliness.
Also, when I click the “D” in a circle (sort of avatar) in the right of the blue bar across the top, it suggests tha Unborn has posted a reply. If that is the case, sorry I haven’t replied Unborn but I can’t see it.
Anyway, back to the problem in hand. In a desparate attempt to resolve this I have tried to start again with a fresh install of the OS but this time I have really paid close attention to every step but the problem still exists. If get Letsencrypt is enabled the slave DNS is NOT created and of course the cert application fails.
I had hoped that having a pro installation would get this sorted, perhaps I am being too impatient.
I’m still struggling with this and would like to get this server into production but really don’t feel justified until it is all sorted out.
I have read many posts here and elsewhere along similar lines but nothing I can find is very definitive.
Does anybody have any clues even.
Is there a log of this sort of failure? I know there is a LetsEncrypt log but that only shows the expected error that the cert failed. I guess I need to see logs of when the secondary is created. Where would I find those logs on both the master and the slave?
If I use “Transfer Virtual Server” fom the old (Centos 5) server to the new server (Centos 7) the transfer proceeds absolutely flawlessly. Terific module so many thanks for that.
What is interesting is that the Letsencrypt cert is successful!
EDITED TO ADD.
The original post here said that the LE cert was issued, Unfortunately I was looking at the wrong virtual server. The LE cert is NOT issued. It has been a long day already.
Sorry guys, gotta have a bit of a moan now. This is a Pro/paid for installation but this issue has been seemingly left to fester a little bit, no reply for some time and I am wondering if I have transgressed or worse. If there is nothing that can be done or you are just too busy to handle this right now, I would rather be told that instead of just being ignored. That’s it, rant over.
Still, my ongoing thanks for a teriffic application.
I only know that Create LE at domain creating time could be pa.n in the…
Not only Virtualmin.
Is depending to much how quick things are done and resolving, sometimes i don;t know where you can set some wait times higher somwhere.
Maybe you can find info about those in forumor webseacrh.
Also extra API’s … or scripts maybe to handle…
Because or error could be wrong order somewhere, so it handles first the Letsencrypt, is given error then the script slave dns is not done after that i don’t know??
Sorry, @Dim_Git we’re not ignoring you. Jamie just hasn’t had time to track down the cause yet. I’ll ping him and see if we’ll have a fix by the next release…it seems likely to be a small amount of code to fix it, but tracking it down might be a challenge; a lot of moving parts in making this work, and the order they happen in is also critical (and there are delays inherent in DNS changes).
Jotst, Many thanks for taking the time to read and reply, it is much appreciated. I can’t count the hours that I have dug around on the web trying to find an answer but nothing helped. I do appreciate your input though.