Unable to create Let's Encrypt certificate for webmail and admin "subdomains"

Hey guys!

I'm using CloudFlare with FULL (Strict) option enabled. My goal is to have a valid certificate provided by Let's Encrypt in my server and let CloudFlare handle everything else.

What I understood is that Virtualmin Let's Encrypt script doesn't support DNS based validation. OK, that I get. But how autodiscover, autoconfig and mail records can get a valid SSL certificate but "admin" and "webmail" records can't?

When I enable CloudFlare proxy in "webmail" record I get 526 Error (Invalid SSL). If I disable CloudFlare proxy I can get into the page but I get a invalid certificate message in chrome (Although I can ignore this error and proceed to the redirected page).

I tried to manually supply admin.domain.tld and webmail.domain.tld in "Domain names listed here" via "Server Configuration > SSL Certificate > Let's Encrypt" but I receive a error saying the script was unable to create the "webmail.domain.tld/.well-known" file. It's weird because I don't create autodiscover, autoconfig and mail subdomains, but Let's Encrypt script can get valid ssl certificate for those dns records (although they are not properly a subdomain, pretty much what "admin" and "webmail" records are).

PS: All dns records in my virtualmin were imported to CloudFlare. So everything is the same in both directions. I've tried to disable CloudFlare proxy as well to try getting the let's encrypt certificate, but that wasn't enough.

Virtualmin version: 
Webmin version: 


Ilia's picture
Submitted by Ilia on Tue, 10/13/2020 - 14:39

As long as DNS records and Apache records present, and a domain with its subdomains listed for a request can be opened via regular browser - web based validation must go without any problems. If it still fails, try to use *:80 and *:443 for VirtuaHost directive instead of an IP address, as it may vary depending on network configuration.