I would never consider a single dns server but it seems to work for some
First up: You almost certainly should not use wildcard certs. They have security implications and are more difficult to validate. There is no reason to use them, you can get as many certs as you need for all the domains and subdomains youâll be using, no reason to use wildcards in the vast majority of cases.
Second: You decided in your DNS propagation thread to not host DNS on the Virtualmin server. So, Virtualmin cannot request wildcard certificates for you, because it requires DNS validation to get a wildcard cert from Letâs Encrypt (thatâs the only way to prove you own the zone and not just one name in the zone).
You can have Virtualmin create a certificate for every subdomain, assuming Virtualmin is managing every subdomain. If it is merely an alias and youâre application decides what to serve based on the name, that can still work in Virtualmin without DNS validationâŠjust add all the aliases to the certificate for the domain. A regular (non-wildcard) certificate can have a bunch of names associated with it, and Virtualmin will offer to do that for Aliases, and it should work fine assuming you have DNS working correctly for all those names.
If you must use a wildcard, just use the certbot standalone mode, in interactive mode. I donât know what that script could do to make that workflow easier.
A CNAME has nothing to do with a certificate.
If Cloudflare was managing your DNS, you would have been able to get a wildcard certificate through them (they also offer certificates), probably automatically.
Likewise, if Virtualmin is managing your DNS, you can request wildcard certs through Virtualmin. But, weâve established Virtualmin is not managing your DNS, so you need to use a manual process to request a wildcard certificat.
You can do that. Itâs not hard. But, itâs a little less automatic than if Virtualmin is managing your DNS (again, a wildcard requires a DNS record for validation). The standard certbot can use various APIs, as well, to mostly automate it: User Guide â Certbot 2.12.0.dev0 documentation
Otherwise, youâd need to use certbot in standalone mode and manually add a TXT record with the validation information when that information is provided to you by certbot.
Iâm looking for a wildcard domain to use with a reverse proxy and a few other things. I understand itâs less secure. Trouble is, Iâm getting an error when I request it. Virtualmin is managing the dns locally. Should it all be automatic, or do I need to set it all up myself?
Make a new topic for new issues, and please donât just say âit doesnât workâ or âI got an errorâ. We need to know the exact error, we canât guess why it failed.
I successfully did this using ACME SH.
I followed this help here:
dnsapi · acmesh-official/acme.sh Wiki · GitHub and it was easy.
Thank you so much everyone
-
Enable Wildcard for a domain
-
Virtualmin â Web Configuration â Website Options â Website matches all sub-domains
- Tooltip: If the virtual serverâs DNS domain is hosted on this system, Virtualmin will also add the wildcard * DNS record when Yes is selected.
- Tooltip: If the virtual serverâs DNS domain is hosted on this system, Virtualmin will also add the wildcard * DNS record when Yes is selected.
-
How to add a wildcard or multi-domain SSL certificate â Virtualmin
-
Letâs Encrypt wildcard certificate - Virtualmin - Virtualmin Community
- You cannot validate for a wildcard certificate without using DNS validation. And, you canât use DNS validation if you arenât managing DNS with Virtualmin.
- You generally should not use wildcards. They have security implications on top of being more difficult to validate, if youâre not hosting your own DNS.
- A website cannot be used to validate a wildcard cert with Letâs Encrypt.
We are talking about validating a wildcard certificate without webmin managing the dns so there is no point giving instruction on how to do it assuming webmin is managing the dns
His software is Virtualmin 7.10.0, says so at the top.
Also
Using Webmin/Virtualmin, I have not been able to get Letencyrpt to issue widlcard certs⊠It keeps giving me one error or the other.
Why would you use Webmin if it can be done easily in Virtualmin?
Itâs the same difference webmin/virtualmin but it is apparent in the thread dns is else where hence the need for a thrid party script to obtain the certificate
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.