I want to understand something about the let’s encrypt certificates.
I’ve created virtual server for a subdomain and I wanted to create a let’s encrypt certificate for it. I was not sure about what subdomains need certificates and also where I need to create TXT records, if any.
Before the creation of said certificate failed until I figured out that virtualmin has created the subdomain server with lots of additional subdomains like
admin.mysubdomain.domain.com,
mail.mysubdomain.domain.com
admin.mysubdomain.domain.com
webmail.mysubdomain.domain.com
the creation process for the certificate failed all the time and in the logs was always an error with some sort of TXT record, which I googled but couldn’t understand.
error message I got:
Detail: DNS problem: NXDOMAIN looking up TXT for mysubdomain.domain.com
So I have just requested the certificate for the subdomain, which is mysubdomain.domain.com - and in case anyone is typing in www.mysubdomain.domain.com, I have added a CNAME record at my domain-reseller control panel to redirect it to mysubdomain.domain.com.
the www.mysubdomain.domain.com does not need to have an extra certificate, I presume.
I also have just an A record at my domain-resller control panel, pointing to the linux server on which virtualmin is running on. It works, but is this “Best Practice”?