how to configure DNS records virtualmin?

Hari

hello sir, i have installed Virtualmin on a new digital ocean droplet as far i know everything is working fine but i could not point server to my subdomain

here are my CF settings

i am not sure what i am missing. i have sent my Virtualmin DNS records over PM please tell me how to configure them correctly

Hari

i think we can mark this discussion as solved

• learned how to install virtualmin with NGINX
• We can easily point the DNS by mentioning server IP at CF a name record
• learned how to install SSL

phenomlab

@hari have you set the subdomain or root domain yet in VirtualMin? You shouldn’t rely on DNS in VirtualMin as this has no bearing apart from which route to take internally as soon as the traffic arrives at the server itself.

DNS zones on the VirtualMin server are automatically populated and you shouldn’t need to do anything there.

I get this when attempting to access the link you sent in PM

Hari

@phenomlab said in how to configure DNS records virtualmin?:

have you set the subdomain or root domain yet in VirtualMin?

i have used subdomain

just now i have tried to install the certificate for the subdomain following this but let’s encrypt is not give the certificate

https://www.ssldragon.com/blog/install-an-ssl-certificate-on-virtualmin/

in log it looks like i have not configured the DNS correctly

Domain: ask3.domain.com
  Type:   unauthorized
  Detail: Invalid response from
  https://ask3.domain.com/.well-known/acme-challenge/WCSL3V7RqeaQd41WBlLDBPK19uaY0ODLDTtRWJqSU68
  [2606:4700:e4::ac40:a90f]: "<!DOCTYPE html>\n<!--[if lt IE 7]>
  <html class=\"no-js ie6 oldie\" lang=\"en-US\">
  <![endif]-->\n<!--[if IE 7]>    <html class=\"no-js "

but i have added A name record for ask3 pointing my server IP

should i get a certificate for my server using server IP?

phenomlab

@hari no, that won’t work. The entire point of a certificate is that it is assigned to a hostname. Can you provide (information redacted) screenshots of your you have the root domain and subdomain configured in VirtualMin ?

Or, I can check directly if you provide login details via PM.

Hari

@phenomlab Hi sir, I’ve got 2nd dose vaccination and I’m suffering from fever and stomach pain. I will go through this after a week

phenomlab

@hari ok

phenomlab

@hari Just checking in - you feeling better now ?

Hari

@phenomlab thanks for asking, I got recovered after five days and later I was busy with fixing roof. I’ve turned off email notifications and didn’t checked this thread for the last two weeks.

phenomlab

@Hari no issues at all. Fixing the roof sounds like fun

Hari

today i have bought a new droplet, deleted the old one to avoid extra billing.

i have added A name record at CF for ask8.domain.com and trying to get lets encrypt certificate and getting this error

Requesting a certificate for ask8.domain.com, *.ask8.domain.com from Let’s Encrypt …
… request failed : Web-based validation failed : Wildcard hostname *.ask8.domain.com can only be validated in DNS mode DNS-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for ask8.domain.com
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Waiting for verification...
Challenge failed for domain ask8.domain.com
dns-01 challenge for ask8.domain.com
Cleaning up challenges
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:
 
   Domain: ask8.domain.com
   Type:   unauthorized
   Detail: No TXT record found at
   _acme-challenge.ask8.domain.com
 
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

do i need to add any c name record at CF for this?

_acme-challenge.ask8.domain.com

phenomlab

@Hari Not typically. You’ll get this error if you also request a wildcard. Try it by itself, without the wildcard.

If you really want to use a wildcard, you’ll need a DNS record identified as * pointing to the IP address of your server.

Hari

@phenomlab got it, now i got the certificate, how can i enable HSTS at virtual min for ask8 virtual server

phenomlab

@Hari Apache or NGINX ?

Hari

@phenomlab NGINX i guess

phenomlab

@Hari Try this in your nginx.conf file

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

Hari

@phenomlab i think i missed this step, how can i make sure i am using NGINX

my current settings for ask8

ask8 is not opening because i have opted for HSTS i want an origin server certificate

phenomlab

@Hari How did you install Virtualmin on that droplet ? If you used the default commands, it is using Apache.

Hari

@phenomlab i followed this video, now i went forward with apache and enabled SSL at virtual min and ask8 is loading

from our conversation i have learned how to create SSL and apply for our server (sub-domain) at Virtualmin.

Virtualmin is so nice it has built-in SSH easy to access.

now i am taking backup of live flarum for ask. virtualserver

after uploading DB and files i will disturb if i face any issues.

next, i should set up Redis …etc and need to change ask server to NGINX

now deleting ask8 which is created to learn SSL

phenomlab

@Hari Ok, no issues. I tend to prefer NGINX over Apache2 myself.

See below

https://www.virtualmin.com/documentation/installation/automated/#LAMP_vs_LEMP

Essentially, you need to suffix the install script with --bundle LEMP

Hari

@phenomlab yeah, i missed that

i think migrating from apache to NGNIX is a bit complicated i will destroy this droplet and do the installation again.

tried this, after running apt-get install nginx

i thought this will get complicated

https://www.digitalocean.com/community/tutorials/how-to-migrate-from-an-apache-web-server-to-nginx-on-an-ubuntu-vps