Letsencrypt cert for hostname without creating virtual server

OS: CentOS 7

How can we generate a Letsencrypt SSL cert using exiting virtualmin/webmin SSL module method for the actual server hostname ‘subdomain.domain.tld’ without creating a virtual server under webmin?

If we try to create a letsencrypt cert forcing it to use a different domain’s virtual host, it obviously fails validation. Even having ‘domain.tld’ as a virtual server and trying to request for ssl for ‘subdomain.domain.tld’ fails validation. So only option is to create a virtual server with same subdomain.

Even if we chose to go ahead with adding a virtual server with ‘subdomain.domain.tld’ to generate the letsencrypt ssl, the problem that now arises is that postfix is starting to throw below error constantly in the logs due to duplicate of hostname & virtual server:

warning: do not list domain subdomain.domain.tld in BOTH mydestination and virtual_alias_domains

Obviously we wont be able to remove it from either locations in the postfix files as mails will stop becuase it’s the hostname. How do we solve the first problem of generating a letsencrypt ssl for hostname without a virtual server so that these downstreams errors can be mitigated?

Edit: I’m trying to avoid the method of having to run the certbot command manually and then do the same every 3 months to renew the certificate as it doesn’t auto renew in certain cases which I believe the current one qualifies.

I do not run the certbot command manually for any of the virtual servers on the many Virtualmin systems that I manage.

When I install a Virtualmin system, I specify a hostname such as vpsXX.domain.tld and then create virtual servers in the usual manner for domains such as domain1.tld, domain2.tld etc. SSL for vpsXX.domain.tld is applied to Postfix, Dovecot, Webmin, Usermin et al and SSL for domain1.tld and domain2.tld is sought for from Let’s Encrypt in the usual manner and thereafter renewed automatically by the Virtualmin system.

I take care not to setup mail for vpsXX.doamin.tld and therefore do not see warnings of the type you have quoted.

How have you set up your Virtualmin system? Or how is it different from the way I set up my systems - which I believe is the official way to setup Virtualmin.

@calport As seen in the screenshot above, there are some additional options I see which seem to be hidden in your page or is actually there if you scroll inside that box. For the area circled in red, regarless of which option I select, letsencrypt fails because there isn’t a virtual host directory for the domain name unless I create a virtual server with that subdomain. I cannot use DNS validation because DNS for the domain is handled outside the server.

I’m not sure if I should be unchecking the option “enable mail for this domain” for the virtual server I created for this same subdomain because I do not know right now if it will affect the actual server emails that server sends as notifications to admin. I will test this out.