[Solved] Let's Encrypt, Webmin, Apache Webserver

1 post / 0 new
#1 Tue, 04/04/2017 - 05:57
just_me Pro Licensee

[Solved] Let's Encrypt, Webmin, Apache Webserver

Hi got a quick one:

I have a server, just running webmin, not virtual min, which as a domain attached and a setup, where i serve just one webapplication. I used to use start.com certificates, but that ones won't be accepted by firefox anymore. So i would have to create a new one, and thought, i should try to use letsencrypt. In Webmin i created the according cert, no prob at all, but now i am stuck. Unfortunately webmin creates just three pem files, lying around in /etc/webmin, and i tried to use them, but no avail. Also i do not have an option, of copying the cert into apache2.

So, how can i get apache2 respecting the newly created cert, also for renewal? changing the path in ssl.conf to point to the webmin .pem's won't work at all, and i would like to have some sort of automatism, so i wouldn't have to take care of it every 90 days or so.

Any help truly appreciated, since the guys, using the web app, count up to not being able to have access anymore, after firefox update is spreading....

thanks and best j_m

UPDATE: If anybody comes across this:

Change the ssl.conf in /etc/apache2/enabled-sites like this:

#SSLCertificateFile /etc/apache2/domain.tld/ssl.crt
   SSLCertificateFile /etc/webmin/letsencrypt-cert.pem
   #SSLCertificateKeyFile /etc/apache2/domain.tld/ssl.key
   SSLCertificateKeyFile /etc/webmin/letsencrypt-key.pem
   #SSLCertificateChainFile /etc/apache2/domain.tld/sub.class2.server.ca.pem
   #SSLCACertificateFile /etc/apache2/domain.tld/ca.pem
   SSLCACertificateFile /etc/webmin/letsencrypt-ca.pem

And don't forget:

service apache2 restart

Looks like my WinSCP was waiting for me to start the transmission of the edited file, so after switching off the queue it was transferred and the following apache restart did the trick.

If not, empty your browsers cache.

Bottom line: Although apache usually uses .crt, .ca, .key files, it can also work with .pem files, which wasn't clear for me in the very beginning.