Webmin SSL certificate for host.domain.com

Hi guys,
I have 2 servers.
1 has been running for a couple of years and is used for hosting, the other a new one.

On the new server, if i try to add letsencrypt SSL through Webmin>Webmin Configuration> SSL Encryption>Lets Encrypt, it fails!

Failed to request certificate : No virtual host matching server2.ajecreative.com.au was found

I realise no virtual host is found…its a certificate for the host itself!

the 2 VPS are as follows:

host1.mydomain.com (single static ip address)

• mydomain.com
• client1.com
• client2.com
• client3.com

host2.mydomain.com (single static ip address)

• client4.com
• client5.com
• client6.com

host2.mydomain.com is the new “shared hosting” server…it is currently a blank and doesnt actually have any clients on it, but webmin needs its own SSL for future SMTP and IMAP incoming and outgoing server settings for email client desktop pc apps to connect with via SSL/TLS or STARTTLS

For example, on a “shared host” with STARTLS encryption, (and because we dont have cpanel) the client would be needing to use the following settings for email client apps on their computers…

incomiing server would be host2.mydomain.com IMAP port 143
outgoing server would be host2.mydomain.com SMTP port 587

If it was cpanel, even on a shared host, my belief is that client apps can still use mail.client1.com for incoming and outgoing servers? We cant do that on a single ipaddress with multiple domains yet can we?

How can i get a letscencrypt certificate installed on the “shared hosting server” host2.domain.com so client desktop pc email apps can setup email accounts to connect with accounts on my server? (it has no virtual servers currently and i definately dont want to be using one of the future client domains for webmin/postfix/dovecot etc to use!)

BTW “mydomain.com” is the same on both servers and for the virtual mydomain.com on host1.

Try to add a vhost for apache (if you use it, otherwise create a listener file for the webserver you use) with the matching domain. After that, retry it.

I cant add the virtual host for apache, because the virtual host “mydomain.com” is on the other server (server1.mydomain.com)

This is new territory for me, I am obviously interested in maintaining my brand name across the network of hosting servers, i havent used multiple hosting servers with the same parent domain before…how do hosts normally do this for SSL certs for the various hosts to work? (do they create a generic wildcard certificate for the parent domain, then manually copy it between servers…which seems a bit of a slow way of doing it whenver the renewals are done)

could you elaborate a little on your second option “create a listener file on the other system”?

EDIT…
actually wouldnt i be better off using SAN certificate for this?

That would be one way.
You can still simply create a vhost and create it with the matching url for the panel.
Request a cert with that and it will work just fine.

To illustrate…lets say my brand was tesla.com. The following is what i have…

host1.tesla.com
-tesla.com (first virtual server on this system)

host2.tesla.com

I cant get the second system above to get its SSL cert from letsencrypt…is throws a missing virtual host error. I cant have tesla.com as a virtual host on two separate VPS.

If i use the SAN method, how do i do that in Webmin/Virtualmin?

Is the SAN method the best option for this?

What if i had a dozen servers with my brand…ie
host1.tesla.com
host2.tesla.com
host3.tesla.com
host4.tesla.com …and so on?

How do we certificates for all of those? which method is best if they are to be used for providing web and email hosting with numerous clients on each on?

Like I said, no need to bother that much about it.
Create a vhost with the matching URL (the FQDN you use). After that, you should be perfectly fine to request a certificate.
Otherwise make sure to select Domain names listed here (instead of the pre-selected Domains associated with this server) and type in the domains in need. You could try that first if you want.

I cannot get virtualmin to successfully obtain a letsencrypt SSL certificate for host1.tesla.com…it keeps throwing a “no apache virtual host” error!

As i said, apart from host1, none of the other servers have a thing on them…they are blank fresh virtualmin installs!

So how do i do this? Do i have to get all the hosts on a single certificate from host1.tesla.com, than manually copy to certificate to the other servers? Thats seems a bit of a dum way of doing this…cant we automate it?

Under normal circumstances you wont run a single subdomain on multiple servers.
Like I said, create a vhost for that subdomain and request a certificate again.
If you need certificates for other servers with other domains, do the same.

Can it be done this way?
Normally in virtualmin, the host.domain.com is not reachable via url…its set to throw an error. You are only meant to reach the host on port 10000 or a custom one…not port 80.

Ie “you dont have permission to access this resource”

When one attempts to apply for letsencrypt ssl, it will then throw a 404 error.

It can be done like that.
If you want to be sure, you can simply put a redirect inside the vhost file itself to the matching ports.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.