Submitted by Kigen on Sun, 04/03/2016 - 10:51
So attempting to create a certificate for a subdomain "virtual server" results in failure by default due to Virtualmin attempting to prepend www. to a subdomain. So I use the "manual" domain entry field to just have the subdomain in question.
I get this when attempting to do that: Requesting a certificate for sub.example.com from Let's Encrypt .. .. request failed : Expected full certificate file /letsencrypt/live/sub.example.com-0004/fullchain.pem was not found
The result is LetsEncrypt is unusable for the subdomain from within Virtualmin.
Status:
Active
Comments
Submitted by Kigen on Sun, 04/03/2016 - 10:58 Comment #1
Also, to note, a fullchain.pem exists at: /etc/letsencrypt/live/sub.example.com-0004/fullchain.pem
Its a symbolic link.
Submitted by JamieCameron on Mon, 04/04/2016 - 00:01 Comment #2
Someone else reported this - it can happen if the domain name is really long. The next release of Webmin will fix it.
Submitted by Kigen on Mon, 04/04/2016 - 10:18 Comment #3
Will this also be fixing Virtualmin attempting to prepend www. to sub-domains?
Submitted by JamieCameron on Mon, 04/04/2016 - 22:06 Comment #4
Do you get the error
Expected full certificate file /letsencrypt/live/xyz/fullchain.pem was not foundwhen requesting a cert forwww.domain.com, or does that cause a different error?Submitted by Kigen on Wed, 04/06/2016 - 13:25 Comment #5
If I just leave everything default, Virtualmin attempts to request a certificate for two names.
"www.sub.domain.com" and "sub.domain.com"
It fails because "www.sub.domain.com" is not valid. So I use the manual field to just specify "sub.domain.com".
When I do this I get: Expected full certificate file /letsencrypt/live/sub.example.com-0004/fullchain.pem was not found
Submitted by JamieCameron on Wed, 04/06/2016 - 22:04 Comment #6
Was this subdomain created as a domain in Virtualmin? Because normally all domains by default get a www.domain.com record.
I'll fix it so that the Let's Encrypt cert request doesn't include www if no such DNS record exists though.
Submitted by Kigen on Thu, 04/07/2016 - 12:44 Comment #7
The DNS is managed by CloudFlare. The only thing Virtualmin currently manages in our setup is Apache. Mail and DNS is disabled.
The setup is like:
"Top-level Server": domain.com"Sub-server": sub.domain.com
Submitted by JamieCameron on Thu, 04/07/2016 - 13:14 Comment #8
Ok - this case will be handled properly in Virtualmin 5.02.
Submitted by porzech on Fri, 04/29/2016 - 06:53 Comment #9
As Jamie stated in #2, I suppose it should be fixed in 5.02. But I am on 5.02 and long subdomain domain name (33 signs) and the error still occurs.
Submitted by JamieCameron on Sat, 04/30/2016 - 14:28 Comment #10
Can your VIrtualmin system resolve the IP address for www.domain.com ?
Submitted by mikt on Thu, 05/12/2016 - 05:56 Comment #11
Facing the same Problem - domainname is 29 (33) Characters long and resolvable. Doesn't work neither when only trying to get a non www. cert.
Submitted by Chiaki on Tue, 05/17/2016 - 08:06 Comment #12
I'm also on 5.02 and now I'm in a request loop thanks to trying out auto-renewal. I'm getting a mail every 5 minutes saying how this fails.
Submitted by JamieCameron on Tue, 05/17/2016 - 17:04 Comment #13
Ok, there's a separate bug that causes this for long domain names with the Let's Encrypt official client. It will be fixed in the next Webmin release.
Submitted by mikt on Mon, 05/23/2016 - 06:25 Comment #14
Still there in 5.03......
Submitted by JamieCameron on Mon, 05/23/2016 - 11:07 Comment #15
Can you try installing the 1.796 devel version from http://download.webmin.com/devel/rpm/ ? It should fix the PEM file issue.
Submitted by drew7721 on Sun, 08/07/2016 - 13:09 Comment #16
Try running the code from terminal instead of virtualmin :
sudo letsencrypt --apacheit should ask you for the domains you want to use SSL cert for... select the ones that do not work from virtualmin. It should fix the issue..