This isn’t normal, especially with new installs of Virtualmin 7.50.0 because if your hostname is resolvable, it will work right away.
I’m not sure what you mean—could you rephrase that? Sorry.
First of all, no, do not create a separate domain for the hostname manually. Use the special feature called “Setup SSL certificate from provider for hostname” in “System Settings ⇾ Virtualmin Configuration: SSL settings” page.
That shouldn’t matter because your host should be resolvable—that’s all you need to take care of.
But, even if the hostname cert isn’t able to be issued during installation (because the hostname doesn’t resolve when Virtualmin is installed), you still don’t need to try to get a cert for the host name.
Just create domains in Virtualmin and use any of those names to access Virtualmin (and Webmin). The right cert will be used for those connections.
You are right, although my virtualmin server does have DNS, the DNS is to a private IP, that’s why this didn’t work. The rest of this is for nothing (only to show what I was getting at) I will give Virtualmin a public IP and this will surely work as directed.
Just for clarity though, it does seem that in this case I have my self-signed certificate, and then I add a virtual server, and then I Let’s Encrypt that virtual server, my self-signed certificate (for Virtualmin) is overridden by the virtual server’s.
In this case I create the virtual servers without an SSL by default and am starting at:
Manage Virtual Server > Setup SSL Certificate > SSL Providers
Checking “Domain names listed here” and entering just one (I don’t have DNS yet for the other names), and checking “Yes” on “Automatically renew certificate” which inexplicably defaults to “No” on this form.
I refresh to the familiar (because my Virtualmin has only a self-signed certificate):
Though I am visiting the same url (which DNSes to my private IP) Virtualmin level SSL has been switched to the one I just Let’s Encrypted for a single virtual server.
There is no automatic Apache virtual host matching Virtualmin’s hostname (apparently).
I would have to select a virtual server otherwise (which was a previously floated solution of making a virtual server with the same name as the Virtualmin).
If I pick /etc/webmin for a folder, Let’s Encrypt checks my hostname/.well-known/acme-challenge/.. but does not find what it wants there. (Is there a folder I could put there that would work for this?)
Virtualmin is not doing the DNS for this host so BIND is not an option.
And “Certbot built-in” say that port 80 is taken:
Which one of these is the renewal method if I make one from scratch, giving it a FQDN and public IP, and get 7.50?
This really doesn’t matter though. I made a 000-443-default website (to serve as redirect for strays) and added my-server’s fqdn to that (since Apache only impacts 80 and 443) and did Let’s Encrypt on it, and then:
000-443-default > Manage Virtual Server > Setup SSL Certificate > Set as Default Service Certificate
