Hullo!
I have a LetEncrypt Certificate enabled using the excellent tool provided within VirtualMin:
Server Configuration / Manage SSL Certificate / Let's Encrypt
It works perfectly for those domains which it lists in "Domains associated with this server":
mysite.com
www.mysite.com
But I still have issues with important subdomains of the site, including "mail":
webmail.mysite.com
smtp.mysite.com
mail.mysite.com*
ded.mysite.com
The "*" being especially important, as I can not currently receive mail through the site using client software.
Is there an easy way to add the four required subdomains to the certificate?
My plan was to merely complete the "Domain names listed here" section of the Let's Encrypt page with the two existing "Domains associated with this server" while adding the new domains. However, I'm worried that this will break everything. I mean everything: government everywhere crumbles… the world thrown into anarchy… puppies cry… that kind of thing.
Alright. I went ahead and tried a new "Request Certificate For" and chose the "domain names listed here". The result was an error and rejection:
DNS-based validation failed: Failed to request certificate.and then:Gave up waiting for validationThe full list of domains that I submitted was:
mysite.comwww.mysite.com
mail.mysite.com
smtp.mysite.com
ded.mysite.com
The first attempt reported:
And a second attempt, in which I eliminated only the "ded" name resulted in this:
What am I missing?
Hi, I found something similar testing in my new server, the problem I have is that the sub-server newly created had no index.html in /public_html. Means, Let's encrypt can't check ownership of the sub-server. My problem is related that my skeleton folder only seems to work with main domain and is copied below /public_html for a sub-server, not found yet what is causing that,
Make sure you have a index.html file in the sub-server and it should work.
Hi, TheRavenKing.
An HTML index (php, rather) exists, and the web certification seems to work well already.
I am still wondering how I can extend the certificate (or maintain more certificates) to cover
mail.andded.I think that I am able to add a subdomain to the existing certificate from the command line by keying this:
./certbot-auto --apache -d mail.mysite.com --agree-tosHowever, I am met with an error:
Could not install OS dependencies. Aborting bootstrap!I am unsure why we are confronted with a dependency error. Everything is up to date according to Webmin. Here is the full text:
Bootstrapping dependencies for RedHat-based OSes that will use Python3... (you can skip this with --no-bootstrap)
yum is /usr/bin/yum
yum is hashed (/usr/bin/yum)
Loaded plugins: fastestmirror, replace, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.netflash.net
* epel: download-ib01.fedoraproject.org
* extras: centos.mirror.globo.tech
* ius: ius.mirror.constant.com
* ius-archive: ius.mirror.constant.com
* remi: mirror.team-cymru.com
* remi-safe: mirror.team-cymru.com
* updates: centos.mirror.globo.tech
Package gcc-4.4.7-23.el6.x86_64 already installed and latest version
Package augeas-libs-1.0.0-10.el6.x86_64 already installed and latest version
Package openssl-1.0.1e-57.el6.x86_64 already installed and latest version
Package openssl-devel-1.0.1e-57.el6.x86_64 already installed and latest version
Package redhat-rpm-config-9.0.3-51.el6.centos.noarch already installed and latest version
Package ca-certificates-2018.2.22-65.1.el6.noarch already installed and latest version
Package 2:mod_ssl-2.2.15-60.el6.6vm.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package libffi-devel.x86_64 0:3.0.5-3.2.el6 will be installed
---> Package python34.x86_64 0:3.4.8-1.el6 will be installed
--> Processing Dependency: python34-libs(x86-64) = 3.4.8-1.el6 for package: python34-3.4.8-1.el6.x86_64
--> Processing Dependency: libpython3.4m.so.1.0()(64bit) for package: python34-3.4.8-1.el6.x86_64
---> Package python34-devel.x86_64 0:3.4.8-1.el6 will be installed
--> Processing Dependency: python3-rpm-macros for package: python34-devel-3.4.8-1.el6.x86_64
--> Processing Dependency: python-rpm-macros for package: python34-devel-3.4.8-1.el6.x86_64
---> Package python34-tools.x86_64 0:3.4.8-1.el6 will be installed
--> Processing Dependency: python34-tkinter = 3.4.8-1.el6 for package: python34-tools-3.4.8-1.el6.x86_64
--> Running transaction check
---> Package python-rpm-macros.noarch 0:3-13.el6 will be installed
--> Processing Dependency: python-srpm-macros for package: python-rpm-macros-3-13.el6.noarch
---> Package python3-rpm-macros.noarch 0:3-13.el6 will be installed
---> Package python34-libs.x86_64 0:3.4.8-1.el6 will be installed
---> Package python34-tkinter.x86_64 0:3.4.8-1.el6 will be installed
--> Processing Dependency: libtk8.5.so()(64bit) for package: python34-tkinter-3.4.8-1.el6.x86_64
--> Processing Dependency: libtcl8.5.so()(64bit) for package: python34-tkinter-3.4.8-1.el6.x86_64
--> Running transaction check
---> Package python-srpm-macros.noarch 0:3-13.el6 will be installed
---> Package tcl.x86_64 1:8.5.7-6.el6 will be installed
---> Package tk.x86_64 1:8.5.7-5.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
libffi-devel x86_64 3.0.5-3.2.el6 base 18 k
python34 x86_64 3.4.8-1.el6 epel 50 k
python34-devel x86_64 3.4.8-1.el6 epel 186 k
python34-tools x86_64 3.4.8-1.el6 epel 426 k
Installing for dependencies:
python-rpm-macros noarch 3-13.el6 epel 5.6 k
python-srpm-macros noarch 3-13.el6 epel 5.6 k
python3-rpm-macros noarch 3-13.el6 epel 5.1 k
python34-libs x86_64 3.4.8-1.el6 epel 8.4 M
python34-tkinter x86_64 3.4.8-1.el6 epel 336 k
tcl x86_64 1:8.5.7-6.el6 base 1.9 M
tk x86_64 1:8.5.7-5.el6 base 1.4 M
Transaction Summary
================================================================================
Install 11 Package(s)
Total download size: 13 M
Installed size: 40 M
Is this ok [y/N]: Exiting on user Command
Your transaction was saved, rerun it with:
yum load-transaction /tmp/yum_save_tx-2018-11-01-13-28R1KqtO.yumtx
Could not install OS dependencies. Aborting bootstrap!
Not sure what your OS is but it looks like CentOS, you can use the scl to install python 3.4 or any other version.
yum install centos-release-sclyum install rh-python34
https://www.softwarecollections.org/en/scls/?search=python&policy=&repo=...
Hmm… I ran the upgrade (I had to use EPEL repository). However,
python -Vstill points toPython 2.6.6@ Parapluie Hi, not sure how safe it is as I don't know your system, but if I was you I would check if you require the 2.6.6 version for anything if not remove it...
BTW, have you ticked the option Share SSL certificates between domains where possible? in Virtualmin, System settings, Virtualmin Configuration?
Yes:
This SSL certificate is already being used by : Webmin, Usermin, Dovecot (host codexrarebooks.com), Postfix, ProFTPDAfter that, this sentence appears:The buttons below will copy this domain's SSL certificate as the default for the chosen service. This will be used if no per-domain or per-IP certificate is configured.with no buttons after it. (Nothing after it, in fact.)It's a busy day, and I am still looking into the details of your previous comment. I just have to figure out what depends on Python 2.6.6
Thanks for your help. I'll let let you know what comes of the search.
Hmm certbot is a different way to ad letsencrypt than the one VM is using itself sofar i know!
Jfro, are you able to elaborate? I have used this in the past. However, now I am stuck. I would think that I should be able to remove the existing certificate (including using the extra manual steps as The Raven King suggests in the next comment), and then re-issue a new certificate for the domain (of course, with all four subdomains included in the certificate).
@parapluie I think it's a problem many of us face, as the documents are saying, you can only issues a SSL cert. on a Static IP and not a Shared IP. When trying things out I discovered when you delete a virtualserver the ssl keys are still in /etc/webmin folder and in /etc/webmin/miniserv.conf file. So it seems they are not deleted when you delete a virtual server with a ssl certificate, I had to clean up by hand to get it working normal again after me testing..... sadly i can't do more testing as i had my quota for the ssl certs.... :-) I suggest you peek and poke in same place as i did.
I dunno, TheRavenKing. I've torn the domain apart and put it back together. I'm no further along.
All I can say at this point is that I'm a bit disappointed. Virtualmin and Let's Encrypt seem like a perfect match. The similar price tag makes them a natural combination for cheap ba… er… people like me.
I would think that such a community and demand (both quite large, it seems) would have an easier solution worked out already; but it doesn't seem that way.
I'll sit tight with what I have for now, but I'll keep my eye out for a solution. If I do find one, I will make sure to post it here.
Thank you for your help on this. I appreciate that you could offer some useful guidance.
All the best.
I only know that things changed over the time and using parts and so on from before some updates ( i don't know whem started) things worked before.
But now you have to take special care doing all things 100% right in the new way. ( don't know you'have to remove old parts i'm newbie and startet with the VM6 with some early bugs.. ;) )
For everything Cert that failed after more then 10 months working. I checked all ipv4 ipv6 the extra external dns settings ( we use) some have to be put here extra autodiscover and so on , before there was no need for those. ( maybe some dns things changed at our place hmm)
Take care of redirects and so on.
BUT it should be possible to things working.
THE DOCS are OLD YEP. ( so for things with SNI IP, ipv4 ipv6 own IP's for domains, own certs for mail domain not pointing to host cert are all things to plan before you doing things. So i can't help here futher, support can do please give them al they need read forumrules all versions and log error file info's and config settings.
CERTBOT is old no supported way to have LE certs in virtualmin i expect! YOU DID that here https://www.virtualmin.com/comment/804608#comment-804608
AND ALL DNS should be done and known and set 100% right, before doing certs, so test with things as mxtoolbox and other dns tools
@Parapluie
you haven't told your OS, you haven't told me you where able to cleanup and instal as I suggested, so, the last resort is as follow.
https://www.sslforfree.com/create?domains=domain.com+*.domain.com
You must replace the domain.com with yours of course, then upload manually the certificates.
:-)
But to me seems you need to clean your system from unwanted software...
Okay, Thanks to you both for your help. I can't do it today, but I will include these ideas in my next steps.
It's CentOS 6, btw. You guessed it correctly in a previous comment.