I would like to suggest going through the list below on a virtual server that is not proxy through Cloudflare.
By the looks of it, you have problems with a re-direction and IPv6 not properly set up.
This is going by the errors you mentioned.
Hy @cyberndt, I appreciate you looking at this. I’ll try and clarify:
The subdomain for Webmin, webmin.mydomain.com, is able to obtain a certificate without problem. It is not proxied through Cloudflare.
I’m not using IPv6 at all. Not sure why that message came up for me the other day, but that at least has gone away.
I went ahead and created a test.mydomain.com account that is not proxied through Cloudflare. Before I created it, I verified that it had the correct IPv4 address.
But, I learned the reason it receives that error is because it is redirecting to mydomain.com/.well-known/acme-challenge from test.mydomain.com/.well-known/acme-challenge. (Notice it went from the subdomain to the root domain.) I figured this out when I performed a “Test connectivity” check during the SSL creation again and then attempted to load the site directly.
That doesn’t sound like a redirect. If it is simply serving the wrong site, it sounds like an Apache VirtualHost misconfiguration. Apache decides which site to serve based on an algorithm nobody understands, but if you have mixed * and IP VirtualHosts, Apache will serve something you didn’t expect. Similarly, if you have IPv6 config anywhere in the Apache VirtualHosts but not for every domain, you’ll get surprises.
There are all sorts of ways you can end up there. Restoring a domain that uses * into a server that is using IP based VirtualHosts, installing any of a number of web apps from system packages can do weird things to VirtualHosts (so don’t do that), IPv6 misconfiguration in Virtualmin or having it turned on and then disabling it later without cleaning up the configs that were created, etc.
Apache has bizarre, absolutely incomprehensible, virtual host selection rules. So…you have to take away all possible ways it can misinterpret your intentions because it will absolutely misinterpret you if there’s any way for it to.
