Ssl without a website

i have some that i host mail and dns only for, but i want to activate ssl for them so that they can use as mail.
So can i setup this ?
I seem to only be able to request certs from letsencrypt for them, if i have apache ssl enabled

I don’t know if there’s a better answer, but I usually just do something like this in situations when a machine’s work doesn’t include hosting an actual site:


well that doesn’t work if they want website running somewhere else, like shopify but still want me to host mail for them…

Whose nameserver is authoritative?

I’ve never done this with Virtualmin, but I think I may try it later on as a project. I know how I’d do it on a panel-less server and on cPanel, but I’ve never done it on Virtualmin.


If you don’t mind applying the certificate manually once every three months, you could use to get the certificate without web services enabled on a virtual server in Virtualmin by choosing in SSLfirFree the DNS verification of the domain.

The first one specified in the DNS record of the domain, naturally.

@calport if i want to manually apply it, i can do it with certbot too… but i would like it to be controled from within virtualmin as all the others on the server

I would like that too. Let’s see if there is a way to do that in this version of Virtualmin.

If not, you will have to use certbot or

I kind of meant in this instance. If OP’s server is providing DNS service for the domain, then it’s an easy thing to send the Web traffic elsewhere (although I’ve never done it to Shopify, so maybe not).


Usually, your mail server has a hostname, anyway. Just setup a small empty vhost in virtualmin, dns accordingly too, and you get your letsencrypt cert as always using .well-known/acme-challenge. Another possibility is to use dns-01 verification instead of http-01, but
that’s a bit more complicated.

In such cases I use ‘dehydrated’ for the handling of the certificates. Dehydrated can use hooks for creation, verification and removal of the token files. In these hooks I can e.g. create the token file
on the “real” host by using ssh and secret/public key, check if the token is reachable per wget and
then let letsencrypt verify the token on the “real” domain.

If you need a full example for this, let me know.


Ok so seems a improvement suggestion is needed to be made, so ssl can be setup even without apache/nginx but only with dns validation then… i will write the team and suggest this in a ticket…
There :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.