Let's Encrypt Wildcard certificate guide.

3 posts / 0 new
Last post
#1 Fri, 09/27/2019 - 05:54
ameeno

Let's Encrypt Wildcard certificate guide.

Hello, Is there a guide for generating a wildcard Let's encrypt certificate with webmin/virtualmin somewhere?

I am trying to figure it out (Ubuntu 1804)

I have installed certbot via apt-get.

However I receive an error about DNS / domain not being in zone when i am trying to do it on webmin

my public IP address router portforwards all external trafic to port53 tcp/ubp to my webmin server.

Curiously, it seems a new feature with Bind9 is slave zones not appearing on the bind dns list.

so i receive an error:

Requesting a certificate for xxx.co.uk, *.xxx.co.uk, xxx.uk, *.xxx.uk from Let's Encrypt .. .. request failed : Web-based validation failed : Wildcard hostname *.xxx.uk can only be validated in DNS mode DNS-based validation failed : Neither DNS zone xxx.co.uk or any of its sub-domains exist on this system

this is quite odd isnt it?

Is there a guide somewherre?

Fri, 09/27/2019 - 06:12
Jfro

Why you didn't use the LETSENCRYPT part from virtualmin/webmin itself? GUI

I think using certbot to could have some collisions with buildin parts. ?

I don't know your OS (self using only centos) and also not using wildcard LE.

So can't help but first try out of the box for the domains itself without wildcard options, is this working then?

Fri, 09/27/2019 - 11:05
ameeno

Hiya,

Well i tried from the cli and also from the gui,

none of that worked (for wildcards)

and i noticed bind was doing something strange.

and it seems quite common, as i have 4 different virtualmingp installs on different vps's i have been working on over the last few days, all fresh installs with 1804.

anway it appears that Bind9 does not initially pick up the zones created in named.local.conf files.

I manually (Using bind9 gui) created a masterzone called test.com with my email address, and BAM all the bind dns master zones appeared.

This was checked accross several servers.

seems a bug in bind9 detecting virtualmin created zones initually!!

second bug: the certbot in ubuntu lts is out of date and cannot make wildcard certs,

Fix:

add the certbot ppa and upgrade to latest (certbot.org has a good guide)

bug 3, dns based validation can ONLY work if your virtualmin install IS your authoritive nameserver for the domain.

i have no clue why that has to be the case, but nevermind.

I have a dynamic updater on dyndns + duckdns + mikrotik homedns, so basically pointed my main domain and all my other domains from my registaers to my dynamic dns (telling the world this is the name server)

it seems to be working now.