So far, I didn't bother myself with adding SSL to the websites I host (basically: "you want me to host you, cool, but don't bother me with SSL"), however the announcement that Chrome was going to block non-SSL websites worked as a good motivation, let us delicately say.
Could I just ask you for a confirmation, please, regarding the way to install it and have it run?
Basically, if I understood it right, today in 2018, we only have to
And this is it? Are we done, are no further steps required at all, now whoever asks for the https version of the website of that virtual host, will have it work properly?
Sorry to ask, I have no sandbox on hand, and I wouldn't want to screw up any website :)
Thanks if you have the time to confirm (or disconfirm) it to me!
I'm sparing possible future readers the chore of enduring reading everything below: YES, IT WORKS LIKE THAT! Thank you Virtualmin! :D
However, if you are behind Cloudflare, it is possible that some subdomains created automatically by Virtualmin were not automatically added to the DNS records of Cloudflare (thus, won't be "served" to the rest of the internet), and in that case those subdomains will block the auto-configuration as Virtualmin tries to run it.
In that case, it would give this result:
requesting a certificate for domain-name-that-I-censor.tld, www.domain-name-that-I-censor.tld, autoconfig.domain-name-that-I-censor.tld, autodiscover.domain-name-that-I-censor.tld from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :
autoconfig.domain-name-that-I-censor.tld challenge did not pass: DNS problem: NXDOMAIN looking up A for autoconfig.domain-name-that-I-censor.tld
In that case, simply, the solution is to go to Cloudflare, DNS records options, and manually add the subdomains that Virtualmin attempts to register, in the present case, autoconfig and autodiscover, as A with the same IP as the other entries. Once you've done that, Let's Encrypt will succcessfully work with Cloudflare.
Sorry for all those edits, but I'm the kind of guy who solves his problems with information found in support forums, I can't be the only one here, so allow me to gather all the info in the opening post, in case it helps future anons :)
If you're cloudflare. It may be worth to mention.
Once you have installed the certificate in Virtualmin, if you are with Cloudflare, please do remember to go to your Cloudflare account, Crypto menu, and choose "SSL (strict)". Otherwise you'll have wasted time trying to figure out why your website reverts back to HTTP or is flagged with an invalid certification ;)