Let's Encrypt problem with some domains

3 posts / 0 new
Last post
#1 Sat, 04/27/2019 - 11:29
Glock24

Let's Encrypt problem with some domains

Hello,

I recently did a clean install of Debian 9 and Virtualmin, and recreated all virtual servers and manually transferred all mail, public_http contents and databases. All went fine, except for the Let's Encrypt certificates. At first the certificate request failed for most domains due to a http -> https redirect that somehow created a redirect loop.

I managed to get the certificates for most virtual servers, but two of them remain problematic. Even from the console the certificate request fails. Here's what I get:

#virtualmin generate-letsencrypt-cert --domain somedomain.tld --renew 2
Requesting SSL certificate for somedomain.tld www.somedomain.tld mail.somedomain.tld autoconfig.somedomain.tld autodiscover.somedomain.tld ..
.. failed : Web-based validation failed : Failed to request certificate : Gave up waiting for validation
DNS-based validation failed : Failed to request certificate : Gave up waiting for validation

But if I request the certificate using the staging environment it works:

# virtualmin generate-letsencrypt-cert --domain somedomain.tld --renew 2 --staging
Requesting SSL certificate for somedomain.tld www.somedomain.tld mail.somedomain.tld autoconfig.somedomain.tld autodiscover.somedomain.tld ..
.. done

Copying to webserver configuration ..
.. done

Applying web server configuration ..
.. done

So something must be wrong there.

Also, previously I used a certificate with multiple domains for postfix, like this:

maindomain.tld www.maindomain.tld mail.maindomain.tld mail.domain1.tld mail.domain2.tld mail.domain3.tld

But now that one also fails.

All Let's Encrypt functionality worked correctly in the previous install.

Sun, 04/28/2019 - 04:46
just_me

i had a problem with the autodiscover & autoconfig subdomain. either you have a * in your DNS as an A record, or you create an autodiscover & autoconfig subdomain or you leave it out of the cert creation.

Best j_m

Mon, 04/29/2019 - 16:39 (Reply to #2)
Glock24

Hi,

I tried with and without autodiscover & autoconfig subdomains, but it always failed with the same error. The strange thing is that the certificate requests failed only for some of the virtual servers, and worked fine in others.

Last night (after a lot of reading) I installed certbot and requested the certificates using:

certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d 'domain1.tld,domain2.tld'

After having done this requesting the certificate trough Virtualmin's interface also worked again. Maybe virtualmin is now using certbot instead of generate-letsencrypt-cert?

Topic locked