[EDIT] Solved after I found Default Server redirecting wrongly and realised what Joe keeps trying to tell us - that once you create virtual servers (for example but not limited to, in Virtualmin) the “default” website path of /var/www/html is no longer guaranteed.
Post 104399 includes the easy fix of creating a virtual server for the FQDN of the Webmin server. It doesn’t need mail, database, spam filtering or a webmin login so keeping a low attack surface.
What it does do is create a sure path for the LE process to store the validation file so it can be retrieved by Let’s Encrypt to obtain and renew the Webmin certificate.
In Webmin > Webmin configuration > SSL Encryption > Let’s Encrypt I set the Website root directory for validation file to Apache virtual host matching hostname which will later be updated to Other directory with the equivalent path./home/username/public_html.
I’ll leave part of my original post to show what goes wrong when you don’t configure it correctly.
What confused me initially was the line ** ```
Using the webroot path /var/www/html for all unmatched domains.
“Using with webroot path /var/www/html for all unmatched domains”.
That may have been where Webmin stored the validation file but it was not the path apache served up for an “unmatched domain”
The Virtualmin server will not renew its LE certificate. In fact I have 2 CentOS 7 servers and one CentOS 8. All are updated to latest Virtualmin and OS updates.
None of the servers will automatically renew their LE certificates. I do not have a virtual server for the domain used for the hostnames.
All virtual servers automatically renew LE certificates correctly every 2 months.
All servers give a 404 Not Found error to the uRL
The requested URL /.well-known/acme-challenge/filename was not found on this server.
even though the file exists with permissions 777.
However there is a difference between CentOS 7 and 8 servers.
CentOS 7 will renew the LE certificate manually
CentOS 8 manual renewal fails with
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for webmin_server Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Challenge failed for domain webmin_server http-01 challenge for webmin_server Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: webmin_server Type: unauthorized Detail: Invalid response from http://webmin_server/.well-known/acme-challenge/pBeYT9ArD4tAMu42ux2vMiXSC_MY3SLoMzHgoNWZMxI [ip.ip.ip.ip]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
I figure the problem is in Apache but I cannot work out why it will not server the file.