Create New Virtual Server - "domain validation failed" for Lets Encrypt (but maunual requesting it works fine)

OS type and version Ubuntu 20.04
Virtualmin version 7.1-1

I have found a similar topic on this but it doesnt appear to have been solved. i am seeing it too…

When ever i make a new virtual server in Virtualmin, Lets Encrypt always fails. I use Cloudflare and i have all the needed records pointing to my public IP.

the server creates “fine” with a self signed. and i can go into the configuration and request a lets encrypt certificate and it works…its the issue that it doesnt do it automatically during initial creation

What’s your fqdm? Can you paste here back those two commands?

hostname and hostname -f?

Given your harsh response on another one of my post, id now rather not give you my site info…

so my Ubuntu system FQDN is (this is also the default server name)

My business site is: and i am trying to make my first (non default) server and checking the box for SSL enabled site

@pologoalie8908 harsh response?

Where? Just asked you to use those two commands to see if your servers hostname is set up correctly, what was harsh on it?

Uhmm, my apologies, I’m sorry for trying to help you. Perhaps I missed something or didn’t understand. Nevermind I’m sorry.

Have nice day.

He’s probably talking about this one:

In which case, I would agree with him.

He’s new and obviously in a bit over his head. That’s no reason to go the hell off on him.

1 Like

Think my issues revolves around my understanding of the local BIND DNS within Virtualmin and conflicts with my DNS provider Cloudflare

My Setup:

  • Ubuntu 20.04 with Virtualmin 7.1-1
  • Cloudflare is my registrar and DNS provider
  • I am not using the API at this time, i want to figure out the issue i am having first
  • default virtual server in virtualmin:
  • I have A records for www, @, and “virtualmin” pointing to my public IP in Cloudflare(will add more in the future)


  1. I go to make and it fails to get SSL certs for the,, etc…but i can go in after creation and successfully register them
  2. It also fails when i try to wildcard in cloudflare(apparently now supported there). That would be nice as i cloud just wildcard to my IP for any subdomain( and in the future,
  3. These two failures also occur on the other domain i try to make: (it is also hosted on cloudflare with the same records…minus the virtualmin record)

Possible Solutions?:

  • Do i need to mirror my entries from Cloudflare in BIND? Wildcard included?
  • Will using the API fix these issues?
  • Should i just disable BIND all together?
  • Cloudflare offers the ability to let me point my server as a name server…for $200 a month on their business plan,…not my first option haha

I also use Cloudflare for my domains and the advice I got on here was to just not use Bind in VM. I am as far as a possible expert on all this but that advice helped me sort things out.

Sorry I can’t be more specific.

1 Like

I use Cloudflare exclusively and I let Cloudflare do all the DNS. I point my name servers from the domain registrar to my Cloudflare name servers and then I create all my records in Cloudflare and simply point them to the ip of my Virtualmin server and it works flawlessly.

1 Like

oh ok. and based on @grant-1972 's comment above it works well too…do i need to disable BIND then?

also…i have seen in another post where they had to change the port of virtualmin to 8443 for cloudflare to play nice…do i need to do that and forward that in my network firewall?

No. Don’t touch it.

Don’t touch ANYTHING. Just point your domains to the Cloudflare name servers and point your domain entries to your servers IP. That’s it. Don’t do ANYTHING to your server or to Virtualmin.

Yes it worked fine. I would recommend it as @Gomez_Adams said. Let Cloudflare do what you need.
However I did have to change the port. Cloudflare told me that they block port 10000 by default. So I wasn’t able to login initially with my host name but did so with IP:10000 and then changed the port number to one of the ones that isn’t blocked by Cloudflare. Only then was I able to reach the VM login page using hostname:port

I don’t know enough about my experience or why it is different to that of @Gomez_Adams unfortunately, it is just how it worked for me.

Not trying to be smart here :wink: but wouldnt that require me to change something in virtuialmin?

No. That is done at your registrar where you bought your domain name.

Example: Let’s say you bought your domain at GoDaddy. You would go to GoDaddy to your account and somewhere in there is a place to set your name servers. By default they’re set on GoDaddy’s servers because they want you to host there. You simply change those name servers to the name servers that Cloudflare gave you when you signed up.

Then on your Cloudflare DNS you set your records and point to your Virtualmin servers IP. That’s it. You’re done.

bought from cloudflare, lives on cloudflare, DNS is cloudflare

Then all you should have to do is enter your DNS records and point the IP to your server and you’re done.

1 Like

I have that set.
So when i go to setup virtualmin

  1. the DNS configuration screen asks for Primary nameserver… inputs the hostname of the ubuntu system:
  2. i check the box to skip resolvability
  3. Setup default virtual server? i leave settings as is to make a virtual server in virtualmin names " on that same screen… Enable SSL on default server? i say Yes, with Let’s Encrypt certificate

And this all works fine…its when i go to make my next “non default” virtual server:

  1. create new virtual server
  2. enter the domain name
  3. give it admin password
  4. check box for ssl

During processing, it gets to Requesting a certificate for,,,, from Let’s Encrypt …

And then i get a failed message…but i think i may have figured it out…since virutalmin sets up

and i dont have those in Cloudflare yet.

i guess from a newbie to virtualmin it might help to document that or even possibly give the option if we want those domains…

deleted virtual server, added entries in cloudflare, recreated server… issue resolved

Those are set up automatically for a reason. You’re running a mail server so they have to be set for each domain you create.

But why you would set up a non-resolvable domain as your Virutalmin server’s primary is beyond me. You’re just making your life more difficult when it doesn’t need to be.