Letsencrypt setup for Webmin certificate installation failing - but only on some servers

I am having an issue that I do not understand at all. I've started to set up Letsencrypt certificates in Webmin on my VPS servers. This is a little bit awkward due to the (understandable) way that Letsencrypt works. My VPS servers are all at some variation of servername.cloudmin.cruiskeenconsulting.com -- so I have started to set up an actual Virtualmin server on those machines that corresponds to the domain name, and then requesting a Letsencrypt certificate based on that directory.

This has worked fine on at least one server, but doesnt' seem to be working properly on thee servers with a slightly more complex setup. Some of our systems are running Varnish as a front-end proxy for all of the domains. So on those systems Varnish listens on port 80 and the backend Apache servers are configured to listen on 127.0.0.1 on port 8090 , and varnish calls them there. I can only believe that this is the difference on these servers that is causing an issue.

When I try to get a Letsencrypt certificate on those servers for Webmin, it appears that the cert is obtained successfully --- but then webmin does something really strange that I do not understand. The upshot is that rather than installing the keys in /etc/webmin l would expect, I end up with a cerset of symlinks in /etc/webmin -- letsencrypt-ca.pem, letsncrypt-cert.pem and letsencrypt-key.pem - all pointing to .../../archive/'hostname'/chain1.pem, etc.

So basically it is creating a set of symllinks pointing to the root directory on the server - and not copying the keys up there to a non-existing directory.

I could completely understand considering the situation any number of ways that requesting the key could fail - but it appears we GET the certificate and then completely mess up writing the keys into /etc/webmin --

Any clue as to what might be happening here would be really welcome.

Status: 
Closed (fixed)

Comments

i am not sure about this, but were you trying to get those certs outside of webmin/virtualmin and point your servers on the correct folders? I centralized my certificate and run the generation outside of Webmin/Virtualmin.letsencrypt checks with every call for new softwareversion and if so, it upgrades itself...

That is very odd - Webmin should be copying the cert files to /etc/webmin, not re-creating symlinks.

Oh wait, I see how this can happen. It will be fixed in the next release.

Status: Active ยป Fixed