I have a problem with the wrong SSL certificate appearing on virtual hosts. I setup Lets Encrypt several months ago for 3 domains and thought all was working Ok but I have just discovered that the renewal did not work and the domains have expired. I tried to renew but it failed due to too many attempts. I then found that they .well-known folders for Lets Encrypt all had over 4000 verification files in them. Then I discovered that all domains end up with the expired certificate from an expired Lets Encrypt domain, I have had to disable SSL on the 3 domains to restore the paid certificates on other domains to operation.
I am at a loss as to how to trouble shoot this issue, I need some help please.
Operating system Debian Linux 8
Webmin version 1.844
Usermin version 1.711
Virtualmin version 5.99
Firstly, if you are receiving the “too many attempts” warning, stop the auto update script or this will just continue until such time that your domains are blocked by LE (but that may already be too late). Did you use VM or WM to create the certificates? I believe they are the same but it is advised to always use VM when doing anything to the sites unless it’s something that VM can’t handle, which isn’t much. As for resolving the issue, well, I’m not sure about that, I would need to look deeper at the issue but I know when I had an issue with getting LE to authorise, I had to delete the current certificates and rebuild them. Eventually I found it was a permissions issue on the individual domains .well-know/acme-challenge folder. There is also no reason why you can’t use a single certificate for all sites as long as they are all accessible. Multiple domains and aliases can be used under a single LE certificate; I believe it’s up to 100 entries in a single certificate.
hi, le have limits to renew for week or so, i suggest you to wait about 7 days and then turn lets encrypt on with automatic renewal for every 2 months not 3 - this will give you plenty of time to troubleshoot if renewal would not work (1month of valid ssl still) also use the list for domains and remove mail.domian.com - basically say on list www.yourwebsite-domain.com and yourwebsite-domain.com - click save and it will work again.
hi there, can you please stop suggesting to lovely people on this forums rubbish ? Please! LE will never block anyone, its limits they have set up… after week he would be fine to renew (what do you mean by already be too late???)… again DUH!
- i do not want to offed anyone but bad advice is worse than no advice adelphia.
Fine, I won’t try and help any more. What’s the difference between blocking and waiting for 7 days? Did I say it would be blocked permanently? This is the second post you have criticised me on and the only difference is the way you say it.