Submitted by John.cosolito on Thu, 10/12/2017 - 13:26
I am doing a fresh install of Virtualmin Pro and need a little help with the configuration.
I am using a DDNS service and my ISP blocks mail. I have hosted mail for my domain with NOIP.COM How should I configure Virtualmin regarding built in mail integration? Or do I just turn off all email functions and how.
Status:
Active
Comments
Submitted by andreychek on Thu, 10/12/2017 - 14:15 Comment #1
Howdy -- thanks for contacting us!
If your ISP doesn't allow email, what you may want to do is configure Virtualmin not to use the email functionality.
You can do that by going into system Settings -> Features and Plugins, and there, you can disable the "Mail for Domain" feature. You may also need to disable Spam Filtering and Virus Filtering as well, since they rely on email.
If you have a third party out there that receives email for your domain, you could always setup a DNS MX record that sends your email to that third party.
Submitted by John.cosolito on Thu, 10/12/2017 - 15:27 Comment #2
Thank you for the quick response.
They supply the MX records for the domain.
One more thing, when I was using the free version I had some difficulty when creating a VHost having it generate the www can this be automatically created? How is it setup, it is need for letsencrypt
Submitted by andreychek on Thu, 10/12/2017 - 22:06 Comment #3
Virtualmin should create a DNS record for both example.com and www.example.com (amongst others).
If you're finding that this isn't the case for you, let us know and we'd be happy to dig deeper into what's going on there.
Submitted by John.cosolito on Fri, 10/13/2017 - 12:37 Comment #4
Bind9 was not started worked fine after turning service on.
Submitted by John.cosolito on Fri, 10/13/2017 - 12:41 Comment #5
I am having an issue with SSL Certificates. I think it has to do with the server configuraton. I was able to request a certifice from letsencrypt from the virtual server iqutopia.com /home/iqutopia ssl.cert ssl.combined ssl.key
From a browser you will get the personally signed key from virtualmin. Letsencrypt fails when requesting from from Server Configuration/Manage SSL when logged in as root. I think this is either because I am sharing the same ip number on Virtualmin Host and Virtual Server or that my local FDNQ example.com.
Server/Network config:
noip.com ddns service: port forwarding 80 443 10000 on 192.168.1.200 A = iqutopia.com MX = mx.noip.com A = www.iqutopia.com MX = mx.noip.com Ubuntu 16.04.3 server: example.com - 192.168.1.200 virtualmin Virtual Host = iqutopia.com
I am not sure what to do because with DDNS I can only forward any given port once.
Submitted by John.cosolito on Fri, 10/13/2017 - 13:16 Comment #6
I am wondering since I can use a range of IP Numbers instead of sharing the IP address of the Host should I create a new IP number for each VHOST and open the ports something like this:
HOST: 192.168.1.200 HTTP port 80 HTTPS port 443
VHOST1: 192.168.1.201 HTTP port 18080 HTTPS port 18443
VHOST2: 192.168.1.202 HTTP port 18081 HTTPS port 18444
VHOST3: 192.168.1.203 HTTP port 18082 HTTPS port 18445
etc....
Submitted by andreychek on Fri, 10/13/2017 - 13:22 Comment #7
In your situation, you'd probably only be able to use one IP address on your server... however, it's no problem to have multiple SSL certificates on one IP address.
If you forward ports 80 and 443 from your router onto your server, you could use your single public IP address for all your domains.
You'd then just use one internal IP address on your server.
Note that you'd need to be able to access the website using "http://domain.com" before you'd be able to request an SSL certificate. As part of the SSL authorization process, Let's Encrypt requires that the website be accessible.
If you're having trouble, that might be a place to look -- to ensure that the website is working.
If it is, and you're still unable to get an SSL certificate, can you share the full output you receive when requesting a certificate? We can use that to determine what's going on there. Thanks!
Submitted by John.cosolito on Fri, 10/13/2017 - 16:12 Comment #8
This is the error when trying to request a certificate:
Requesting a certificate for iqutopia.com, www.iqutopia.com from Let's Encrypt .. .. request failed : Web-based validation failed : Failed to request certificate : Parsing account key... Parsing CSR... Registering account... Already registered! Verifying www.iqutopia.com... Traceback (most recent call last): File "/usr/share/webmin/webmin/acme_tiny.py", line 235, in main(sys.argv[1:]) File "/usr/share/webmin/webmin/acme_tiny.py", line 231, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca) File "/usr/share/webmin/webmin/acme_tiny.py", line 184, in get_crt domain, challenge_status)) ValueError: www.iqutopia.com challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'68.199.251.169'], u'url': u'http://www.iqutopia.com/.well-known/acme-challenge/iFSxMfFlIs7dEqEZW4Ezl...', u'hostname': u'www.iqutopia.com', u'addressesTried': [], u'addressUsed': u'68.199.251.169', u'port': u'80'}], u'keyAuthorization': u'iFSxMfFlIs7dEqEZW4EzlZ3mZP7eH0DQ1yc1pjAIZGY.DUOmNr9bgt6o8RxgyP30BfCztzNAkDaVYDtorRzzaR0', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/o9TOC5Br7i0lTZEBsRa3...', u'token': u'iFSxMfFlIs7dEqEZW4EzlZ3mZP7eH0DQ1yc1pjAIZGY', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'Fetching http://www.iqutopia.com/.well-known/acme-challenge/iFSxMfFlIs7dEqEZW4Ezl... Timeout'}, u'type': u'http-01'} DNS-based validation failed : Failed to request certificate : Parsing account key... Parsing CSR... Registering account... Already registered! Verifying www.iqutopia.com... Undefined subroutine &main::get_bind_zone_for_domain called at /usr/share/webmin/webmin/letsencrypt-dns.pl line 21. Traceback (most recent call last): File "/usr/share/webmin/webmin/acme_tiny.py", line 235, in main(sys.argv[1:]) File "/usr/share/webmin/webmin/acme_tiny.py", line 231, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca) File "/usr/share/webmin/webmin/acme_tiny.py", line 184, in get_crt domain, challenge_status)) ValueError: www.iqutopia.com challenge did not pass: {u'status': u'invalid', u'keyAuthorization': u'-WjlKSn3uaYUQkhbK4EJnLr3_sGjkTs4YzgPNzvFRiM.DUOmNr9bgt6o8RxgyP30BfCztzNAkDaVYDtorRzzaR0', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/T5K8ko9yX-gR4rbc7T_t...', u'token': u'-WjlKSn3uaYUQkhbK4EJnLr3_sGjkTs4YzgPNzvFRiM', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.iqutopia.com'}, u'type': u'dns-01'} Return to virtual server details
Submitted by andreychek on Fri, 10/13/2017 - 23:24 Comment #9
Is the website you're trying to get SSL for this one here:
http://www.iqutopia.com/
If so, I can't seem to access that using standard HTTP either, so that'd be the first thing to setup.
It times out when I attempt to access it.
Is 68.199.251.169 the correct IP address? That's the IP address I get when doing a DNS lookup on that domain.
If that's the correct IP, you'd want to ensure that there isn't a firewall blocking requests, and that the port forwarding is indeed setup.
Note that I can access port 10000, but not port 80.