How to install SSL for hostname for webmin/usermin access?

3 posts / 0 new
Last post
#1 Tue, 07/18/2017 - 05:22
amityweb

How to install SSL for hostname for webmin/usermin access?

I've always used the self signed certificates for webmin and usermin access. I just accept the warning in Chrome and proceed, always worked for years.

Recently Chrome wont do it. It says "You cannot visit www.xyz.com right now because the website sent scrambled credentials that Chrome cannot process"

So I tried adding the hostname as a virtual server, then adding Lets Encrypt. That works when visiting the hostname in the browser. But when I copy it to Webmin and Usermin, it doesn't work for those. It still shows its Not Secure in Chrome.

This is on many of my severs, I have tried in the past to do it for others and gave up.

Recently I started manually messing with moving certificates around in the file system, and editing config files, from some instructions on other websites, but this did not seem right.

So I wondered, what is the proper way to get this to work? I would think Copying to Webmin and Usermin should just make it work right away, but it never does, so what other steps are needed?

Thanks

Tue, 07/18/2017 - 20:19
applejack

Hi

The way I do it is

  1. My server uses a FQDN server.mydomain.com and for the mail mail.mydomain.com
  2. I set up a virtual server using mydomain.com and generated a cert to cover the 2 domains above plus mydomain.com and www.mydomain.com using Certbot.
  3. You do not need to copy the cert files but just point to them in Webmin, Usermin, Postfix and Dovecot i.e. /etc/letsencrypt/live/mydomain.com/privkey.pem and /etc/letsencrypt/live/mydomain.com/cert.pem and /etc/letsencrypt/live/mydomain.com/fullchain.pem (where needed)
  4. I created a script and cron job which runs once a week to renew all server certificates after which you just need to restart Apache plus other services if the main server domain cert has been renewed which is only every 3 months. The script emails me telling me which domains have been updated.

N.B. Using certbot and an automated script for renewal is much easier BUT beware if you start using certbot then you can no longer create or renew certs via the Virtual servers Let's Encrypt function.

Also if you need Python 2.7 you can use Software Collections as updating the main version certainly on Centos 6 will kill your server as you will no longer be able to use Yum.

Thu, 06/20/2019 - 07:04
castris
castris's picture

Is possible without use Cerbot,. Use instead acme.sh Webmin hostname SSL Let's encrypt uando acme.sh

Yo sólo se que no se nada