Problem to make new SSL certificates for new sites with VirtualMin and let's encrypt

Hello, I don't now if this is a general error or is me because I'm new but right now I have just one site in Virtualmin, that has the SSL certificate and Let's encrypt working with not problem, the same for email has the SSL certificate working fine. But if I add another site and activate the SSL for that site and also the email SSL the problem is that when I go back to the first site the SSL certificate it change for the new site and the browser tell me that the URL of the certificate doesn't match with the website and of course because now Virtualmin is taking the SSL certificate from the second website and not from the first one. What I can do I don't know so much about Virtualmin I was checking on google but I couldn't find any solution. Please Help me. If you need more information about my installation please just ask me. Thanks

Status: 
Active

Comments

Howdy -- thanks for contacting us!

We may need to take a look at your Apache config, after the second SSL certificate is enabled.

Would it be possible to enable that second SSL cert, and then run the following commands:

ifconfig
grep -i virtualhost /etc/apache2/sites-enabled/*

The output of those commands will give us an idea of what's going on there... thanks!

Hello, I've the same problem since yesterday. I've done your command as you suggedsted: ifconfig grep -i virtualhost /etc/apache2/sites-enabled/*

and the mistake is this: for all domain since 2 days ago the result is:

/etc/apache2/sites-enabled/mydomain.eu.conf: <VirtualHost *:80>

/etc/apache2/sites-enabled/mydomain.eu.conf: </VirtualHost>

/etc/apache2/sites-enabled/mydomain.eu.conf: <VirtualHost *:443>

/etc/apache2/sites-enabled/mydomain.eu.conf: </VirtualHost>

but the last domain added yesterday, the result is:

/etc/apache2/sites-enabled/mylastdomain.eu.conf: <VirtualHost *:80>

/etc/apache2/sites-enabled/mylastdomain.eu.conf: </VirtualHost>

/etc/apache2/sites-enabled/mylastdomain.eu.conf: <VirtualHost 85.90.247.70:443>

/etc/apache2/sites-enabled/mylastdomain.eu.conf: </VirtualHost>

In fact it puts offline all my websites, apache2 shut down, and all domains that have Let's Encrypt installed return me the error: www.mydomain.eu use a not valid security certificate . The certificate is not trustworthy because it's self-signed. Il certificate is valid only for mylastdomain.eu. Errore code: SEC_ERROR_UNKNOWN_ISSUER

Please, could you help me too. Best Mike

Hi andreychek, I followed your suggestion and your link about the issue I've fixed my VPS, but every time that I add a new virtual server from virtualmin the problem resubmit :( Please, how can I resolve this problem? Have you other suggestions? I haven't found anything about it.... Thank you in advance for your help Best Mike

Now that you've made those changes, what is the current output of the "grep" command from above?

but the new last domain added now, the result is:

/etc/apache2/sites-enabled/mynewdomain.eu.conf: <VirtualHost *:80>

/etc/apache2/sites-enabled/mynewdomain.eu.conf: </VirtualHost>

/etc/apache2/sites-enabled/mynewdomain.eu.conf: <VirtualHost 85.90.247.70:443>

/etc/apache2/sites-enabled/mynewdomain.eu.conf: </VirtualHost>

So I change the file in /etc/apache2/sites-enabled/mynewdomain.eu.conf and at the line:

<VirtualHost 85.90.247.70:443>

I change manually in:

<VirtualHost *:443>

restart apache2 and it works, but every time I have to fix it manually the file in /etc/apache2/sites-enabled/*

Can you show us the full output of the grep command though, after you fixed the above two things?

That will help us better understand what's going on there.

Hi @andreychek I add a new virtual server and this is the problem. This is the output before to add the virtual server:

grep -i virtualhost /etc/apache2/sites-enabled/*
/etc/apache2/sites-enabled/000-default.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/000-default.conf:</VirtualHost>
/etc/apache2/sites-enabled/atompanel.eu.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/atompanel.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/atompanel.eu.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/atompanel.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/avaloncapital.it.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/avaloncapital.it.conf:</VirtualHost>
/etc/apache2/sites-enabled/avaloncapital.it.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/avaloncapital.it.conf:</VirtualHost>
/etc/apache2/sites-enabled/filmogenic.eu.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/filmogenic.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/filmogenic.eu.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/filmogenic.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/fineartdesign.co.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/fineartdesign.co.conf:</VirtualHost>
/etc/apache2/sites-enabled/fineartdesign.co.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/fineartdesign.co.conf:</VirtualHost>
/etc/apache2/sites-enabled/mangiocucinoviaggio.com.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/mangiocucinoviaggio.com.conf:</VirtualHost>
/etc/apache2/sites-enabled/tradingroom.one.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/tradingroom.one.conf:</VirtualHost>
/etc/apache2/sites-enabled/tradingroom.one.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/tradingroom.one.conf:</VirtualHost>
/etc/apache2/sites-enabled/tradingroom.one.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/tradingroom.one.conf:</VirtualHost>

but when I add a new virtual server (in this case "txad.co") and I flag the box "Setup SSL website too" in "Enable Features" the result is

grep -i virtualhost /etc/apache2/sites-enabled/*
/etc/apache2/sites-enabled/000-default.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/000-default.conf:</VirtualHost>
/etc/apache2/sites-enabled/atompanel.eu.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/atompanel.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/atompanel.eu.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/atompanel.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/avaloncapital.it.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/avaloncapital.it.conf:</VirtualHost>
/etc/apache2/sites-enabled/avaloncapital.it.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/avaloncapital.it.conf:</VirtualHost>
/etc/apache2/sites-enabled/filmogenic.eu.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/filmogenic.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/filmogenic.eu.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/filmogenic.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/fineartdesign.co.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/fineartdesign.co.conf:</VirtualHost>
/etc/apache2/sites-enabled/fineartdesign.co.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/fineartdesign.co.conf:</VirtualHost>
/etc/apache2/sites-enabled/mangiocucinoviaggio.com.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/mangiocucinoviaggio.com.conf:</VirtualHost>
/etc/apache2/sites-enabled/tradingroom.one.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/tradingroom.one.conf:</VirtualHost>
/etc/apache2/sites-enabled/tradingroom.one.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/tradingroom.one.conf:</VirtualHost>
/etc/apache2/sites-enabled/tradingroom.one.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/tradingroom.one.conf:</VirtualHost>
/etc/apache2/sites-enabled/txad.co.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/txad.co.conf:</VirtualHost>
/etc/apache2/sites-enabled/txad.co.conf:<VirtualHost 85.90.247.70:443>
/etc/apache2/sites-enabled/txad.co.conf:</VirtualHost>
/etc/apache2/sites-enabled/videoeditingservice.eu.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/videoeditingservice.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/videoeditingservice.eu.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/videoeditingservice.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/wikicinema.info.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/wikicinema.info.conf:</VirtualHost>
/etc/apache2/sites-enabled/wikicinema.info.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/wikicinema.info.conf:</VirtualHost>
/etc/apache2/sites-enabled/wikimarketing.eu.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/wikimarketing.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/wikimarketing.eu.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/wikimarketing.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/wpbooster.eu.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/wpbooster.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/wpbooster.eu.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/wpbooster.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/wpeasy.eu.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/wpeasy.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/wpeasy.eu.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/wpeasy.eu.conf:</VirtualHost>
/etc/apache2/sites-enabled/xlr8r.it.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/xlr8r.it.conf:</VirtualHost>
/etc/apache2/sites-enabled/xlr8r.it.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/xlr8r.it.conf:</VirtualHost>
/etc/apache2/sites-enabled/zerorisksecurity.co.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/zerorisksecurity.co.conf:</VirtualHost>
/etc/apache2/sites-enabled/zerorisksecurity.co.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/zerorisksecurity.co.conf:</VirtualHost>

In fact for example if you try to connect to txad.co you can see the courtesy page correctly in SSL mode without errors, but for example you try to connect to fineartdesign.co with mozilla firefox, you see an error and firefox says that the certificate used for fineartdesign.co is not valid and it's valid only for the domain txad.co with error code: SSL_ERROR_BAD_CERT_DOMAIN. So to fix this problem I must open the file /etc/apache2/sites-enabled/txad.co.conf and change this part of code:

<VirtualHost *:80>
SuexecUserGroup "#1032" "#1032"
ServerName txad.co
ServerAlias www.txad.co
ServerAlias webmail.txad.co
ServerAlias admin.txad.co
DocumentRoot /home/txad/public_html
ErrorLog /var/log/virtualmin/txad.co_error_log
CustomLog /var/log/virtualmin/txad.co_access_log combined
ScriptAlias /cgi-bin/ /home/txad/cgi-bin/
ScriptAlias /awstats/ /home/txad/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/txad/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/txad/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/txad/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/txad/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.txad.co
RewriteRule ^(.*) https://txad.co:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.txad.co
RewriteRule ^(.*) https://txad.co:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
RedirectMatch ^/(?!.well-known)(.*)$ https://txad.co/$1
<Files awstats.pl>
AuthName "txad.co statistics"
AuthType Basic
AuthUserFile /home/txad/.awstats-htpasswd
require valid-user
</Files>
</VirtualHost>
<VirtualHost 85.90.247.70:443>
SuexecUserGroup "#1032" "#1032"
ServerName txad.co
ServerAlias www.txad.co
ServerAlias webmail.txad.co
ServerAlias admin.txad.co
DocumentRoot /home/txad/public_html
ErrorLog /var/log/virtualmin/txad.co_error_log
CustomLog /var/log/virtualmin/txad.co_access_log combined
ScriptAlias /cgi-bin/ /home/txad/cgi-bin/
ScriptAlias /awstats/ /home/txad/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/txad/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/txad/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/txad/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/txad/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.txad.co
RewriteRule ^(.*) https://txad.co:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.txad.co
RewriteRule ^(.*) https://txad.co:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
SSLEngine on
SSLCertificateFile /home/txad/ssl.cert
SSLCertificateKeyFile /home/txad/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
<Files awstats.pl>
AuthName "txad.co statistics"
AuthType Basic
AuthUserFile /home/txad/.awstats-htpasswd
require valid-user
</Files>
SSLCACertificateFile /home/txad/ssl.ca
</VirtualHost>

So I fix it manually changing manually this line:

<VirtualHost 85.90.247.70:443>

in

<VirtualHost *:443>

And it runs. Ps I leave the error now in the file /etc/apache2/sites-enabled/txad.co.conf so you can see the error in one domain with SSL feature enabled. Hope I have explain better my problem now. Thanks in advance for your help. Mike.

Ah, I think I see the issue -- you would need to update all the Apache config files so that they all use "VirtualHost x.x.x.x:PORT".

None of them should have an asterisk in that VirtualHost line, they should all be using the IP address.

If any have an asterisk, it can cause Virtualmin to incorrectly use an asterisk when making new Virtual Servers.

Thank you for your help. Now I've understand where's the problem. Strange because I make a Re-Check configuration in Virtualmin but it says always that is ok and correct. Do you have any suggestion to fix this problem? Is there an alternative solution to reinstall all the VPS? :O Thank you again.

Sure, there's no need to reinstall -- just tweak the Apache config using the format described above.

That is, all those "VirtualHost *:80" lines you shared in Comment #8 above, just edit those files, and change those to read "VirtualHost x.x.x.x:80", where "x.x.x.x" is your IP address.

You'd want to do the same for references to both port 80 and for port 443.

Hi, I've done as you write me, but now when I add a new virtual server with "setup SSL website too" I can't install Let's Encrypt certificate and I receive this:

Requesting a certificate for demo.imballagginonino.it, www.demo.imballagginonino.it from Let's Encrypt ..
.. request failed : Failed to request certificate :

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying www.demo.imballagginonino.it...
Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 235, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 231, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 122, in get_crt
    raise ValueError("Error requesting challenges: {0} {1}".format(code, result))
ValueError: Error requesting challenges: 429 {
  "type": "urn:acme:error:rateLimited",
  "detail": "Error creating new authz :: Too many invalid authorizations recently.",
  "status": 429
}

But If I create a virtual server without SSL option, it works. Please, have you a suggestion? Thank you in advance. Mike

It sounds like you're close!

The error you're receiving at the moment suggests that Let's Encrypt is rate limiting your server... you may just need to wait 24 hours and then try again, and it should work at that point.

Ok, thank you. Many thanks. Mike