ssl failed on my newly created domain/virtual host with following error message.
Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for siamit.biz and 3 more domains An unexpected error occurred: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
As your screenshot shows when you create a new virtualmin server virtualmin with “helpfully” try to obtain other SSL certs for domains like admin. www. etc. This may work if virtualmin is also your DNS server. But if you are using a proxy service like cloudflare you must set up these sub domains to point to your server IP address
This is actually a real pain - it would be great if there was an option just to limit SSL certificate requests to only the actual domain that is asked for
There is. It’s right on the form for requesting a cert.
You can also configure Virtualmin for which of those extra records you want, at the Server Template level (and you should, you should tell Virtualmin what you want it to do, the defaults are not a law).
You can also tell Virtualmin it is not your DNS server (and you should, Virtualmin will offer a Suggested DNS Records page if you disable the DNS feature).
Thanks Joe. I’m keen to understand this as its been causing me some hassles as OpenSSL puts me on the ‘naughty chair’ for too many failed requests.
I understand that yes I can specify the domains under the SSL config as per OPs screenshot. My problem is that when I spin up a new virtualmin server it seems to automatically request all these extra sub-domains at the point of creation. Any solution or workaround?
If you do not want Virtualmin to manage DNS (or to believe it is managing DNS when it is not), you should turn off the DNS feature in Features and Plugins. You can also disable it on the domain creation form (“Setup DNS zone”).
If you do not want Virtualmin to create admin and webmail redirects, and thus the related DNS records and adding them to the certificate so TLS works, you should disable those redirects in Server Templates. This is not on the domain creation form, you have to do it in Server Templates.
If you do not want the mail alias, you can disable the mail feature (which also disables receiving mail for the domain…if you want mail for the domain, you should create the necessary records, A and MX, for it). You can also disable it on the domain creation form (“Accept mail for domain”).
Tell Virtualmin what you want, and it will do what you want.