Menu

#5557 LetsEncrypt: Neither DNS zone or any of its sub-domains exist on this system

1.990
open
nobody
LETSENCRYPT (5)
5
2022-04-17
2022-04-16
Christopher Caruk
No

Hello,

I have been trying for some time to get LetsEncrypt working in Webmin.

certbot is working on my system (when run as root) using a cloudflare DNS configuration files. For example, this works fine:

sudo certbot certonly   --dns-cloudflare   --dns-cloudflare-credentials /home/administrator/.secrets/certbot/cloudflare.ini   -d host.mydomain.com

/etc/letsencrypt/cli.ini is configured as follows:

max-log-backups=0
email=christopher@caruk.eu
no-eff-email=true
agree-tos=true
dns-cloudflare-credentials=/home/administrator/.secrets/certbot/cloudflare.ini
eff-email=true
no-autorenew=false
dry-run=false
no-directory-hooks=true

The Certbot plugin (AcuGIS ES) seems to know that I have the Cloudflare DNS and Nginx plugins installed

Hostnames for certificate: host.mydomain.com * exists in DNS on Cloudflare * Website root directory for validation file: Use DNS domains for validation * Copy new key and certificate to Webmin?: Yes * ... * Let's Encrypt server: Real * ...

[Request Certificate]

Results in:

Requesting a new certificate for miniwork.clockworx.com, using DNS validation ..
.. request failed : Neither DNS zone or any of its sub-domains exist on this system

The hostname for the system is set to: host.mydomain.com

Perhaps I need to do something to tell Webmin to use ?

It seems like Webmin cannot verify that : host.mydomain.com exists but I can ping it from the command line?

Any thoughts on what might be misconfigured?

Many Thanks
Chris

Discussion

  • Jamie Cameron

    Jamie Cameron - 2022-04-16

    Unfortunately, Webmin's DNS-based Let's Encrypt validation doesn't support external DNS providers like Cloudflare.

     

  • Christopher Caruk

    Christopher Caruk - 2022-04-17

    Hi Jamie,

    Understood. Thanks.

    Thanks a shame. To authenticate over http means that i have to open a port on all my servers to the outside world.

    I suppost I could use certbot alone and the put the cert that it generates where webmin needs to find it but would be nice to handle this inside webmin. Is there any chance that external DNS providers will ever be supported?

    Regards
    Chris

     

  • Jamie Cameron

    Jamie Cameron - 2022-04-17

    The only way we can support this currently is if you also have Virtualmin installed, which can manage DNS zones hosted on Cloudflare (and other similar DNS providers).

     

Log in to post a comment.