Thank you Ilia for suggesting this.
If you have the DNS feature disabled in Virtualmin it will offer a “suggested DNS records” page. But, if Virtualmin believes it is managing DNS, it won’t show you this page (but you can, of course, copy it from the actual local zone files being managed by Virtualmin, as it sounds like maybe you’re doing). But, if Virtualmin believes it is managing DNS but it is not, Virtualmin believes it can do DNS validation for Let’s Encrypt certificates, when it absolutely cannot.
I’m still not clear on why you’re not just using web validation, though. It’s so much easier to get right. The only reason you’d need DNS validation is to get a wildcard cert, but I recommend against wildcards for a variety of reasons (security being the most important one).
Does that Domain ID config (can be found in Virtual Server Summary page) contain letsencrypt_dwild=1 directive?
No. It’s just:
letsencrypt_dwild=
That’s all.
But since I manually renewed the cert, it is the only one domain that has two values
in inferior left corner (just the first line for all the others):
Domain SSL expiry 08/01/2023 05:58 PM
Domain registration expiry 09/18/2023 04:39 PM