@Madchatthew is this self hosted, or a VPS?
SSl expired on virtualmin
-
Hello guys, i’ve a question, i’ve noticed that my ssl certificate are expired, how can i update all with virtualmin?
if i go to the menu and click on renew i get an error
-
@justoverclock should be resolved now
As a side note, this renewal won’t show in Virtualmin unless it is requested from there. This is done from the command line, so
- SSH into the server
- Change to root
- Execute
certbot --nginx
and follow the prompts
-
@justoverclock Hi, and happy new year !
If you go to Virtualmin->Server Configuration->SSL Certificate->Let’s Encrypt, what values do you see in the below ?
-
@phenomlab happy new year to you also!
-
@justoverclock Ok, that’s because you have no wildcard DNS record, and it’s attempting to renew for domains you don’t have listed in DNS.
Select the second option, and enter
justoverclock.it
and proceed that way.Note, that there is a rate-limit set to 10 per hour, so if you exceed this, you’ll need to wait for a while then try again. In this case, you’d see this message
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate An unexpected error occurred: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details.
-
@phenomlab oh, i need to request new certificate or renew?
-
@justoverclock Try to renew it. If that doesn’t work, then request a new one
-
@phenomlab nothing happen
Ultimo rinnovo fallito 01/11/2022 1:09:26 PM
Rinnovo fallito a causa di Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log -
@justoverclock And if you try to request a new one ?
-
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.so i need to wait hour? month?
-
@justoverclock Yep, that’s the rate-limit message. Try again in an hour.
-
@phenomlab after one hour or more:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Renewing an existing certificate Performing the following challenges: dns-01 challenge for justoverclock.it dns-01 challenge for justoverclock.it Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl Waiting for verification... Challenge failed for domain justoverclock.it Challenge failed for domain justoverclock.it dns-01 challenge for justoverclock.it dns-01 challenge for justoverclock.it Cleaning up challenges Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: justoverclock.it Type: dns Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.justoverclock.it - check that a DNS record exists for this domain Domain: justoverclock.it Type: dns Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.justoverclock.it - check that a DNS record exists for this domain
-
@justoverclock Seems your
_acme-challenge
DNS record is missing ? -
@phenomlab didn’t touch anything from your last visit
-
@justoverclock Very odd. Let me have a look at another way
-
@justoverclock I have installed the
--nginx
version ofcertbot
on your server as per
https://sudonix.com/post/689It’s showing that the renewal will work, but the rate-limit is currently still enforced, so we still need to wait.
Performing the following challenges: http-01 challenge for justoverclock.it http-01 challenge for www.justoverclock.it Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of nginx server; fullchain is /etc/letsencrypt/live/justoverclock.it/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.) Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/admin.justoverclock.it/fullchain.pem (success) /etc/letsencrypt/live/forum.justoverclock.it/fullchain.pem (success) /etc/letsencrypt/live/justoverclock.it/fullchain.pem (success) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. root@justoverclock:/home/justoverclock#
-
@justoverclock should be resolved now
As a side note, this renewal won’t show in Virtualmin unless it is requested from there. This is done from the command line, so
- SSH into the server
- Change to root
- Execute
certbot --nginx
and follow the prompts
-
-
@phenomlab so this is the command that i need to use everytime my certificate expire? thank you, precious as always
-
@justoverclock Not necessarily. You only need to use this if it fails from the Virtualmin window
Did this solution help you?
Related Topics
-
-
-
SSL certificates
Solved Configure -
-
-
-
-