Let's Encrypt default associated domains

OS type and version AlmaLinux 9.3
Webmin version 2.111
Virtualmin version 7.10.0
Related packages LetsEncrypt

How do I change the default “domains associated with” for let’s encrypt certificates when creating a new virtual server. Its automatically inserting www.mydomain, mail.mydomain, and few others I just want to include the domain name I am creating. It always fails on the initial creation and then I have to go to Lets Encrypt and fix the domain associated with section.

If you point the DNS of the domain to Virtualmin DNS server before you create the virtual server then Let’s Encrypt won’t fail. It will succeed and you will have everything ready in one shot with none of the extra effort that you are making with your current workflow.

1 Like

So are you saying to switch the Primary Server Hostname (under default templates) to :

Automatic (from system's hostname) ?

No, I am not saying that at all.

I was recommending that you appropriately configure the domain’s DNS records rather than change the configuration in Virtualmin. Your current workflow throws an error when you create a new virtual server because Let’s Encrypt is unable to issue SSL certificates. This causes extra work to be done by you after you have created the virtual server in Virtualmin.

There is a better workflow:

  1. Configure the domain’s nameservers to point to Virtualmin’s DNS
  2. Then (wait for propagation to complete) and create the virtual server in Virtualmin

When such a workflow is followed, Let’s Encrypt will be able to issue SSL certificates while step 2 is underway and you will have to do none of the work that you now do after Letsencrypt fails on the initial creation of the virtual server.

1 Like

If you don’t have DNS records for all of the domains Virtualmin created, you obviously can’t request a Let’s Encrypt cert for them. So, request only the ones that do have records.

Sorry guys I must be doing something wrong. Heres my scenario - >I want a new server - I have a primary domain already setup: mydomain.com and now I want a new top level domain campaign.mydomain.com. I have that name registered on namecheap and my nameservers are setup on namecheap as well. I click create Virtual server with following options:

 Setup DNS zone
 Setup Apache website
 Enable MariaDB database
 Accept mail for domain
Setup spam filtering
 Setup virus filtering
 Create Webmin login
 Enable AWStats reporting

Then click Create Server - and wait for provisioning and… Lets Encrypt fails because its trying to verify mai.campaign.mydomain.com and webmail.campaign.mydomain.com and admin.campaign.mydomain.com - so I don’t get why its automatically including those extra domains. I haven’t set those specific prefixes anywhere. Is it because I selected Enable mail? Should I exclude “Setup DNS Zone”? And yes I can fix this by going to Lets Encrypt after this and only include campaign.mydomain.com in the LetsEncrypt setting and revalidate. But would like to know if I can validate everything when I create the server initially.

You should not have the DNS Feature enabled at all if you are not locally hosting your DNS zones.

The creation of those records for new domains can be controlled from Server Templates, particularly in the DNS domain and Website for domain sections.

Excluded “Setup DNS Zone” and updated my server template - One or both of those options worked thank-you!

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.