How to make to setup ssl only for domain or whats the reason for sudomains

Operating system:
OS version: 20.04 Ubuntu DO

When i click Setup SSL website too, then it creates for domains that are not in dns
Requesting a certificate for newspaper.latvijai.lv, www.newspaper.latvijai.lv, mail.newspaper.latvijai.lv, admin.newspaper.latvijai.lv, webmail.newspaper.latvijai.lv from Let’s Encrypt …

Are some reason i should make in DO DNS settings each?
Can i somewhere edit that only basic domain name ssl is requested?

image


When i check in Edit Virtual server then it shows that that is enabled already
image

I suppose they’re commonly-enough used that LE checks for them by default. In any case, it does no harm and uses no resources.

Richard

But they get errors
And i cant register my subdomain

www.protesti.latvijai.lv

Okay, I see what you mean. I’d try using the top radio button and also requesting the wildcard.

Richard

A wildcard can only work if you host DNS locally, I think. (I mean, I know it only works with DNS validation, but it may be possible to get the key you need and add it manually to your DNS in a TXT record.)

In the top panel it looks like the server is running DNS, no? Or does that not necessarily mean anything?

Richard

1 Like

It doesn’t necessarily mean anything. Many people just leave it at defaults, but manually manage their DNS at their registrar. I’m just guessing. If OP has DNS hosted locally a wildcard will work fine, but a lot of folks don’t realize the only way to validate for a wildcard is DNS and Virtualmin can’t catch that for them if they have DNS enabled but aren’t actually using it.

1 Like

It looks like the web server and/or server template isn’t setup correctly. DNS may need a refresher too.

A shot in the dark: Assuming there are proper A records and virtualhost server aliases, which adds a second dot to the name, this may be what Let’s Encrypt expects and won’t validate anything in sub-domain format because names with three dots are turning up.

1 Like

Firstly it appears you have not correctly configured the virtual host newspaper.latvijai.lv to handle LE http-01 challenges for that domain (all the others are set-up automatically by Virtualmin). A quick google / search on these forums will give you the answer.

As for wildcard issuance, which can only be done using LE DNS challenge mode.
LE queries are directed to the public nameservers specified as authorative for for the domain therefore you wont be able to manage this unless (@Joe - this means DNS has to be hosted as explained below - it can be either local or remote):

1.) You have correctly set-up, configured and use the server requesting the LE wildcard certificates as the public authorative nameserver for the requested domain.

2.) You have correctly set-up, configured and use Virtualmin slave DNS servers as your authorative public DNS servers while your LE certifcate requesting server has permission to push DNS change to those servers (if using Virtualmin Master->Server DNS this is automatic) (a challenge / authorisation key is created at issuance request as a DNS record to prove you have control of the domain, and this record is then queried by LE at issuance - no / incorrect record and the issuance will fail!).

3.) You are using public DNS servers which can be updated in realtime by the server requesting the LE certificates (a challenge / authorisation key is created at issuance request as a DNS record to prove you have control of the domain, and this record is then queried by LE at issuance - no / incorrect record and the issuance will fail!)

If choosing wildcard certificates remember to select and specify the correct options in virtualmin:

These forums and / or google contain all of the information you’ll require to implement LE certificates using http-01 or DNS challenges.

2 Likes

Main domain Latvijai.lv
Subdomain protesti.latvijai.lv
Main domain 404.latvijai.lv
image
What to do? I tried this


See my previous post above.

Dig shows:

$ dig +short NS latvijai.lv
ns2.digitalocean.com.
ns3.digitalocean.com.
ns1.digitalocean.com.

You are using digital oceans NS. How are you using virtualmin to push DNS records to the DO NS?
The screen-shot you posted appears to show you are trying to request a DNS validated LE cert.

1 Like