How to set up SSL for dovecot's virtualmin?

4 posts / 0 new
Last post
#1 Fri, 09/07/2018 - 09:09

How to set up SSL for dovecot's virtualmin?

I have a virtual server in virtualmin. For using IMAP in secure mode, I need a SSL certificate.

Since MX DNS register needs to be a subdomain, I created

Now I'd need to add to the SSL, so I tried to create a sub-virtual server (I also tried with an alias virtual server), with ""

Now I go to the Manage SSL Certificates > Letsencrypt and I see both to request ( and

But when I request it I see:

ssl.CertificateError: hostname '' doesn't match either of '', '' DNS-based validation failed : Failed to request certificate : challenge did not pass: DNS problem: NXDOMAIN looking up TXT for

Why is that ?

Web "" is working and pointing to the site (so the sub-virtual server is correctly created) And points to the same IP of

Fri, 09/07/2018 - 18:53
Joe's picture

There's a couple of ways to handle it. The simplest is to just use a primary domain on your Virtualmin server for all mail services, and use the certificate for it in both Dovecot and Postfix. This is what I recommend, for now.

STARTTLS supports name-based virtual hosting of mail servers, and Dovecot has support for that. Our support for it in Virtualmin exists but is relatively new (so new I don't even know off-hand what goes into enabling it). I'll have to poke around and get back to you...


Check out the forum guidelines!

Thu, 09/13/2018 - 10:57

Hey there, jurassic. This is easily fixed. Just go to your virtual server and select Server Configuration>Manage SSL Certificates. Go to the Let's Encrypt tab. Select Domain Names Listed here, if the ones already listed are not what you want. You can add everything, if you want to by putting in


and just substitute your domain for domain.tld. This list is just about everything you'll ever need.

Next, under Check connectivity first, select to just skip the tests. Then when you press the Request Certificate button, just wait for the new cert. You should be good to go.

Good luck!

Thu, 09/13/2018 - 22:45 (Reply to #5)
Freddy63's picture

Hello jurassic,

@KitchM's list is really helpful. But you'll need to create DNS record for each hostname in your DNS manager if DNS is managed elsewhere.

And you didn't need to create Virtualmin creates which you can use. I have a Virtualmin Mail Server tutorial if you want step-by-step instructions.

Topic locked