Let's Encrypt failing with Virtualmin

Help
1

Hi folks, I'm having trouble getting a Let's Encrypt certificate for my host using Virtualmin. (I have used Virtualmin dozens of times to get LE certs for other domains and it has always worked fine.)

I have provided details below, but here's what I see: I used Virtualmin to set up my host. It probably generated a self-signed certificate. I had trouble configuring the host, so I have worked on/moved the DocumentRoot a couple times but it's now at /home/netperf/public_html The content of the site works exactly as expected.

Today: I used the Let's Encrypt tab to request a certificate for "domains associated with this server" (netperf.bufferbloat.net). Virtualmin reports success at getting a certificate. I noticed a .well-known directory appear briefly in DocumentRoot during the process. (It's gone now.)

BUT... Browsing to the site gives a certificate error. It appears that the certificate has been issued for atl.richb-hanover.com, which is the canonical name of the host.

Now I'm in the doghouse - I have made too many requests. I have to wait two days to try again.

But how could this go wrong? What can I do to get better? What other troubleshooting info could I provide? Many thanks!

Details

My domain is: netperf.bufferbloat.net

I ran this command: Using Virtualmin 7.20.2, using the obvious Let's Encrypt tab.

It produced this output: Virtualmin reported success several times. But now I have requested too many identical cert's and have to wait a while

My web server is (include version): Apache version 2.4.52

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Ramnode

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Virtualmin 7.20.2

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

2

PS here's the link to the history: https://crt.sh/netperf.bufferbloat.net

3

Do you configure Apache manually? Or is that done by VirtualMin?

Because, yes, you have gotten many certs recently. But, something has not updated Apache to use them.

I am not a VirtualMin expert but either your hosting service or a VMin forum might be better. This is all about system configuration and not so much certs. Whoever provided that VMin system would know better than us (at least me) why it failed to apply the cert you got.

The crt.sh link you provided doesn't show anything. That is not the usual format. But, below is a nicer output of recently issued certs so you can better see what happened

image
image1926×1602 385 KB

It is from this tool but sometimes, like now, it cannot connect to crt.sh so I provided a pic
https://tools.letsdebug.net/cert-search

3 Likes
4

Hi Mike, Thanks for the speedy response. I like Virtualmin because it does configure all this stuff. And it usually works without any problems.

I also posted this question to the Virtualmin forum as well. You're probably right that they may be able to provide more troubleshooting help.

Thanks again.

2 Likes
5

Follow-up to this report. I think this is definitely solved - the folks at the Virtualmin forum gave me some hints (see the link above) about how I might have mis-used Virtualmin to cause this

2 Likes
6

Good news. You were correct - the Virtualmin host name was misconfigured.

I deleted and re-created the site, then applied for a new Let's Encrypt certificate, and Presto! It's working. Thanks again

3 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.