LetsEncrypt Wildcard certs: are they possible with external DNS management?

Today our commercial wild card cert will expire. I use letsencrypt for all other non-financial transaction certs, so I was hoping to use a letsencrypt wildcard where I needed them now too.

When I try to generate one, I get an error:
request failed : Web-based validation failed : Wildcard hostname *.domain.org can only be validated in DNS mode

I have searched the forum for answers and I get some clue, but not definitive answer, that DNS must be managed within the Virtualmin control panel. Ours are managed at GoDaddy.

Am I out of luck?

I have installed certbot already. I am on Ubuntu 16.04.


In terms of wildcard - yes. At the moment, Virtualmin requires DNS to be hosted on the same system. You could do non-wildcard and pass HTTP challenge though.

Besides, you could do it right now, by writing custom script.

We discussed it with @Jamie and possibly, one day in the future, we’ll add support for remote DNS verification, using API authentication for DNS providers. (Let’s Encrypt, GoDaddy and other). It shouldn’t be difficult to add as it requires only few extra params to be passed.

Thanks. Yes, I vote for adding support for DNS providers :slight_smile:

The custom script doesn’t really seem viable for my use case, unfortunately. This is a situation where wildcards aren’t simply a convenience, but a requirement. Each site user has their own subdomain and it needs to be active and usable immediately. And we have thousands.

This script seems to be an automated way for doing a DNS site verification for each subdomain, which doesn’t seem plausible for us. Not only are the certs wild carded, the subdomains are too. Any request for *.domain.org goes to that one site. So DNS records for each subdomain don’t exist.

I use external eNom DNS… would love it if you supported their API… : )