Trouble dealing with hostname and SSL certs

Virtualmin
16

No. The system hostname is unrelated to certificates for Virtualmin domains.

It’s not true. I’ve told you the system hostname is unrelated to Virtualmin domain certificates and Let’s Encrypt. If you don’t trust me, I don’t know who you’d believe.

Anyway, I can’t think through so many unrelated things. Please just forget about the system hostname for now. If you still want to do something with the system hostname, despite my recommendation to forget it exists, make a new topic for those questions. It absolutely has nothing to do with certificates for Virtualmin domains.

Let’s focus on fixing the Virtualmin domains, so this crazy long thread can end. That is a simple problem. It has known solutions, well-understood problems that can prevent validation from working.

The problems are always one of the following:

  1. DNS. Do you have records for all of the names you’re trying to request a certificate for and do they all point to the right IP? Make sure you are not requesting certificates for names that do not have records. If you’re requesting a cert for the automatically generated alias names like admin.domain.tld cert, you need an A record for it, or you need to disable those automatic aliases when requesting the certificate. You cannot request a cert for a name that does not exist.
  2. Something is sucking up the request before it reaches the filesystem where the validation file is generated. If you have proxy rules or redirect rules for an application, anything happening in .htaccess, it needs to exclude the .well-known directory. Test this: Put a file in /home/domain/public_html/.well-known and request that file with your browser. If you can’t reach it, you must fix that.

Some things you can do to make your life easier:

  1. Disable features you aren’t using. If you aren’t managing DNS locally with Virtualmin, don’t let Virtualmin believe you are. Likewise, if you don’t use the admin or webmail redirects, disable them.
  2. Simplify the problem you’re trying to solve to one variable. This thread is all over the place, and I can’t keep up. I can tell you how to solve a problem with Virtualmin domains not being able to validate with Let’s Encrypt. We have hundreds of threads about that here, and they all got solved, because they were all the same two or three problems. If you focus, we can solve the problem easily.
1 Like