Virtualmin hasn’t been installed yet for our multi-tenant project. However, we have a project based on the Laravel framework that automatically generates subdomains from the registered user’s account, making it a multi-tenant project. For example, for a server “domain.name” created using Virtualmin and on which our multi-tenant Laravel application automatically generates subdomains when users register, such as “sub1.domain.name”, “sub2.domain.name”, “sub3.domain.name”, etc.
How can we ensure that these subdomains generated via the application, which work correctly in the address bar of web browsers, automatically use the Let’s Encrypt SSL of the main domain (parent server) and automatically redirect to HTTPS?
Do you think it will be necessary to use the Wildcard SSL Certificate from Virtualmin??? I don’t have a good experience when I remember that I already had a very bad experience with the Widcard SSL Certificate from Virtualmin in the recent past, I was advised through this post on the Virtualmin forum to create a simple certificate (not Widlcard) for each server created:
It is an additional check box that has to be clicked to get a wildcard SSL certificate in Virtualmin, instead of the standard one. Note however that the domain for which you are requesting the wildcard certificate, its DNS must be managed by Virtualmin’s DNS.
Why are you using/attempting “DNS based validation” ?
put a simple html “hello world” file into .wellknown dir if you can view it then LE can put their file there to perform “Web based certificate” checks.
Oh and are all those listed hostnames reachable?
I would also skip wildcards for now - until you really know you need them! and you have valid certificates. for your primary domain.
How exactly. Please be a little clearer and with detailed explanations because I don’t understand anything at all. Can you do another check if it is not a DNS check??? Because I always believed that only a DNS check is possible. If so, how to to it exactly ???
Your post showed that LE had attempted “DNS based validation”
When you use Virtualmin (and any- I think) request of LE it attempts Web based first then DNS based - for the latter to work the host names must resolve. for Web based (the norm) a directory .wellknown must exist under your domain. LE puts its validation there and tidies up after itself. If you put a file there (you can use the inbuilt Virtualmin File Manager) and you can read tat file in a browse then LE is all set to go. If you installed Virtualmin correctly all that is superfluous
It is all covered in Helpp or searching the many posts about Lets Encrypt
You cannot request a wildcard certificate using Virtualmin if Virtualmin is not managing your DNS.
You probably do not need a wildcard certificate. I don’t know what the limit on number of names is, but you can certainly have several names in one certificate without it being a wildcard.
If you must have a wildcard you must validate using DNS. The only way Virtualmin can do that for you is if it is managing your DNS. If Virtualmin is not managing your DNS and you need a wildcard, you will need to use certbot directly and validate via DNS using one of the methods it provides. It has a manual method where you create the record yourself, or you can configure it to connect to a variety of DNS hosting providers (though if you have a DNS hosting provider with an API, Virtualmin may be able to manage your DNS…GPL has Route 53 support, I think, and Pro adds Google DNS, Cloudflare, and maybe others).
Have you read the form for requesting a certificate? It should be pretty obvious how to request for multiple domains, including domains Virtualmin isn’t aware of or managing. (Domains list here, instead of Domains associated with this server. Unless the domains are Aliases, in which case Virtualmin will already automatically request the cert for those aliases.)
But, note that Let’s Encrypt must be able to make a request to a file in .well-known for every one of the domains you list, or it will fail. It does not just trust you control the domain, it requires you to prove it…for web validation, it checks for a special file in .well-known, for DNS is checks for a special TXT record in the zone to prove you control the whole zone.
Also, are you not using ServerAlias for this? How is Apache configured to answer for all these other domains? If you’re using ServerAlias, you could make an Alias in Virtualmin, which would automatically add it to the list of domains to try to get a cert for.
How to use ServerAlias and how to make an Alias in Virtualmin, so that it automatically add it to the list of domains to try to get a cert for ??? Don’t forget that subdomain is automatically created by my LARAVEL (PHP Framework) package for multi-tenancy.
I haven’t edited the alias configuration file since the virtual server was created. So I’m assuming it’s still with the default Apache configuration in virtualmin. So, how to edit it ???
I’ve already told you: Create an Alias in Virtualmin. It’s literally a button on the Create Server page. I strongly recommend you spend a few minutes looking at Virtualmin. These are not mysteries requiring deep dives in the documentation.
But, if your automatic subdomains are working with a Virtualmin-created domain (Virtual Server), I guess this domain is the “default” in Apache, so it’s serving any unrecognized request with this VirtualHost. So, that can keep working, I guess. In which case, you’ll need to do what I suggested above and list all the domains in your cert request (choose “Domain names listed here”).
Subdomains are not created manually in Virtualmin but rather from the Laravel Multi-tenancy package in PHP. However, only the main domain is created from Virtualmin. And so I am confused about entering them one by one in “Domain names listed here” at the “SSL Certificate” level if there by example more that 1000 users registered because each user should have its subdomains ???
