letsencrypt certs for subdomains and default website

Hi,

it is still Debian 9.4 (missing from dropdown menu Operating System), and i am wondering about two things:

  1. When i want to create a letsencrypt certificate in virtualmin, i always have the default of domain.tld, www.domain.tld and autoconfig.domain.tld I don't have autoconfig subdomain configured for my domains, which also is a problem, when i use subdomains like this: sub.domain.tld, which makes a default of www.sub.domain.tld, sub.domain.tld and autoconfig.sub.domain.tld, which doesn't make sense at all. Can i somewhere change this behaviour?

  2. in Virtualmin it says Default website for IP address? Yes (but only because it is alphabetically first) I don't want a default website being shown, which is one of my virtual servers. How to change that? I know, i read it somewhere a long time ago, but am not able to find this.

if someone can point me in the right direction...

thanks and best j_,m

Status: 
Active

Comments

Howdy -- thanks for contacting us!

As you've seen, it'll try to setup "autoconfig.domain.tld" anytime you obtain a Let's Encrypt SSL certificate.

The only way to prevent that is to specify the domains you want SSL certificates for during the creation process, by choosing the "Domain names listed here" option within the Manage SSL Certificates -> Let's Encrypt tab.

Regarding a default website -- due to the way Apache works, there is always a default website, there is no way to prevent that.

So you can change which website is the default, but it's not possible to get rid of it entirely.

You can set which website is the default by going into Server Configuration -> Website Options.

If you wanted, you could always make a new website with an empty or contains a bare minimum page, and use it as the default.

That's what i was wondering, why it would try to setup autoconfig.domain.tld; and i was hoping, i could configure that and remove that autoconfig globally. I used now the workaround by specifying the domains i want ssl certs for, and set renewal time to one month. I am now wondering, whether the renewal will hop on the default including autoconfig.domain.tld or the "Domain names listed here"?

Thanks and best j_m

I don't believe there is a way to prevent it from using "autoconfig" automatically, though Jamie will chime in if there is indeed a way to do that.

However, regarding renewals -- it will only try to renew your current certificate with the domains that are in it, it won't try and add additional domain names.

For service support please take care of this also as working on this issue could be related https://www.virtualmin.com/node/56819

While at start these autoconfig and autodiscover was in Le Cert Virtualmin, also renewal without errors, about 03-xx-2018 renewals auto and manual w ehave to use the domain list option without autoconfig and autodiscover in it while these are giving errors, seems pointing to yep default hostserverdomain.

But before this was no issue, apache only centos 7.4 virtualmin 6.x initial install september 2017 with virtualmin 6x

I know this here is for payed version, but i think maybe related...

The autoconfig hostname is used for IMAP autodiscovery by mail clients like Outlook and Thunderbird. But on the Let's Encrypt form, you can enter specific hostnames to request the cert for (and they will be used for renewals too).