Virtualmin SSL Configuration

Virtualmin
1

Hello,

I´ve created a server in Virtualmin, when I check SSL Certificates I can see that all domains associated with this server pagos.smartienda.cl, www.pagos.smartienda.cl, mail.pagos.smartienda.cl, admin.pagos.smartienda.cl and
webmail.pagos.smartienda.cl has a Let´s Encrypt certificate, however when I go to www.pagos.smartienda.cl, I can notice that the connection is not secure.

Does anybody knows what should I do?

Regards,

Orlando Gautier

2

www.pagos.smartienda.cl doesn’t work for me. When I go to https://pagos.smartienda.cl I get an error that you’re using a self-signed certificate. Perhaps you need to activate the certificate somewhere.

3

Hello Craig,

The site is up and running, but I still have the same problem with SSL Certificates.

I’ve tried to request SSL Certificate from Virtuelmin SSL certificate module, and I got this messages:

Requesting a certificate for pagos.smartienda.cl, www.pagos.smartienda.cl, mail.pagos.smartienda.cl, webmail.pagos.smartienda.cl from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :

Requesting a certificate for pagos.smartienda.cl, www.pagos.smartienda.cl, mail.pagos.smartienda.cl, webmail.pagos.smartienda.cl from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :

Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 149, in get_crt
raise ValueError(“Challenge did not pass for {0}: {1}”.format(domain, authorization))
ValueError: Challenge did not pass for mail.pagos.smartienda.cl: {u’status’: u’invalid’, u’challenges’: [{u’status’: u’invalid’, u’url’: u’https://acme-v02.api.letsencrypt.org/acme/chall-v3/6175706611/62tnNA’, u’token’: u’SmoYKz2aEYktH0Hh60LAXrJzv184q0BIlKLQsux9N-g’, u’type’: u’http-01’, u’error’: {u’status’: 400, u’type’: u’urn:ietf:params:acme:error:dns’, u’detail’: u’DNS problem: NXDOMAIN looking up A for mail.pagos.smartienda.cl - check that a DNS record exists for this domain’}}], u’identifier’: {u’type’: u’dns’, u’value’: u’mail.pagos.smartienda.cl’}, u’expires’: u’2020-08-05T00:39:19Z’}

, DNS-based validation failed : Only the offical Let’s Encrypt client supports DNS-based validation

Requesting a certificate for pagos.smartienda.cl, www.pagos.smartienda.cl, mail.pagos.smartienda.cl, webmail.pagos.smartienda.cl from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :

Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 149, in get_crt
raise ValueError(“Challenge did not pass for {0}: {1}”.format(domain, authorization))
ValueError: Challenge did not pass for webmail.pagos.smartienda.cl: {u’status’: u’invalid’, u’challenges’: [{u’status’: u’invalid’, u’url’: u’https://acme-v02.api.letsencrypt.org/acme/chall-v3/6191393307/sqK73A’, u’token’: u’8BFErSjckQ5eGqL1Rg_VolAxLcN1vTCMIdUK6PvcnGE’, u’type’: u’http-01’, u’error’: {u’status’: 400, u’type’: u’urn:ietf:params:acme:error:dns’, u’detail’: u’DNS problem: NXDOMAIN looking up A for webmail.pagos.smartienda.cl - check that a DNS record exists for this domain’}}], u’identifier’: {u’type’: u’dns’, u’value’: u’webmail.pagos.smartienda.cl’}, u’expires’: u’2020-08-05T18:32:53Z’}
, DNS-based validation failed : Only the offical Let’s Encrypt client supports DNS-based validation

Virtualmin DNS Recors are:

pagos.smartienda.cl SOA - Start Of Domain nsde.smartienda.com. root.nsde.smartienda.com. 1595981893 3600 600 1209600 3600
pagos.smartienda.cl NS - Name Server nsde.smartienda.com.
pagos.smartienda.cl A - IPv4 Address 144.91.98.87
www A - IPv4 Address 144.91.98.87
ftp A - IPv4 Address 144.91.98.87
m A - IPv4 Address 144.91.98.87
localhost A - IPv4 Address 127.0.0.1
webmail A - IPv4 Address 144.91.98.87
mail A - IPv4 Address 144.91.98.87
pagos.smartienda.cl MX - Mail Server 5 mail.pagos.smartienda.cl.

Any suggestions?

Regards,

Orlando Gautier

4

Hi Orlando,

It looks to me like the problem is that your “www”, “webmail” and “mail” records are on smartienda.cl, not pagos.smartienda.cl. Unless those resolve properly your request for an LE certificate will fail.

Craig

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.