Easy way to Lets encrypt in fresh Webmin install

| SYSTEM INFORMATION|| Ubuntu 20.04 22.04
| OS type and version | Ubuntu 20.04 to 22.04 |
| Webmin version | Fresh 2.020 |

I think it’s an old discussion but now I have installed some VP servers again with Webmin.
, and I do miss an easy and almost automatically way to install Lets encrypt.

I always get to the ‘Failed to request certificate : No virtual host matching xxxxx.com was found’

Can’t we make an easy work around?

BTW, I love using Webmin.

Best regards Jorgen

If you’re hosting websites on the systems, Virtualmin is probably the better choice than Webmin alone, and Virtualmin does make it easy.

Webmin makes it as easy as it can, given that it has to trust you to have done a lot of stuff that Virtualmin does automatically. Like DNS records and setting up VirtualHosts.


It is easy to setup Let’s encrypt with Virtualmin.

My way to setup the system is to set two glue records for hostname.mydomain.xyz and ns2.mydomain.xyz pointing to the Virtualmin server IP at my domain registrar.

for the first time accessing virtualmin you will still have to use the IP after installing.

during the setup wizard add ns2.mydomain.xyz when it asked you for a secondary nameserver, primary should be filled out as your hostname, and then choose to Skip the resolvability test.

then create the default domain as mydomain.xyz.

Then all relevant DNS records will be created automatically, and you can request the Let’s encrypt certificate via the menu and also have it enable all SSL services of the stack, which is super convenient.

this the the best method IMO because then you are acting as your nameserver and all changes are instant and you dont have to deal with your registrars records anymore. For additional domains just specify your virtualmin nameservers.

some TLDs might require redudancy though, where two nameservers must be different IPs.

This is related to the configuration of nameservers and not Let’s Encrypt. You need not have done this at all, if you had used a third party DNS provider and pointed your domain to the IP address of your Virtualmin server.

For others who read your post when they seek information about Let’s Encrypt and Virtualmin, know that this setting of glue records is only tangentially related to Let’s Encrypt.

No. If you have decided upon a hostname to use, then all you need to do is point that hostname to the IP address of your Virtualmin server and you could use host.domian.tld:10000 to access Virtualmin right from the beginning - during install and also immediately after it. There is no need to use the IP address after installing Virtualmin if you plan ahead.

Incorrect. The primary DNS server should not be specified as the hostname of the Virtualmin server. If that was how it should be why would the Virtualmin post install wizard ask users to enter redundant information? Ideally if the hostname of the Virtualmin server is host.domian.tld then the name servers should be specified in the format of ns1.domain.tld and ns2.domain.tld.

All TLDs require redundancy, thats why we have ns1 and ns2. The correct way to put it is that some domain registrars (and not TLD, as you have stated) are strict in checking for standards when we specify nameservers to use with the domains that the registrars manage. If the registrar is strict then it will not accept the nameservers that will be set up in Virtualmin in the manner described by @lawk because to comply with standards ns1 and ns2 must be on different networks - and not in the same Virtualmin server.

For the purpose of Let’s Encrypt, just point the domain and subdomains (like www, admin, mail, webmail) to the IP address of the Virtualmin server and you are golden.

The point I was making is that with glue records and virtualmin acting as the nameserver you dont have to deal with separate DNS records. I dont need to add any records for mx, spf, a, cname, txt, and any changes are live without intervention.

all A records and other records will be setup by virtualmin itself so the lets encrypt cert request within virtualmin is seamless.

I started with My way at no point did I ask for your passive aggressive remarks.

.com, .net, .org dont require two different IPs for nameservers. Ofc redudancy is better, but not required and on small private vps not as important.

.de always does. This is a DENIC requirement these days.

For the purpose of Let’s Encrypt, just point the domain and subdomains (like www, admin, mail, webmail) to the IP address of the Virtualmin server and you are golden.

Ok cool.

I prefer to set nameserver and glue records. Then I dont have to deal with A records and multiple panels or DNS options again.

You can name the server ns1.domain.tld, if you want to. No harm in doing that.

We don’t care what you call your server, as long as you don’t name it after a domain you’ll be hosting mail for in Virtualmin. e.g. I should not name my server virtualmin.com, if I’ll be hosting mail in Virtualmin for virtualmin.com. I should use something else, like srv1.virtualmin.com or ns1.virtualmin.com (if it’ll be a name server, too, which is pretty often the case for small operations).

There is no rule here. Folks make it complicated, but it’s really not. There is no right answer, only a wrong one (the wrong one being naming it some domain you’ll be hosting virtual mail for).

Virtualmin defaults to creating an NS record with the system hostname (which is why it might be easy to name the system ns1.domain.tld), but that is configurable (just like just about everything else is.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.