Hiya, I searched around for something similar to this, but nothing matched, that I could find:
I had been setting up virtual servers with Let's Encrypt SSL certs recently and now they're starting to autorenew (set for 2 months). The first one failed to renew because it was saying the "mail.example.com" couldn't connect. In these virtual servers, I don't have any local email usage, so I often don't spend much effort setting it up at all (maybe bad idea, but I just ignore email, since it's being done via external servers like Gmail, etc.).
Looking at the Virtualmin > Server Configuration > Manage SSL Certificate settings for Let's Encrypt, I see that maybe during some update the mail.* domain is being added to the "Domains associated with this server" setting. These were definitely not there before when I set them up, so in my case, when the autorenew triggers, the process fails because I don't have mail.example.com set up correctly. I only wanted the initial "example.com www.example.com" domains that were automatically listed, for instance.
The email error Virtualmin sends has this message in the array, but I'll post the whole thing if you need it: "u'Could not connect to mail.example.com'" (obviously, "example.com" is not my real domain. :P ) I'd post more, but it's simply not set up in a valid DNS, so I'm sure had I set it up it would have worked. This just points out a problem to me, in that every virtual server needs to be set up with a manual list now, to avoid mail.* being used. (..or any other domains that may be automatically added via Virtualmin in the future, as I think on that.)
So... I'm changing all my setups to specify the exact domain list to request certs for, but I wondered if you'd consider this a bug in that extra domains are being added after the fact for virtual servers.
..hope that makes sense. Not sure it's a bug, but it also seems like it could cause trouble for other people in the same way it did for me.
Thanks!
Comments
Submitted by JamieCameron on Wed, 04/05/2017 - 18:05 Comment #1
This is a known bug / failure mode. It will be fixed in the next release, but until then you can work around it by entering just domain.com and www.domain.com on the form where you request a Let's Encrypt cert in Virtualmin.
Submitted by JamieCameron on Wed, 04/05/2017 - 18:05 Comment #2
Submitted by paulhoza on Wed, 04/05/2017 - 18:47 Comment #3
Thanks!
Submitted by IssueBot on Wed, 04/19/2017 - 18:56 Comment #4
Automatically closed - issue fixed for 2 weeks with no activity.