Let's Encrypt SSL for mail.domain.com domain with external DNS

Help! (Home for newbies)
1

Hi,
I can successfully create Let’s Encrypt SSL for domain.com and www.domain.com, while I have an external DNS Server.

Problem is that I can’t get it for mail.domain.com or ftp.domain.com domain, because script is adding _acme-challenge.mail.domain.com in DNS and checking if it is there, but I have an external DNS server so it fail with error:
mail.domain.com challenge did not pass: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.domain.com

I could add it to external DNS server, but every time it is different value and it fail to create Let’s Encrypt SSL.

How can I solve that problem?

2

I did some research for you…there are other challlenge options for Letsencrypt other than the DNS-01 one.

There is also HTTP-01 and TLS-SNI-01.

I think if not a webserver (mail), you might need to run certbot in standalone mode for the http and tls methods.

Im no expert, just what i found

3

I do this all the time… I have DNS turn on for some of the domains in Virtualmin, some domains have DNS turned off… no matter.

I have external DNS, use the “Let’s Encrypt” built into Virtualmin, works every time!!!

4

I do this all the time… I have DNS turn on for some of the domains in Virtualmin, some domains have DNS turned off… no matter.

I have external DNS, use the “Let’s Encrypt” built into Virtualmin, works every time!!!