Configure Wildcard Certificate using LetsEncrypt and ACME

OS type and version Ubuntu Linux 22.04.4
Virtualmin version 7.10.0
DNS Provider Linode

I have successfully installed letsencrypt certificates using certbot for my domain and a few subdomains. These are all working fine.
Now I want to obtain certificate for wildcard subdomain domain, so that any subdomain i use, e.g will work

I have followed this help here

but I’ve not done the last step which is
./ --issue --dns dns_linode_v4 -d -d * --dnssleep 900

What I am in doubt about now is this:

  1. Do I have to delete the existing certificates which was done for the subdomains earlier since I am generating a wildcard subdomain certificate?
  2. If yes, how?
  3. If yes also, do I perform number 1 here first before running that acme command above or run it before deleting existing certificate
  4. After obtaining the certificate, will I replace what is currently being used in the SSL interface on virtualmin ?

I am a newbie, so alot of things are still confusing.
Please don’t get tired of me

Just use webmin to manage your dns rather than your registrar’s dns. This does get the wildcard cert issued, but why do you need a wildcard cert that is the question

Using Webmin/Virtualmin, I have not been able to get Letencyrpt to issue widlcard certs… It keeps giving me one error or the other.
I only managed to get success when I do it via terminal.

I need wildcard cert because I have built a ternary application whereby each user has a subdomain, e.g
Now I want to provision ssl for such subdomains, cos they are creating dynamically by the users

If that’s the case research bind, as your nameservers need to be on a webmin instance I use two independent webmin servers and cluster them however @stefan1959 has better luck than I do using a single dns server. When you use certbot you have to add a record to dns before the cert is issued, webmin can do this automatically but in order to do that webmin must manage the dns records

So, how do I go about this wildcard certificate using certbot, and or , considering that I have used certbot to provision for the main domain and some subdomains already

You don’t need a wild card for that. Every virtual server you create will have it’s own SSL Cert upon creation including any sub-server.

Just make sure before you create a sub-server that you have an A Record, including AAAA if needed setup for it in your DNS Server first. This way things go smoothly…

You shouldn’t have to do that, perhaps this was a result of your DNS entries not set correctly the first time. Now you are familiar with your DNS provider and all records are setup accordingly and you have DNS feature turned off on your Virtualmin server then all should work within Virtualmin when creating an Let’s Encrypt Cert.

the new subdomains are not new virtual servers.
Let’s assume you have a domain,
and you have dns records like, etc
You have created SSL for, and

Now in your application, when your users signup, they get a subdomain url. Meaning that cyberndt signs up, and gets, because I have configured a CNAME record to allow *

So how do I provision SSL for any of these additional subdomain created

I see, and I understand… You would have to read up on what commands to use for I believe would be the one to use.
You need to run a command that would give you TXT entries to put into your DNS records, so they can validate it is your Domain, that is the only way they will issue you a wildcard…

that was advice I accepted.

They are not needed. When you add a sub domain in Virtualmin it will make the appropriate request for that sub-domain and it will usually succeed.

Yes this is the obvious way to do it… Unfortunately this is not the case as @reigningking has stated…

No way for this to work in Virtualmin UNLESS they are hosting their own DNS on BIND with Virtualmin…

What other people do with their servers is really not my business… Just here to help them move along…

When I was using Cloudflare, I didn’t even have this issue at all. I just add the CNAME record to allow wildcard *
But now that I am no longer using Cloudflare, I want to be able to allow any subdomain to have SSL enabled. I just need https on the browser that’s all.
I believe there is a solution for this on Ubuntu, maybe not on virtualmin.
Please correct me if I am wrong

Only solution I can think of is my last reply to you:

Plenty of knowledge on the web, just search how to create a wildcard with

As stated a few times now you need to have virtualmin/webmin manage your dns, everything will work if you do that. If your not comfortable about changing dns to virtualmin/webmin just run certbot manually to request the certificate, insert the code that certbot gives you into a dns txt record then press continue within the certbot program. You will have to remember to manually renew the cert also. I seem to remember a few posts ago you had already done that

yes I got this. but will I have to remove the previous certificates on the existing subdomains before issuing the wildcard certificates which will cover all subdomains ?

Sorry yes, after seeing how you have your server set up. You will need to remove the other cert. before adding the wildcard.

Just request a wildcard certificate via virtualmin, it will overwrite the previous certificate, this assumes virtualmin/webmin is managing the dns

If you guys want to help @reigningking out with setting up their own DNS server on Virtualmin that would probably be the best route…

I haven’t done this in over a decade so I’m not good in this department…

I have, but that said it works optimum if you have 2 webmin servers clustered, i don’t mind being the second dns server. I have a dev server running which could do that, but as @stefan1959 has pointed out you can do it with one server

Oh no! not me… I would at least have to be running 2 separate DNS servers if I was going to do it…
Not only that, I have well over 180 some odd records on one domain alone that runs host names for our email servers. With both ipv4 and ipv6 entries… It would be a nightmare to have that run ground on only one DNS server…

1 Like