Multiple VPS servers Let's Encrypt logic problem

Help! (Home for newbies)
1

I have amassed 4x VPS in 4 different data centres. All Debian or Ubuntu

They are:

Plus they each host client wordpress sites.

vps1 also hosts mydomain.com

I cannot navigate to vps2.mydomain.com I get the default (alphabetically first) virtual domain e.g. AClientSite.com

So:

  1. How do I enable the default website for a server so that
  2. I can get a Let’s Encrypt certificate for the server, in order to
  3. sign email to send from vps2.mydomain.com for all virtual domains on that server.
2

  1. You’re not going to be able to “navigate” to vp2.domain.com unless domain.com exists as a virtualmin server and vps2 is a sub domaim of that. But there’s no need unless you have a website of your own there. But you should be able to navigate to vp2.domain.com:10000 to log in to webmin.

  2. Letsencrypt certs are per domain. So a cert for vp2.domain.com will not apply for ACLIENTSITE.com. Acleintsite.com will need its own certificate.

  3. I’m not 100% sure on # 3 But isnt mail, dns and cert settings for mail all separate per domain? doesn’t matter what email server its on as long as that mail server is setup to handle mail for that domain?

3

Thanks for the reply @scotwnw . Maybe I’m overcomplicating it otherwise I’m not explaining myself well.

  1. Good point. I can go to vp2.domain.com:10000 because that’s how I manage the Virtualmin installation. But I don’t have domain.com configured on this server because it screws up DNS and every other service for domain.com across the network.

  2. ACLIENTSITE.com has it’s own certificate.

  3. My understanding is: SSL email is IP address only so that all domains hosted on vp2.domain.com that have email enabled either need their own IP address (to use their own certificate) or email clients configure their mail server to be vp2.domain.com (not mail.aclientsite.com) and use that certificate.

But if Let’s Encrypt servers can’t access vp2.domain.com then they’ll never confirm ownership and won’t sign the certificate.

4

Rats I lost my last answer. Here goes again.

  1. domain.com is actually hosted (web, email, SSL, DNS Master) on VPS1.domain.com. So good point - I can get to the Virtualmin interface on port 10000, and I don’t want to create a version of domain.com virtual server on VPS2

  2. I thought Letsencrypt certs are also linked to IP address as well. How can I get the cert on VPS2 if I create it on VPS1? ACLIENTSITE has it’s own cert already

  3. My understanding email SSL is IP address based so I need to create the cert on VPS2.domain.com if I want all virtualmin virtual server hosts to use VPS2.Domain.com as their TLS or SSL encrypted connection.