Change validation method

Draega · December 5, 2023, 10:14pm

The operating system my web server runs on is (include version): Ubuntu 22.04

I can login to a root shell on my machine Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):Virtualmin

I have a fully functioning Certificate. I was using the Acme Bot that was provided with Abyss Web Server and using DNS challenge to authenticate. I have since switched to a VPS running Ubuntu 22.04 and Virtualmin. I was able to export and import my ssl certs to the new site and everything is working fine. Issue is I would like to change to HTTP authentication when the certificate expires in 77 days. I tried a test renewal on the new system and it complained that there was no acme challenge in the DNS records. That was on me. I deleted the txt record when I was changing my DNS entries.
Is there a way to change the challenge type to HTTP going forward? I still have access to the old web server and I guess I could just renew there and export and import the crt and key again. But I would much prefer to automate it on the new server. Thank You.

MikeMcQ · December 5, 2023, 10:26pm

How did you do a "test renewal". Was that through VirtualMin or some other ACME client?

I see you are using Apache so it should not be difficult to setup HTTP challenge. I don't know much about VirtualMin but your hosting service should be able to help you.

That said, in the past you got wildcard certs which require the DNS Challenge.

Also, a DNS Challenge will require a different TXT value for each renewed cert. So, no worries that you deleted the old TXT record. It would not be used anymore anyway.

Bruce5051 · December 5, 2023, 10:30pm

Hello @Draega, welcome to the Let's Encrypt community.

Side notes:

The issued certificate https://crt.sh/?id=11321628560
SSL Checker doesn't like it.
nor does SSL Server Test: draega.net (Powered by Qualys SSL Labs)
or Hardenize Report: draega.net

The issue with the certificate is it is a wildcard certificate containing only *.draega.net;
it should also contain draega.net.

Draega · December 5, 2023, 10:36pm

Hi. Yes it was through Virtualmin.

Yes I was planning on changing from a wildcard when it was time to renew.

I was assuming as there is a certificate all ready for the domain using the wildcard I would not be able to issue a new certificate using draega.net and www.draega.net.

MikeMcQ · December 5, 2023, 10:44pm

Let's Encrypt will not prevent that. You could even have both at the same time although this is rarely useful I don't know what VirtualMin requires to switch methods.

Draega · December 5, 2023, 10:59pm

Hmmm. Interesting. I just assumed it wouldn't let me. I will attempt to create a new certificate for draega.net and www.draega.net when I get home later tonight. And just let the wildcard certificate expire.
Thanks!

Draega · December 6, 2023, 2:49am

Well that worked. Thanks a lot for your help!

system · January 5, 2024, 2:50am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.