Let's Encrypte seems to demand the zone be locally hosted, which is weird.

I was trying to add SSL with an LE cert to doxfer.webmin.com, but Virtualmin errors out with:

Requesting a certificate for doxfer.webmin.com, docs.webmin.com from Let's Encrypt ..
.. request failed : DNS zone doxfer.webmin.com does not exist on this system

It gives the same error for docs.virtualmin.com (which is another name for this vhost), even though the server is actually managing DNS for that zone...it's just in Cloudmin Services.

Oddly, I didn't have this problem on virtualmin.com, even though its DNS is hosted in Cloudmin Services as well. So, I dunno what's different here, but it seems bug-like that it would demand DNS, since there's multiple ways to setup an LE cert and DNS isn't needed for the most common one.



That's a missing feature currently - remotely hosted DNS zones (with Cloudmin Services) aren't supported yet. However, web-based validation should work and be tried first, assuming those are non-alias domains with websites.