Letsencrypt Cert for Webmin/Virtualmin panel itself

5 posts / 0 new
Last post
#1 Thu, 10/18/2018 - 12:45
kosmonaut_75

Letsencrypt Cert for Webmin/Virtualmin panel itself

Hi, quite a newbie here. I have installed successfully Virtualmin on CentOS 7 and am running Nextcloud, Wordpress and Lime Survey with it. Everything is working out great. Webmin/Virtualmin itself has the domain virtualmin.domain.tld, nextcloud cloud.domain.tld. and so on. It was no problem to get the letsencrypt Cert for the applications with the help of the built-in SSL functions of Virtualmin.

My question: How can I get a Letsencrypt certificate for virtualmin.domain.ltd, in other words Webmin/Virtualmin itself? I got stuck at Webmin/Webmin Configuration/SSL/Letsencrypt. The documentation https://doxfer.webmin.com/Webmin/Let%27s_Encrypt does not really help.

Any ideas?

Sat, 10/20/2018 - 04:41
unborn
unborn's picture

@kosmonaut_75

Hi, you should be able to do this easy. if you have host virtualmin.domain.tld then issue the ssl cert for domain.tld. once the cert is issued and in a place then go to the tab > Current SSL certificate and there use buttons > COPY to webmin, virutalmin mail etc.. copy it for whatever service you need it. Once ssl cert is copied, you can load virtualmin.domain.tld:your-port with lets encrypt ssl cert without problem and also when that cert will be renewed, virtualmin will copy new cert automatically. I will give you some screenshots so you know where to look.. just give me few moments.

Edit: Attached screenshots

As seen on screenshot you can follow it (I am not on centos but I believe that its same for all distros).

  1. select your desired domain.tld then on selected domain click on server configuration and under that click on manage ssl certificate
  2. there click on Lets encrypt tab (you may want to setup some stuff there like auto renewal request etc..)
  3. click request certificate button
  4. click back to current certificate tab and check if the issuer organisation is really lets encrypt
  5. use following buttons (COPY TO...) to copy that cert into your webmin. Once you copy them you would be able to use ssl from lets encrypt on your host aka virtualmin.domain.tld:10000 and so on.
  6. Note: once you copy the cert with those buttons you would see that it is in use for selected function (the button you have been clicked on) and from that time, webmin will be doing this automatically when the certificate is renewed. You may log out from webmin, clean cache in your browser and reload the page:10000 and you done. It should works right a way. If you run into trouble with this somehow, just let me know.

scr1original img size

scr2original img size

Im in hope that this helped you or someone else, somehow.. Have good day :)

Configuring/troubleshooting Debian servers is always great fun

Contact me directly ? GPG/PGP supported!

Sat, 10/20/2018 - 14:39
kosmonaut_75

Thank you so much! It works like a charm!

Thu, 11/01/2018 - 12:38 (Reply to #3)
unborn
unborn's picture

Great @kosmonaut_75, keep virtualmin great by using it and sharing the knowledge somehow :) - if you could... thanks.

Configuring/troubleshooting Debian servers is always great fun

Contact me directly ? GPG/PGP supported!

Sun, 12/01/2019 - 15:55
DanielStonek

Problems with Copy to Dovecot button
SSL Certificate In domain MyDomain.com

Copying certificate and key to Dovecot files .. .. wrote out certificate and CA in /home/me/domains/sub.MyDomain.com/ssl.cert, and key in /home/me/domains/sub.MyDomain.com/ssl.key Enabling SSL in Dovecot configuration .. .. done
Why is it copying cert/key to a subdomain that it is not listed in Domain names listed here?
After doing that Copy to Dovecot button is still there and This SSL certificate is already being used by : Webmin, Usermin, Postfix, ProFTPD
Dovecot is not listed.
Moreover, from Dashboard I see Dovecot IMAP / POP3 Server has stopped and won't start.
From log file:
config: Warning: /etc/dovecot/dovecot.conf line 224: Global setting ssl_cert won't change the setting inside an earlier filter at /etc/dovecot/dovecot.conf line 105 (if this is intentional, avoid this warning by moving the global setting before /etc/dovecot/dovecot.conf line 105)
Same for key
sub.MyDomain.com has its own cert/key
I don't remember but it is possible I tried in the past to include sub.MyDomain.com cert in MyDomain.com cert. At this time it is not listed.
Looking at dovecot.conf I see confs like

local_name domain.com {
ssl_cert = </home/domain/ssl.cert   
ssl_key = </home/domain/ssl.key   
}

That sub.MyDomain.com was not included in its local_name. Both cert/key were isolated so I manually included them in their own local_name
Started Dovecot service again but failed.
Rebooted and it was running again.
But Copy to Dovecot button is still there despite

local_name MyDomain.com {
ssl_cert = </home/me/ssl.cert   
ssl_key = </home/me/ssl.key   
}

is included in dovecot.conf