I have found a similar topic on this but it doesnt appear to have been solved. i am seeing it too…
When ever i make a new virtual server in Virtualmin, Lets Encrypt always fails. I use Cloudflare and i have all the needed records pointing to my public IP.
the server creates “fine” with a self signed. and i can go into the configuration and request a lets encrypt certificate and it works…its the issue that it doesnt do it automatically during initial creation
It also fails when i try to wildcard in cloudflare(apparently now supported there). That would be nice as i cloud just wildcard to my IP for any subdomain(virtualmin.mydomain.com and in the future, cloud.mydomain.com)
These two failures also occur on the other domain i try to make: xyz123.com (it is also hosted on cloudflare with the same records…minus the virtualmin record)
Possible Solutions?:
Do i need to mirror my entries from Cloudflare in BIND? Wildcard included?
Will using the API fix these issues?
Should i just disable BIND all together?
Cloudflare offers the ability to let me point my server as a name server…for $200 a month on their business plan,…not my first option haha
I also use Cloudflare for my domains and the advice I got on here was to just not use Bind in VM. I am as far as a possible expert on all this but that advice helped me sort things out.
I use Cloudflare exclusively and I let Cloudflare do all the DNS. I point my name servers from the domain registrar to my Cloudflare name servers and then I create all my records in Cloudflare and simply point them to the ip of my Virtualmin server and it works flawlessly.
also…i have seen in another post where they had to change the port of virtualmin to 8443 for cloudflare to play nice…do i need to do that and forward that in my network firewall?
Don’t touch ANYTHING. Just point your domains to the Cloudflare name servers and point your domain entries to your servers IP. That’s it. Don’t do ANYTHING to your server or to Virtualmin.
Yes it worked fine. I would recommend it as @Gomez_Adams said. Let Cloudflare do what you need.
However I did have to change the port. Cloudflare told me that they block port 10000 by default. So I wasn’t able to login initially with my host name but did so with IP:10000 and then changed the port number to one of the ones that isn’t blocked by Cloudflare. Only then was I able to reach the VM login page using hostname:port
I don’t know enough about my experience or why it is different to that of @Gomez_Adams unfortunately, it is just how it worked for me.
No. That is done at your registrar where you bought your domain name.
Example: Let’s say you bought your domain at GoDaddy. You would go to GoDaddy to your account and somewhere in there is a place to set your name servers. By default they’re set on GoDaddy’s servers because they want you to host there. You simply change those name servers to the name servers that Cloudflare gave you when you signed up.
Then on your Cloudflare DNS you set your records and point to your Virtualmin servers IP. That’s it. You’re done.
the DNS configuration screen asks for Primary nameserver… inputs the hostname of the ubuntu system: virtualmin.mydomain.com
i check the box to skip resolvability
Setup default virtual server? i leave settings as is to make a virtual server in virtualmin names "virtualmin.mydomain.com on that same screen… Enable SSL on default server? i say Yes, with Let’s Encrypt certificate
And this all works fine…its when i go to make my next “non default” virtual server:
Those are set up automatically for a reason. You’re running a mail server so they have to be set for each domain you create.
But why you would set up a non-resolvable domain as your Virutalmin server’s primary is beyond me. You’re just making your life more difficult when it doesn’t need to be.