Trouble with Let's Encrypt - Request succeeds, cert doesn't work

Virtualmin
1
SYSTEM INFORMATION
OS type and version Ubuntu 22.04
Webmin version 2.202
Virtualmin version 7.20.2
Webserver version Apache version 2.4.52
Related packages - not sure -

Hi folks, I’m having trouble getting a Let’s Encrypt certificate for my host using Virtualmin. (I have used Virtualmin dozens of times to get LE certs for other domains and it has always worked fine.)

I have provided details below, but here’s what I see: I used Virtualmin to set up my host. It probably generated a self-signed certificate. I had trouble configuring the host, so I have worked on/moved the DocumentRoot a couple times but it’s now at /home/netperf/public_html The content of the site works exactly as expected.

Today: I used the Let’s Encrypt tab to request a certificate for “domains associated with this server” (netperf.bufferbloat.net). Virtualmin reports success at getting a certificate. I noticed a .well-known directory appear briefly in DocumentRoot during the process. (It’s gone now.)

BUT… Browsing to the site gives a certificate error. It appears that the certificate has been issued for atl.richb-hanover.com, which is the canonical name of the host.

Now I have made too many requests of the Let’s Encrypt server. I have to wait two days to try again.

How could this go wrong? What can I do to get better? What other troubleshooting info could I provide? Many thanks!

Details

My domain is: netperf.bufferbloat.net

I ran this command: Using Virtualmin 7.20.2, using the obvious Let’s Encrypt tab.

It produced this output: Virtualmin reported success several times. But now I have requested too many identical cert’s and have to wait a while

My web server is (include version): Apache version 2.4.52

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Ramnode

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Virtualmin 7.20.2

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.21.0

2

Unless that name is an alias of this domain or some other thing that would make it respond on this name, this is very likely some variant of “The Wrong Site Shows Up”.

Could be mixing and matching * and IP-based VirtualHosts, or misconfigured IPv6.

Have a look at the VirtualHost configuration for this domain vs all the others. Something is wrong that’s making Apache serve atl.richb-hanover.com when that’s not what was requested.

3

the certificates are located in different locations on each server?

I guess if view certificates as well and make sure they different as well.

image
image1172×315 31.1 KB

4

@joe @stefan1959 Thanks for the speedy response. I think you are right - there must be some confusion about atl.richb-hanover.com and * and netperf.bufferbloat.net

When I initially set up the virtual server, I noticed that Virtualmin’s default web page for the netperf site displayed atl.richb-hanover.com. “Hmmm… That’s odd, I mumbled…” but still I forged ahead.

To resolve this problem, I used Virtualmin to completely delete and re-create the netperf site. (I checked: the default home page said netperf.bufferbloat.net this time.) I then copied all the files to /home/netperf/public_html, and the web page works as expected.

I still have a SSL problem (I need to wait 'til mid-day tomorrow to re-submit my Let’s Encrypt request). The fact that the original “default web page” had the wrong host name, and that it was correct after re-creating the site gives me a good feeling about this.

I will leave this open 'til I am able to get the new SSL certificate, but I am hopeful that I won’t be bothering you further :slight_smile: Thanks again

5

You haven’t name the servers hostname the same as one of the virtual server by any chance, that can cause issues.

6

No, I don’t think I have done this. (Although, I wasn’t paying enough attention the first time 'round to say for sure.) I started with a fresh Virtualmin install on a new VPS, then used Virtualmin to create (and now to delete) the netperf.bufferbloat.net host, then re-created it. Here’s the current state:

image
image1720×348 61.4 KB

Is there anything else I should check prior to requesting the Let’s Encrypt certificate mid-day tomorrow? Thanks

7

PS I am using an external DNS server, not the one on this host, if that makes a difference. I am pretty sure (but can’t be certain) that I did NOT use Virtualmin to set up a DNS for netperf the first time 'round.

8

Thats shouldn’t matter as long as you have records for the names you request certs for.

name here shouldn’t be the same as the virtual server name.

image
image1507×538 43.9 KB

9

Good news. As detailed above, I deleted my Virtualmin host, then re-created it.

I just requested and received a Let’s Encrypt certificate and the site works. Thanks!

2 Likes
10

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.