When i click Setup SSL website too, then it creates for domains that are not in dns
Requesting a certificate for newspaper.latvijai.lv, www.newspaper.latvijai.lv, mail.newspaper.latvijai.lv, admin.newspaper.latvijai.lv, webmail.newspaper.latvijai.lv from Let’s Encrypt …
Are some reason i should make in DO DNS settings each?
Can i somewhere edit that only basic domain name ssl is requested?
A wildcard can only work if you host DNS locally, I think. (I mean, I know it only works with DNS validation, but it may be possible to get the key you need and add it manually to your DNS in a TXT record.)
It doesn’t necessarily mean anything. Many people just leave it at defaults, but manually manage their DNS at their registrar. I’m just guessing. If OP has DNS hosted locally a wildcard will work fine, but a lot of folks don’t realize the only way to validate for a wildcard is DNS and Virtualmin can’t catch that for them if they have DNS enabled but aren’t actually using it.
It looks like the web server and/or server template isn’t setup correctly. DNS may need a refresher too.
A shot in the dark: Assuming there are proper A records and virtualhost server aliases, which adds a second dot to the name, this may be what Let’s Encrypt expects and won’t validate anything in sub-domain format because names with three dots are turning up.
Firstly it appears you have not correctly configured the virtual host newspaper.latvijai.lv to handle LE http-01 challenges for that domain (all the others are set-up automatically by Virtualmin). A quick google / search on these forums will give you the answer.
As for wildcard issuance, which can only be done using LE DNS challenge mode.
LE queries are directed to the public nameservers specified as authorative for for the domain therefore you wont be able to manage this unless (@Joe - this means DNS has to be hosted as explained below - it can be either local or remote):
1.) You have correctly set-up, configured and use the server requesting the LE wildcard certificates as the public authorative nameserver for the requested domain.
2.) You have correctly set-up, configured and use Virtualmin slave DNS servers as your authorative public DNS servers while your LE certifcate requesting server has permission to push DNS change to those servers (if using Virtualmin Master->Server DNS this is automatic) (a challenge / authorisation key is created at issuance request as a DNS record to prove you have control of the domain, and this record is then queried by LE at issuance - no / incorrect record and the issuance will fail!).
3.) You are using public DNS servers which can be updated in realtime by the server requesting the LE certificates (a challenge / authorisation key is created at issuance request as a DNS record to prove you have control of the domain, and this record is then queried by LE at issuance - no / incorrect record and the issuance will fail!)
If choosing wildcard certificates remember to select and specify the correct options in virtualmin:
You are using digital oceans NS. How are you using virtualmin to push DNS records to the DO NS?
The screen-shot you posted appears to show you are trying to request a DNS validated LE cert.