LetsEncrypt fails on subdomains, fullchain.pem not found

So attempting to create a certificate for a subdomain "virtual server" results in failure by default due to Virtualmin attempting to prepend www. to a subdomain. So I use the "manual" domain entry field to just have the subdomain in question.

I get this when attempting to do that: Requesting a certificate for sub.example.com from Let's Encrypt .. .. request failed : Expected full certificate file /letsencrypt/live/sub.example.com-0004/fullchain.pem was not found

The result is LetsEncrypt is unusable for the subdomain from within Virtualmin.

Status: 
Active

Comments

Also, to note, a fullchain.pem exists at: /etc/letsencrypt/live/sub.example.com-0004/fullchain.pem

Its a symbolic link.

Someone else reported this - it can happen if the domain name is really long. The next release of Webmin will fix it.

Will this also be fixing Virtualmin attempting to prepend www. to sub-domains?

Do you get the error Expected full certificate file /letsencrypt/live/xyz/fullchain.pem was not found when requesting a cert for www.domain.com, or does that cause a different error?

If I just leave everything default, Virtualmin attempts to request a certificate for two names.
"www.sub.domain.com" and "sub.domain.com"

It fails because "www.sub.domain.com" is not valid. So I use the manual field to just specify "sub.domain.com".

When I do this I get: Expected full certificate file /letsencrypt/live/sub.example.com-0004/fullchain.pem was not found

Was this subdomain created as a domain in Virtualmin? Because normally all domains by default get a www.domain.com record.

I'll fix it so that the Let's Encrypt cert request doesn't include www if no such DNS record exists though.

The DNS is managed by CloudFlare. The only thing Virtualmin currently manages in our setup is Apache. Mail and DNS is disabled.

The setup is like:

"Top-level Server": domain.com
"Sub-server": sub.domain.com

Ok - this case will be handled properly in Virtualmin 5.02.

As Jamie stated in #2, I suppose it should be fixed in 5.02. But I am on 5.02 and long subdomain domain name (33 signs) and the error still occurs.

Facing the same Problem - domainname is 29 (33) Characters long and resolvable. Doesn't work neither when only trying to get a non www. cert.

I'm also on 5.02 and now I'm in a request loop thanks to trying out auto-renewal. I'm getting a mail every 5 minutes saying how this fails.

Ok, there's a separate bug that causes this for long domain names with the Let's Encrypt official client. It will be fixed in the next Webmin release.

Try running the code from terminal instead of virtualmin :

sudo letsencrypt --apache

it should ask you for the domains you want to use SSL cert for... select the ones that do not work from virtualmin. It should fix the issue..