Submitted by hescominsoon on Thu, 02/25/2016 - 09:21 Pro Licensee
How do i enable let's encrypt for not only new domains but existing domains?
Status:
Closed (fixed)
Web Hosting and Cloud Computing Control Panels
Comments
Submitted by andreychek on Thu, 02/25/2016 - 09:55 Comment #1
Howdy -- you should be able to use Let's Encrypt on an existing Virtual Server by going into Server Configuration -> Manage SSL Certificates -> Let's Encrypt.
Let us know if you run into a problem doing that though!
Submitted by hescominsoon on Wed, 03/09/2016 - 11:29 Pro Licensee Comment #2
letsencrypt client is not installed on centos 7. I figured virtualmin would have included this? If not are there intentions to include it?
Submitted by andreychek on Wed, 03/09/2016 - 11:32 Comment #3
It's currently necessary to install the Let's Encrypt command line client in order to use their SSL certificates.
We're working on built-in support that's not dependent on that client though, that will be available in an upcoming Virtualmin version.
Submitted by rinobilla on Wed, 03/09/2016 - 11:43 Comment #4
It works fine, but only on main domain. If I try to obtain a certificate for a subdomain I get this response:
Checking for new version... Requesting root privileges to run letsencrypt... /root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot -d gestione.societaoperaia.it --webroot-path /home/societao/domains/gestione.societaoperaia.it/public_html --duplicate --config /tmp/.webmin/551226_7214_1_letsencrypt.cgi Failed authorization procedure. gestione.societaoperaia.it (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gestione.societaoperaia.it/.well-known/acme-challenge/Y1MZReDr2ug... [149.202.103.2]: 401 IMPORTANT NOTES: - The following errors were reported by the server:
Domain: gestione.societaoperaia.it Type: unauthorized Detail: Invalid response from http://gestione.societaoperaia.it /.well-known/acme-challenge/Y1MZReDr2ugb- qqy18OtgqZ6Z_o1-2SZmVSjG8lO608 [149.202.103.2]: 401
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
Submitted by andreychek on Wed, 03/09/2016 - 11:48 Comment #5
rinobilla, that appears to be a different issue than the one mentioned in the original request here.
We'd be happy to go over that with you, but could you create a new request for that? Then we can discuss the details of the problem there. Thanks!
Submitted by hescominsoon on Wed, 03/09/2016 - 11:55 Pro Licensee Comment #6
ick that means i ahve to enable three repos..upgrade to perl and other things. that can get dicey with virtualmin.
Submitted by andreychek on Wed, 03/09/2016 - 12:07 Comment #7
If you aren't comfortable installing the Let's Encrypt client, my suggestion would be to hold off on using that functionality until we release the built-in Let's Encrypt functionality in the near-future.
I don't have an ETA on that, but it won't be too long.
Submitted by hescominsoon on Wed, 03/09/2016 - 13:26 Pro Licensee Comment #8
i will wait..i figured you folks were working on it..i'd rather wait..:)
Submitted by JamieCameron on Wed, 03/09/2016 - 21:22 Comment #9
FYI, Webmin version 1.791 includes built-in Let's Encrypt functionality.
Submitted by hescominsoon on Mon, 03/14/2016 - 12:48 Pro Licensee Comment #10
it is working fine here..:)
Fine here as well, well done team.
I had been using the Lets Encrypt tab to grab certs for a couple of our sites just to test it out and it had been working ok. I just upgraded to the latest Virtualmin and now I'm getting the following error when attempting to update certificates...
mkdir failed : mkdir: cannot create directory `/home/[any domain]/public_html/.well-known/acme-challenge': Permission deniedI had a look in the public_html folder and 'well-known' already exists and is owned by root:root rather than the virtual server owner. Is the existence of this folder checked before the mkdir command is issued? Permissions on the folder are 0755. Not sure if this is a problem or not? Any ideas?I deleted the .well-known folder for one virtual server and tried the update again. This time it worked. I'd be interested to know if anyone else has trouble once they attempt to update a certificate for a domain that already has acquired one using the Virtualmin Lets Encrypt service.
Submitted by JamieCameron on Mon, 03/14/2016 - 22:19 Comment #14
This is probably because in older Webmin releases the
.well-knowndirectory was created byroot, but in the latest version it is created by the domain owner.I tried a couple more times on a test domain and the
.well-knownfolder is created by and assigned to the domain owner. I'll clean up any other 'root' owned.well-knownfolders in other domains and I should be right :)I believe the initial issue here has been corrected by the new built-in Let's Encrypt client, so I'm closing this issue. If Let's Encrypt problems persist with the latest Webmin/Virtualmin version, please open a new ticket, as it will be a different problem from the one covered by this ticket.
Submitted by bradshaw17 on Thu, 09/20/2018 - 08:42 Comment #18
.. request failed : Web-based validation failed : mkdir failed : mkdir: cannot create directory '/home/testsite/public_html/.well-known': Disk quota exceeded DNS-based validation failed : Failed to request certificate : challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.
This is the error I am receiving when trying to request cert for domain on webmin/virtualmin. Any insight into this will be greatly appreciated.
Thanks,
Submitted by andreychek on Thu, 09/20/2018 - 09:22 Comment #19
The error you're seeing suggests that this particular domain is over-quota... I'd suggest ensuring that the domain has plenty of disk space available.
It appears that you're using Virtualmin GPL there though, and it doesn't appear that you're experiencing a bug. It's no problem to get support, but you'd want to use the Forums for asking questions and troubleshooting. We monitor the Forums, along with lots of wonderful folks in the community. Thanks!