This page will provide instructions for requesting a Let's Encrypt SSL certificate in Virtualmin.

Prerequisites

• Ensure that the domain is added to Virtualmin and is properly configured.

Steps to request a Let's Encrypt certificate

1. Log into Virtualmin: Access your Virtualmin control panel by logging in with your administrator credentials.

2. Select the Domain: In the navigation menu, from the drop-down menu on the top-left, select the domain you want to secure with an SSL certificate.

3. Navigate to SSL Options: After selecting the domain, go to "Server Configuration -> SSL Certificate".

4. Let's Encrypt Tab: Inside the "SSL Certificate" section, find and click on the "Let's Encrypt" tab.

5. Configure Let's Encrypt Options:

   • Request certificate for: By default, Virtualmin will request a certificate for your main domain and any aliases. Make sure all the domain variations you want covered are listed (like www and non-www versions).
   • Automatically renew certificate: It is recommended to enable automatic renewal of the SSL certificate. Let's Encrypt certificates are only valid for 90 days.

6. Request the Certificate: Click the "Request Certificate" button. Virtualmin will contact the Let's Encrypt servers to request the certificate.

7. Installation: If the request is successful, Virtualmin will automatically install the certificate for your domain.

Post-Installation

• Verify the Installation: Check your website by visiting https://yourdomain.com to ensure the SSL certificate is active.
• Force HTTPS: Consider redirecting all HTTP traffic to HTTPS for security. This can be done under "Server Configuration -> Website Options" page with "Redirect all requests to SSL site" option.

Troubleshooting Common Issues

Please note that Virtualmin is designed to handle the Let's Encrypt SSL certificate request and installation process automatically. However, if there have been manual changes made to the configuration files or specific server settings, these could interfere with the process. If you encounter issues, consider the following points for troubleshooting:

• DNS: If Let's Encrypt cannot verify your domain, ensure your DNS settings are correct and propagated.

  1. Verify DNS Records: Ensure that both the A (IPv4) and AAAA (IPv6) DNS records for your domain are correctly pointing to your server's IP addresses. These records should be configured with your domain registrar or DNS provider.
  2. Consistency Between DNS and Web Server:
     • IPv4 and IPv6 Consistency: Make sure that both the IPv4 and IPv6 addresses in your DNS records match the IP addresses configured on your web server.
     • Virtual Host Configuration: In Virtualmin, check that your virtual host configuration for the domain includes settings for both IPv4 and IPv6 if applicable. This is often relevant for Apache or Nginx webservers.
  3. Check for Propagation: After making any changes to DNS records, wait for them to propagate. This can take anywhere from a few minutes to 48 hours, depending on the TTL (Time To Live) settings of your DNS records.

• Check for HTTP to HTTPS redirection: Before requesting a Let's Encrypt certificate, ensure that your server is not redirecting HTTP traffic to HTTPS for the domain in question. Let's Encrypt needs to access a specific URL on your domain (e.g. http://yourdomain.com/.well-known/acme-challenge/) to verify domain ownership. If all traffic is redirected to HTTPS before the certificate is installed, this verification can fail.

• Correct Virtual Host Configuration: Make sure the Apache or Nginx virtual host for your domain is correctly configured and pointing to the right document root.

If you encounter any errors during the process, the error messages provided by Virtualmin are often helpful in diagnosing the issue. Be sure to check them if anything goes wrong.