Search code examples
vpslets-encryptubuntu-20.04webminvirtualmin

Hostinger VPS Webmin/Virtualmin SSL Issue

I have recently purchased VPS service from hostinger and installed Ubuntu 20.04 on it along with Webmin/Virtualmin. This is via their installation panel (Not custom install).

I am trying to use it as a basic-level web server except for email service. Everything works great except SSL. Virtaulmin provides Let'sEncrypt SSL service and I am facing issues installing it.

I have followed articles provided by hostinger itself and other sources but none seems to work.

A (IPv4) and AAAA (IPv6) records are properly set in DNS settings but still getting DNS errors. Here is the error log.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mahadev.profilehub.net
http-01 challenge for www.mahadev.profilehub.net
Using the webroot path /home/mahadev/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.mahadev.profilehub.net (http-01): 
urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for 
www.mahadev.profilehub.net - check that a DNS record exists for this domain; DNS problem: 
NXDOMAIN looking up AAAA for www.mahadev.profilehub.net - check that a DNS record exists 
for this domain, mahadev.profilehub.net (http-01): 
urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 
2a02:4780:d:54d::1: Invalid response from http://mahadev.profilehub.net/.well- 
known/acme-challenge/sjwBTF8dcOh8_A0SMETGM9e24IbjVPpSH0Px4yTACQY: 404
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: mahadev.profilehub.net
Type:   unauthorized
Detail: 2a02:4780:d:54d::1: Invalid response from
http://mahadev.profilehub.net/.wellknown/acmechallenge/sjwBTF8dcOh8_A0SMETGM9e24IbjVPpSH0Px4yTACQY:404

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
- The following errors were reported by the server:

Domain: www.mahadev.profilehub.net
Type:   None
Detail: DNS problem: NXDOMAIN looking up A for www.mahadev.profilehub.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.mahadev.profilehub.net - check that a DNS record exists for this domain

Although error log shows that DNS records are not present, I can assure that DNS records are properly set.

Let me know if there's any solution to this.

Solution

  • Solved it.

    Looks like AAAA or CNAME record doesn't matter in this case.

    Webmin/Virtulamin have a section of DNS records. These records must be correct for Lets Encrypt to work.

    These are the settings with which this is working.

    1. In DNS Options, IPv4 and IPv6 must be perfect.
    2. In DNS Options, the TLSA option must be enabled.
    3. In DNS records, remove NS if you are not using VPSs NS.
    4. In DNS records, keep A and AAAA records for both domain.name and www.domain.name correctly.
    5. While issuing the certificate, use a custom name and fetch SSL only for domain.name (Do not fetch for www)
    6. Keep only A record in your domain DNS (On Domain provider DNS settings)

    Before doing this, make sure your DNS records are properly propagated.