Let's encrypt certificate

I want to understand something about the let’s encrypt certificates.

I’ve created virtual server for a subdomain and I wanted to create a let’s encrypt certificate for it. I was not sure about what subdomains need certificates and also where I need to create TXT records, if any.
Before the creation of said certificate failed until I figured out that virtualmin has created the subdomain server with lots of additional subdomains like


the creation process for the certificate failed all the time and in the logs was always an error with some sort of TXT record, which I googled but couldn’t understand.
error message I got:

Detail: DNS problem: NXDOMAIN looking up TXT for mysubdomain.domain.com

So I have just requested the certificate for the subdomain, which is mysubdomain.domain.com - and in case anyone is typing in www.mysubdomain.domain.com, I have added a CNAME record at my domain-reseller control panel to redirect it to mysubdomain.domain.com.

the www.mysubdomain.domain.com does not need to have an extra certificate, I presume.
I also have just an A record at my domain-resller control panel, pointing to the linux server on which virtualmin is running on. It works, but is this “Best Practice”?

  1. you need to point on your domain registrar only your nameservers for your domain domain.tld NS
  2. After you check that the nameservers propagated (https://www.whatsmydns.net/) you can install Virtualmin with the script. Make your hostname domain.tld. Virtualmin will make all required DNS records
  3. After you have the main domain setup, create subservers of that domain in Virtualmin - that will make all settings necessary.

If you make changes to your domain outside of Virtualmin, Virtualmin have no way to know what you did, so will be broken.

In short that is.

Good luck