Guide to install FREE SSL certificate from Letsencrypt on Virtualmin & Webmin. 100% working.

74 posts / 0 new
Last post
#1 Sun, 12/06/2015 - 14:27
jochem

Guide to install FREE SSL certificate from Letsencrypt on Virtualmin & Webmin. 100% working.

I've been going at this for a little while but came up with the following steps to get it working. Its working on 06-12-2015 during the public BETA. If you run into issues please let me know.

Tested on: - Host OS is Ubuntu 14.04 LTS. - Virtualmin version: 4.18.gpl (doesn't really matter? build 2015+) - Webmin version 1.770 - 1.780 (doesn't really matter? build 2015+)

Get the following right for your "variables", fill in your own offcourse:

MYUSERNAMEFORDOMAIN: my system username known in virtualmin

MYDOMAIN: www.example.com

*** 1. First install Let's Encrypt script/programm. ***

Login to SSH and get root privileges (root/sudo -i):

cd /home/user/ && git clone https://github.com/letsencrypt/letsencrypt

OR

cd /root/ && git clone https://github.com/letsencrypt/letsencrypt

^^ This will download the Let's Encrypt from github with executable script

*** 2. Create your directory where you will be saving your certificate later on. Reason for this is because Virtualmin has a protection where it only allows a certificate from the user/domains directory: ***

mkdir /home/MYUSERNAMEFORDOMAIN/ssl_certificates

*** 3. Setup your cronjobs by running: "sudo crontab -e" ***

It wil probably ask you which editor, i choose Nano, once in the editor enter the following somewhere on a new line (pick the option you choose on step 1!):

01 3 1 * * cd /home/user/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem

OR

01 3 1 * * cd /root/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem

^^ Above command will copy the certificates to the correct directory after requesting them (i gave a warning in step 2). It will do this every 1st of the month during the night. The reason we do this every month is because the certs are only valid 90 days and we have plenty of time to repair if something appears to be wrong with the cert later on..

Allright! The hard part is done!

*** 3.1 Please log into your Virtualmin admin panel, Select "Webmin -> System -> Scheduled Cron Jobs". Go to your newly created Cronjob by clicking on it and select "RUN NOW".

*** 4. in Virtualmin, select you domain and go to "Edit virtual server", make sure that SSL is enabled under "Enabled features".

*** 5. Under "Server configuration" go to "Manage SSL Certificate". Select the tab "Update Certificate and Key" and under "Signed SSL certificate" select the option "File on server", fill in the location of the certificate: "/home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem"

*** 6. Do the same for section "Matching private key". Select: "/home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem"

*** 7. Click on "Install Now".

*** 8. Switch to tab "CA Certificate", select "In file on server " and fill in: "/home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem"

*** 9. Click on "Save Certificate". ***

DONE! ! ! It will now update every month :)

Go to your website with HTTPS, what do you get??? :D :) :D

IF you run into any issues please let me know in the comments and i'll try to help out!

NOTE: You can't request a lot of different certificates. You will get the message: Too many certificates already issued for: xxx. If you want a lot of certificates for subdomains please consider using a paid wildcard certificate. Letsencrypt is a service to help out (starting/small) websites.

If you like this guide and want to donate you can do so by Bitcoin: bitcoin:1gYf6whHEhLBuhEk81DFoCt65dVva94iL

Mon, 12/07/2015 - 03:43
Kintaro

thank you!

Mon, 12/07/2015 - 17:21
dyvel

Just a small suggestion. I would pass the -d paramater for both www.domain.tld and domain.tld to make the SSL certificate work for both, like this:

-d MYDOMAIN.net -d www.MYDOMAIN.net

Thanks for the guide though - appreciate it :-)

Wed, 12/09/2015 - 10:45 (Reply to #3)
jochem

Thanks for the suggestion. I've added it in the guide.

Wed, 12/09/2015 - 12:57
lookwhostalkin

Oh Nice guide. I was looking at carving out some time to look into this.

Great work. I will have to give this a go at later time.

Nice work and thank you.

Fri, 12/11/2015 - 19:52
DaveOverton

90 days = 3 months, probably don't need to run it every 30 days. Otherwise nice work, and glad to see this contribution made available to us all.

Fri, 12/11/2015 - 22:02
hostile

Hi, thank you for guide.

I followed it and stuck at 5. as there was no certs to add.

I think You would have to wait to 1st of the month for cron to execute command :)

so what I did is:

cd /home/user/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem

or

cd /root/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem

Tue, 12/15/2015 - 11:16 (Reply to #7)
jochem

I've added an extra step 3.1 (moved from the addition). If you do that before 5 it should go better since the certs will be created.

Sat, 12/12/2015 - 00:25
hostile

.

Sat, 12/12/2015 - 18:44
bmalone667

This worked great except for some python errors I ran into with virtual environments.

I am running CentOS 6 on my box so I installed pip to get the virutal issue resolved. Still had problems and found it easier to install python 2.7 following https://community.letsencrypt.org/t/redhat-centos-6-x-users-need-python-...

I would suggest you disable the repos when you've got your python installed cause the EPEL repo will update proftpd which breaks the FTP in my version of Virtualmin.

The problem I have now is I can't seem to get apache to expose the /.well-known folder so letsencrypt can't verify the domain. Anyone have a quick idea how to do this in virtualmin? I've tried setting up alias and redirects. I'm guessing somewhere in virtualmin it is blocking hidden files/folders. But I can't seem to find it.

Sun, 12/13/2015 - 03:15 (Reply to #10)
jochem

The script will put a file in the public_html/.well-known/acme-challenge/ folder. Then it will see if it can access that path on the webbrowser. What happens if you login to FTP and see if any files get written during verification? Also what is your error? Maybe you can use --verbose.

Sun, 12/13/2015 - 08:12
bmalone667

I tried the --verbose which kicks back a dialog error.

However https://github.com/letsencrypt/letsencrypt/issues/1154 points to using --text -vvvvvv instead which gets the script to run.

Everything goes fine. files get download and copied into the .well-known/acme-challenge but then it returns The following 'urn:acme:error:unauthorized' errors were reported by the server:

I am pretty sure it's an apache indexignore issue. Cause in my httpd.conf I see where it has .?? as ignore. If i'm not mistaken this should keep "hidden" files and folders from showing up. I try to browse to ./well-known/test.html and I get a 404 error like the page doesn't exist.

I've commented out the indexignore. Restarted the apache. No joy. I've tried adding IndexIgnore Reset On and restarted with no joy as well. Until I can see into that folder I am pretty sure I am going to have issues.

Sun, 12/13/2015 - 09:53
bmalone667

So the --verbose throws a python dialog error. But using --text -vvvvvv from https://github.com/letsencrypt/letsencrypt/issues/1154 generated the information.

Turned out to be a permission issue as I suspected in Apache as I was unable to browse files in ./well-known. Apparently when I was working on this yesterday I screwed up my httpd.conf because the site I was trying to get the SSL cert was loading a different virtual host.

Rolled back my httpd.conf. restarted Apache then ran the script again. This time everything appeared to work except it wouldn't let me install the CA.

Went back into virtualmin and disabled SSL on the site. Saved. Restart Apache. Re-Enable SSL. Restart Apache. It accepted the CA at that point.

Strange thing is in VirtualMin it shows:

Web server hostname XXX.XXX Issuer name Let's Encrypt Authority X1 Issuer organization Let's Encrypt Expiry date Mar 12 14:11:00 2016 GMT Certificate type Signed by CA

And I copied the cert to webmin/usermin/etc without issue and https to those address now show a valid SSL cert! Happy happy joy joy.

But https://www.xxx.xxx still shows a self-signed cert. I've restarted Apache again with no joy. Maybe I'll just reboot the whole server and see what happens.

Sun, 12/13/2015 - 11:41
bmalone667

Ok so I think my sever is possessed :p.

Just for the record:

OS CentOS 6.7 Webmin version 1.770 Virtualmin version 4.18

So my system hostname is ns0.dummy.com <=- obviously not the real domain

and the virtualhost I am trying to set this up on is www.dummy.com. This is where I think the issue is happening.

When I go into virtualmin/Edit virtual Server/enable features/ssl website enabled things break. Once I click that on everything in dummy.com gets can't seem to find the virtualhost information and defaults to /var/www/html instead of the /home directory.

If I go back into vitualmin and uncheck SSL. restore my httpd.conf file and restart the server. Everything is back to normal.

So somewhere, somehow I think i need to change my systemhost name. I've tried in ssl.conf to change it to localhost with no joy.

Tue, 12/15/2015 - 11:43 (Reply to #14)
jochem

I havent had an issue with the system host name. My system host name is for a different domain. Are the ssl certs copied to ssl_certificates? Also if you check the signing company in your webbrowser, what does it say?

Mon, 12/14/2015 - 05:40
skelgaard

small note... cp doesn't like it when files already exists... so other rm the file or cp -f it instead

else looking forward to the plugin for virtualmin is completed

just hope there will be an on/off for each domain, so that not all need to run it.

Tue, 12/15/2015 - 11:11 (Reply to #16)
jochem

Thanks for the addition! Added it into the guide.

Tue, 12/15/2015 - 11:16
varma248

thanks :)

Wed, 12/16/2015 - 13:21
bmalone667

So this was obviously a misconfig on my part.

Inside the virtual host settings/Server Configuration/Change IP. My Shared address was my ext. IP. Once I changed the shared address to the internal IP and specified my External IP address to the correct information. Everything works great now!

Mon, 12/28/2015 - 04:58
lostandfound

This is a nice tutorial, thank you for sharing it. Would it be worth adding some common troubleshooting to the guide?

One that tripped me up: LetsEncrypt checks the URL "^.well-known/acme-challenge" on your domain. Domains running Drupal will, by default, block this URL causing LetsEncrypt to fail to generate the certificates properly. See https://community.letsencrypt.org/t/drupals-defualt-htaccess-file-breaks... for a clear solution.

Mon, 12/28/2015 - 22:46
Glock24

This is a great guide, but I was wondering it it's possible to use Letsencrypt certificates for mail server also with a different subdomain (eg. mail mydomain.com).

Tue, 12/29/2015 - 10:19 (Reply to #21)
bmalone667

If I'm not mistaken, you should be able to add -d mail.mydomain.com to the cronjob because I think it lets you do something like 10? domains. Then once you install the cert in virtualmin it should give you the option to install it into your mail system, webmin, etc.

Wed, 12/30/2015 - 21:06
midol

will you be updating this howto to include the instructions under 1.78?

Sun, 01/03/2016 - 04:35 (Reply to #23)
jochem

Hi midol,

It still works under 1.780. No need to make seperate how to's.

Sat, 01/02/2016 - 19:36
Francewhoa
Francewhoa's picture

Webmin 1.780 was release today for Debian. It includes support for Letsencrypt. It's under "Webmin -> Webmin -> Webmin Configuration -> SSL Encryption" menu -> "Let's Encrypt" tab. Anyone tried it?

- - -
Senior Product Manager, and Co-Founder at Ubertus.org Inc.
Love back your Virtualmin & Webmin community

Sun, 01/03/2016 - 04:29 (Reply to #25)
jochem

I've looked into it but it seems its only for the webmin system itself.

http://www.virtualmin.com/node/39162

Changes since 1.770:

Webmin can now request an SSL certificate for itself from Let's Encrypt, if you have the letsencrypt client command installed.
Sat, 01/02/2016 - 19:34
Francewhoa
Francewhoa's picture

Subcribing

- - -
Senior Product Manager, and Co-Founder at Ubertus.org Inc.
Love back your Virtualmin & Webmin community

Sun, 01/03/2016 - 06:37
skelgaard

The webmin intergration is fine, but what about the virtualmin intergration ?

This guide is for the virtualservers and as far as i can see this part is still missing in webmin/virtualmin

Sun, 01/03/2016 - 13:14
pwr9lp

Hi Thanks for this, works like a charme. Both on https / webmin / virtualmin / mail :-)

Regards Lars

Sun, 01/03/2016 - 19:32
Chris sutu

I worked on similars scripts that may help: https://www.virtualmin.com/node/39175

It use API for certificate instal. Maybe can be a quicker way than CP files to virtualhost user directory and make the co,figuration (Virtualmin does it for us ;-) )

Mon, 01/18/2016 - 18:49
emotler

This works perfectly for me. Thanks. The only thing I've changed is I've installed to /opt like so:

git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

I've set the cron to run every other month, so roughly every 60 days which is what letsencrypt are currently recommending.

Works a charm.

Webmin version 1.782 | Virtualmin version 5.0.gpl | Operating system Ubuntu Linux 14.04.1

Thu, 08/18/2016 - 07:28
benjamin_dk

EDIT:

Now that LetsEncrypt is part of the Webmin / Virtualmin interface, I have stopped using the script referenced below.

TIP: I spent quite some time looking for the "Webmin module config"-page in the Authentic theme where the path for the LetsEncrypt script should go. You have to press the little cogwheel at the top left on the "Webmin configuration" page,

Thanks for the guide, jochem!

I was wondering a bit about the cron entries and the way the variables are inserted.

Is it not an error when you write

MYDOMAIN: www.example.com

and then later

-d www.MYDOMAIN.net -d MYDOMAIN.net

Isn't the .net part supposed to go away?

Also - in this line:

/home/MYDOMAIN/public_html/

Isn't that supposed to be MYUSERNAMEFORDOMAIN?

I have made a script from the guidelines here, with my changes and it seems to work:

https://gist.github.com/benjamin-dk/904a16b5507be56a12e4

Bonus info: if you run into the following issue

Failed authorization procedure. <yourdomain> (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://<yourdomain>/.well-known/acme-challenge/-CFACzoI1ZDB97dSfYPWgxNMA5KDyOs97MmotTKfeoY

It might be a Drupal .htaccess related error, see

https://community.letsencrypt.org/t/drupals-defualt-htaccess-file-breaks-webroot-authentication/3014/3

Tue, 04/19/2016 - 03:35
asuweb

I've written a quick script which handles this automatically. Basically, when SSL is enabled in a virtual server, it automatically creates the letsencrypt ssl certs and sets a monthly cron.

You need to add the script to the "Virtualmin" -> "System Settings" -> "Virtualmin Configuration" -> "Command to run after making changes to a server".

Written & tested for centos/RH distros. You'll need to adjust the 4 variables at the top of the script to suit your setup. It uses the virtualmin CLI to actually install the certs so that should be universal.

#!/bin/bash
# Script created by ASU Web Services Ltd
# Script to generate letsencrypt ssl certificate.  Updated by monthly cron.

#change the below vars to match you system/setup
userdir="/home/$VIRTUALSERVER_USER";
sourcedir="/root/letsencrypt";
livedir="/etc/letsencrypt/live";
crondir="/etc/cron.monthly";
if
[[ "$VIRTUALSERVER_ACTION" = "CREATE_DOMAIN" && "$VIRTUALSERVER_SSL" = "1" ]] ||
[[ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" && "$VIRTUALSERVER_SSL" = "1" ]]; then
#create a certificate
echo "#!/bin/bash
cd $sourcedir
./letsencrypt-auto certonly --email info@$VIRTUALSERVER_DOM --agree-tos --renew-by-default -w $userdir/public_html -d www.$VIRTUALSERVER_DOM -d $VIRTUALSERVER_DOM --authenticator webroot
virtualmin install-cert --domain $VIRTUALSERVER_DOM --cert $livedir/www.$VIRTUALSERVER_DOM/cert.pem --key $livedir/www.$VIRTUALSERVER_DOM/privkey.pem --ca $livedir/www.$VIRTUALSERVER_DOM/fullchain.pem" >> /etc/cron.monthly/letsencrypt-$VIRTUALSERVER_USER
chmod 700 $crondir/letsencrypt-$VIRTUALSERVER_USER
#manually run cron script to generate certs now
sh $crondir/letsencrypt-$VIRTUALSERVER_USER
fi
# Remove cron when deleting a virtual-server or disabling ssl
if [[ "$VIRTUALSERVER_ACTION" = "DELETE_DOMAIN" ]] ||
        [[ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" && "$VIRTUALSERVER_SSL" = "0" ]]; then
  if [ -f $crondir/letsencrypt-$VIRTUALSERVER_USER ];then
    rm -rf $crondir/letsencrypt-$VIRTUALSERVER_USER
    fi
fi
Wed, 04/27/2016 - 15:14 (Reply to #33)
rrhode

That looks pretty sweet! I might have to try it. Thanks for sharing!

What about nginx, postfix, dovecot, and ftp though? Can those also be automated? Even the built-in Virtualmin one doesn't work for me with nginx for some reason though:

Requesting a certificate for example.com, www.example.com from Let's Encrypt ..
.. request failed :

Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot -d example.com -d www.example.com --webroot-path /home/example/public_html --duplicate --config /tmp/.webmin/237785_12142_2_letsencrypt.cgi
Failed authorization procedure. www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/AZz_lWbDSeYIU9Vng4rl0bJ764DJazriYnu8Wc3GYEU [xxx.xxx.xxx.xxx]: 404, example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/_mj42DTvYmdLTHKo0AslsQF6iE8QuVn95fl47JCnROI [xxx.xxx.xxx.xxx]: 404
IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: www.example.com
   Type:   unauthorized
   Detail: Invalid response from http://www.example.com/.well-known/acme-
   challenge/AZz_lWbDSeYIU9Vng4rl0bJ764DJazriYnu8Wc3GYEU
   [xxx.xxx.xxx.xxx]: 404

   Domain: example.com
   Type:   unauthorized
   Detail: Invalid response from http://example.com/.well-known/acme-
   challenge/_mj42DTvYmdLTHKo0AslsQF6iE8QuVn95fl47JCnROI
   [xxx.xxx.xxx.xxx]: 404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
Thu, 04/28/2016 - 12:05 (Reply to #34)
Kintaro

your nginx configuration doesn't permit to access to:

.well-known/acme-challenge/XXXXXXXXXXXXXXX

take a look here: https://community.letsencrypt.org/t/how-to-nginx-configuration-to-enable...

Mon, 05/02/2016 - 04:06
OliverF

Quick answer: thank you very much for the guide. It worked like a charm :) (here on debian wheezy, just made this little change to run it as root and get rid of all the sudos)

Tue, 05/10/2016 - 09:49
monsieurQ

I'm confused. Has this thread been made redundant by subsequent upgrades to Virtualmin. When I enable SSL for a server I have a Lets Encrypt tab under "Manage SSL Certificate" for that server which once enabled seems to work fine. Are further steps needed, to create the cron for example?

@asuweb I did try your script also but it failed on CentOS 6.7

Fri, 08/12/2016 - 12:08 (Reply to #37)
PlayGod

To create the cron, you choose the frequency of renewal, vs. default manual renewal.

Wed, 02/01/2017 - 18:00 (Reply to #38)
azcunaga

Indeed. The more recent versions of Virtualmin appear to have automated whatever this whole discussion is about.

Just go into Virtualmin > Server Configuration > Manage SSL > Let's Encrypt and hit "Request Certificate".

Setting up a number of months between automatic renewals seems to do the cron job you're asking about.

Fri, 08/12/2016 - 12:07
PlayGod

I just tried this feature, and let me say, it is awesome and works so quickly it feels like I am cheating!

Thu, 08/18/2016 - 09:42
Freddy63
Freddy63's picture

I found this guide to get a free SSL for a year, https://tjosm.com/3752/obtain-free-ssl-certificate-startssl/

Why is it a big deal? there are provides who offer free SSL certificates. I don't understand.

Thu, 08/18/2016 - 14:40 (Reply to #41)
andreychek

There are additional providers beginning to offer completely free SSL certificates, but Let's Encrypt changed the landscape in how they're offering their service.

The guide you linked to describes a series of steps to obtain a free SSL cert (and, to my knowledge, those free certs are only available in certain cases).

There aren't any steps to follow in using Virtualmin's Let's Encrypt support. It's simply, click the Let's Encrypt button, and you're finished. No creating an account on a remote system, no emails, no manual validation, no manual renewals. It's all immediate and automatic. Validation is handled automatically as part of their protocol. Renewals occur automatically after several months.

They really have greatly simplified the SSL process.

-Eric

Thu, 09/21/2017 - 16:40 (Reply to #42)
Cloud4G

I have used StartSSL in the past. However, the company was sold to a Chinese SSL provider who has become no longer recognized by Google Chrome, Microsoft and other popular web browsers due to issues of back-dating of certs or some such. StartSSL is now owned by a Chinese security software and services company, the one that provides 360 Total Security software for PC and mobile devices. They have said that they are in the process of regaining cert status with leading browsers and others but have not yet done so. They had said this would happen by April of 2017.
I hope they do because StartSLL offered the lowest price for corporate level certificates and had other features not (yet) provided by Letsencrypt including wildcard certs. That would allow the TLD to be certified with subdomains included under the wildcard. Their certs also worked for one or two years, depending on the type. You could certify specific email addresses and servers separately, which allowed hosting email servers more independent. The biggest benefit was the cost was less... company certs are expensive... think about it - the process can be automated once the identity of the site or business owner has been verified. Although business verification requires such things as sending of certified mail to the address of the business as registered in the business license, the process should not be so expensive.
Until StartSSL is recertified with the major web browsers it is best to not try to use them.

Sun, 03/18/2018 - 16:32 (Reply to #43)
Cloud4G

StartSSL will soon cease operation. It makes no sense to use them IMO.

Thu, 08/18/2016 - 20:15
hescominsoon

LE made it possible for me to offer easy, free ssl basic ssl connections. Most of my client opt for my second level product because free ssl is part of the package. My cost driven clients do not get that among a few other perks. Beforehand free ssl was a PITA now it is simply a checkbox..:)

Tue, 09/06/2016 - 01:57
stretch

When using virtualmin and webmin with nginx the following error occurs when trying to install Let's Encrypt certificate for webmin administration interface via "Webmin -> Webmin -> Webmin Configuration -> SSL Encryption" menu -> "Let's Encrypt". Although adding Let's Encrypt for virtualmin nginx virtual host works at a glance.

Failed to request certificate : No virtual host matching apraft.com was found

Wed, 10/05/2016 - 02:46
iboinas

Thank you so much for making this task a breeze!!

Maybe i can contribute to a bach script crongen i made to output the line for crontab

just cd /root touch crongen.sh chmod +x crongen paste below contents and update the vars ./crongen.sh

remove the dash (added beacuse of MD data)

-#!/bin/sh

EMAIL="your@email.com"

HOMEFOLDER="xxx" # where xxx is your /home/xxx/public_html

DOMAIN="iot.fastcrud.com" #domain to register

echo "01 3 1 * * cd /root/letsencrypt/ && ./letsencrypt-auto certonly --email $EMAIL --agree-tos --webroot --renew-by-default -w /home/$HOMEFOLDER/public_html/ -d $DOMAIN --authenticator webroot && cp /etc/letsencrypt/live/$DOMAIN/cert.pem /home/$HOMEFOLDER/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/$DOMAIN/chain.pem /home/$HOMEFOLDER/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/$DOMAIN/fullchain.pem /home/$HOMEFOLDER/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/$DOMAIN/privkey.pem /home/$HOMEFOLDER/ssl_certificates/privkey.pem"

Mon, 11/07/2016 - 20:53
midihipi
midihipi's picture

I get the following error when running this on debian 8 An unexpected error occurred: Bug in pythondialog: expected an empty output from u'infobox', but got: u'Error opening terminal: unknown.\n'Please see the logfile 'certbot.log' for more details.

There is a bug in letsencrypt 0.9.x with python's dialog module. Simple fix just add -n before the first -d in your chrontab command and it will not need to run interactively and not use dialog.........

Owner of Linux Nuts Professional Services

Tue, 11/08/2016 - 01:14
midihipi
midihipi's picture

But what about mail?

Owner of Linux Nuts Professional Services

Fri, 12/16/2016 - 11:17
KikoSeijo

My little version done by root, I had a general install for all the devices, and find and replace works better.

Also was asking to replace the files, y used the escape character \cp -f

Tip: Start the find and replace with MYUSERNAMEFORDOMAIN

cd /root/ && git clone https://github.com/letsencrypt/letsencrypt

mkdir /home/MYUSERNAMEFORDOMAIN/ssl_certificates

01 3 1 * * cd /root/letsencrypt/ && ./letsencrypt-auto certonly --text --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYUSERNAMEFORDOMAIN/public_html/ -d www.MYDOMAIN -d MYDOMAIN --authenticator webroot && \cp /etc/letsencrypt/live/www.MYDOMAIN/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && \cp -f /etc/letsencrypt/live/www.MYDOMAIN/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && \cp -f /etc/letsencrypt/live/www.MYDOMAIN/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && \cp -f /etc/letsencrypt/live/www.MYDOMAIN/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem && chown -R MYUSERNAMEFORDOMAIN:MYUSERNAMEFORDOMAIN /home/MYUSERNAMEFORDOMAIN/ssl_certificates

Regards.

Wed, 01/18/2017 - 02:11
iateadonut

OP,

Please write in your original post that Virtualmin now does this all automatically!

Just go to your virtual server: Server Configuration -> Manage SSL Certificates -> Let's Encrypt.

Pages

Topic locked