SSL Problems Need Some Help Please

Help! (Home for newbies)
1

Operating system: CentOS Linux 7.9.2009
Webmin version: 1.991
Usermin version: 1.840
Virtualmin version: 7.0
Authentic theme version: 19.91.2
Kernel and CPU: Linux 3.10.0-1160.62.1.el7.x86_64 on x86_64

Hi
I’m a newbie and prefer to work with menus not too much coding if possible
one of the websites hosted on a virtualmin server with my hosting
the SSL did not renew automatically, So I tried just getting a new SSL from lets encrypt and below is what I got:

Requesting a certificate for MYDOMAIN.com, www.MYDOMAIN.com from Let’s Encrypt …
… request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate for MYDOMAIN.com and www.MYDOMAIN.com
Performing the following challenges:
http-01 challenge for MYDOMAIN.com
http-01 challenge for www.MYDOMAIN.com
Using the webroot path /home/priyaexc/public_html for all unmatched domains.
Waiting for verification…
Challenge failed for domain MYDOMAIN.com
Challenge failed for domain www.MYDOMAIN.com
http-01 challenge for MYDOMAIN.com
http-01 challenge for www.MYDOMAIN.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: MYDOMAIN.com
    Type: unauthorized
    Detail: 5.189.166.189: Invalid response from
    http://MYDOMAIN.com/.well-known/acme-challenge/yFdl8zW4noeCf8o1DZ5_Fnmq5m_11bWTaf-YIqwGsSU:
    404

    Domain: www.MYDOMAIN.com
    Type: unauthorized
    Detail: 5.189.166.189: Invalid response from
    http://www.MYDOMAIN.com/.well-known/acme-challenge/N8uOh9jd3Ub45WFimkw-ghb9fnqojzj4PfnK9X9oDNU:
    404

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.
    DNS-based validation failed :
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator manual, Installer None
    Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
    Renewing an existing certificate for MYDOMAIN.com and www.MYDOMAIN.com
    Performing the following challenges:
    dns-01 challenge for MYDOMAIN.com
    dns-01 challenge for www.MYDOMAIN.com
    Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
    Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
    Waiting for verification…
    Challenge failed for domain MYDOMAIN.com
    Challenge failed for domain www.MYDOMAIN.com
    dns-01 challenge for MYDOMAIN.com
    dns-01 challenge for www.MYDOMAIN.com
    Cleaning up challenges
    Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
    Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
    Some challenges have failed.
    IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: MYDOMAIN.com
    Type: unauthorized
    Detail: No TXT record found at _acme-challenge.MYDOMAIN.com

    Domain: www.MYDOMAIN.com
    Type: unauthorized
    Detail: No TXT record found at
    _acme-challenge.www.MYDOMAIN.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

I’ve checked the A Records on both where the Domain registrar is and hosting is as well and they all match and are correct
As for nameservers I’m using the domian registrars for name only - just using A records to point to my IP on virtualmin.

Please see if you can help - if there is a straight forward way (using menus) to do this = if not well I’ll try the coding way…
Thanks so much
Regards
ASM

2

The IP in the error goes to https://brightweightuk.com/ which is working just fine. If that’s your site I would have to guess that the problem is simply that you don’t have Virtualmin handling all of your DNS. You’re allowing the name registrar to do that, so Virtualmin thinks you don’t have a site at all when fact is it works just fine.

You’ve got something configured wrong. The site is working, but it’s working through more serendipity than it is design.

You should be just changing the name servers at your domain registrar to the name servers you have on Virtualmin and then set all of your A records, etc. in Virtualmin.

3

No! The website https://brightweightuk.com/ has become the default site if you can’t get to the site - I really don’t know how that happened - Ideally at present i don’t want any default site = but don’t know how to remove this. - please help on this as well…

The SSL problem seems to have resloved itself…
I had this default site coming up when I was trying to get the website: trianglecctv.com going, however after all that when I finally got the actual website working instead of the default = the SSL started to work without me doing anything to it - and it now says: Expiry date Aug 2 11:32:50 2022 GMT
Hope it renews automatically after that :blush:

Please help if you can about removing this default site as it does occasionally interfere with other websites I have as well.
I guess I’ll have to buy a domain and make a website that says “Oops We are working on the problem, Please come back a little later” and make that a default site (that is if I absolutley must have a default website)

Thanks
Regards
ASM

4

Virtualmin will always default to whatever your default webserver is when there’s an issue with another site. You can select which site you want to be the default by going to whatever virtual server you want to be the default, going to website options and clicking on the default website for IP address option.

What some folks will do that host multiple different sites is set up their own domain and make it the default like you’re talking about doing.

5

@ASM2 well my reply to you just contact @ staff and do not follow just or may be or net links without proper backup… gomez seems to be right - but gomez could be anyone - and we do not trust anyone… just ask staff or wait for more repines - unless you have last night backup which does WORK - unless that - if not staff - do not trust it…

6

Thanks for the reply unborn - true - makes sense & I’ve learnt my lesson once… :smiley:
I’m quite new to this forum and so how do I go about contacting staff? or do i just wait for all the replies and hope one of them is from staff?
I looked but can’t see it anywhere - … must be in front of my nose… but Grrrr…
Please let me know
Thanks again
ASM

7

just put @ and staff into one word…

8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.