Hello guys, i’ve a question, i’ve noticed that my ssl certificate are expired, how can i update all with virtualmin?
if i go to the menu and click on renew i get an error
@justoverclock should be resolved now
As a side note, this renewal won’t show in Virtualmin unless it is requested from there. This is done from the command line, so
certbot --nginx and follow the prompts@justoverclock Hi, and happy new year !
If you go to Virtualmin->Server Configuration->SSL Certificate->Let’s Encrypt, what values do you see in the below ?
@phenomlab happy new year to you also!
@justoverclock Ok, that’s because you have no wildcard DNS record, and it’s attempting to renew for domains you don’t have listed in DNS.
Select the second option, and enter justoverclock.it and proceed that way.
Note, that there is a rate-limit set to 10 per hour, so if you exceed this, you’ll need to wait for a while then try again. In this case, you’d see this message
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
@phenomlab oh, i need to request new certificate or renew?
@justoverclock Try to renew it. If that doesn’t work, then request a new one
@phenomlab nothing happen
Ultimo rinnovo fallito 01/11/2022 1:09:26 PM
Rinnovo fallito a causa di Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
@justoverclock And if you try to request a new one ?
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
so i need to wait hour? month? 
@justoverclock Yep, that’s the rate-limit message. Try again in an hour.
@phenomlab after one hour or more:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for justoverclock.it
dns-01 challenge for justoverclock.it
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Waiting for verification...
Challenge failed for domain justoverclock.it
Challenge failed for domain justoverclock.it
dns-01 challenge for justoverclock.it
dns-01 challenge for justoverclock.it
Cleaning up challenges
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: justoverclock.it
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.justoverclock.it - check that a DNS record exists
for this domain
Domain: justoverclock.it
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.justoverclock.it - check that a DNS record exists
for this domain
@justoverclock Seems your _acme-challenge DNS record is missing ?
@phenomlab didn’t touch anything from your last visit 
@justoverclock Very odd. Let me have a look at another way
@justoverclock I have installed the --nginx version of certbot on your server as per
https://sudonix.com/post/689
It’s showing that the renewal will work, but the rate-limit is currently still enforced, so we still need to wait.
Performing the following challenges:
http-01 challenge for justoverclock.it
http-01 challenge for www.justoverclock.it
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/justoverclock.it/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/admin.justoverclock.it/fullchain.pem (success)
/etc/letsencrypt/live/forum.justoverclock.it/fullchain.pem (success)
/etc/letsencrypt/live/justoverclock.it/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
root@justoverclock:/home/justoverclock#
@justoverclock should be resolved now
As a side note, this renewal won’t show in Virtualmin unless it is requested from there. This is done from the command line, so
certbot --nginx and follow the prompts
undefined phenomlab has marked this topic as solved on
@phenomlab so this is the command that i need to use everytime my certificate expire? thank you, precious as always
@justoverclock Not necessarily. You only need to use this if it fails from the Virtualmin window
