3

Getting SSL certificates for virtual servers on Webmin is easy with Let's Encrypt. But how do you setup automatic SSL renewal for Webmin itself using Let's Encrypt?

Bram z
  • 157
  • 1
  • 13

1 Answers1

4

Set up a cron job (sudo crontab -e) that renews your certificate. This line renews the certificate every Sunday at midnight and uses the domain deltik.org, the webroot /home/deltik/public_html/, and the email address my-email-address:

0 0 * * 0 /usr/bin/letsencrypt certonly --email "my-email-address" --agree-tos --renew-by-default --webroot -w /home/deltik/public_html/ -d deltik.org

Run the command to make sure that it works before turning it into a cron job. If successful, the example command above would update the folder /etc/letsencrypt/live/deltik.org/ with four files, cert.pem, chain.pem fullchain.pem, and privkey.pem.

Then, in Webmin » Webmin Configuration » SSL Encryption » SSL Settings » SSL support, configure:

Webmin SSL configuration

Set the following, where YOURDOMAIN.TLD is the domain of the certificate you are automatically regenerating:

  • Enable SSL?: Yes
  • Private key file: /etc/letsencrypt/live/YOURDOMAIN.TLD/privkey.pem
  • Certificate file: Separate file: /etc/letsencrypt/live/YOURDOMAIN.TLD/cert.pem
  • Additional certificate files (for chained certificates): /etc/letsencrypt/live/YOURDOMAIN.TLD/chain.pem

These same configuration options can be set in the file /etc/webmin/miniserv.conf:

ssl=1
keyfile=/etc/letsencrypt/live/YOURDOMAIN.TLD/privkey.pem
certfile=/etc/letsencrypt/live/YOURDOMAIN.TLD/cert.pem
extracas=/etc/letsencrypt/live/YOURDOMAIN.TLD/chain.pem

Restart Webmin if necessary:

sudo service webmin restart
Deltik
  • 19,353
  • 17
  • 73
  • 114
  • What is the Webroot used for? The cerficate should be for the (Ubuntu) Server. When i run this command: `/opt/letsencrypt/letsencrypt-auto certonly --email "mail@example.com" --agree-tos --renew-by-default --webroot -w /home/what_for/public_html -d s1.example.com` I get a failed authorizing error – Bram z Dec 25 '16 at 22:03
  • @Bramz: That command assumes that you're running a website for the domain on the same server. Different people's setups will vary. If you have another way to generate new certificates for the Webmin URL, you'll have to work out an equivalent command accordingly. The goal is to make a command to generate the certificate without user interaction so that it can be run as a cron job. – Deltik Dec 25 '16 at 22:15
  • One common case: If your Ubuntu Webmin URL without `:10000` leads to the the default/catch-all page, then your webroot would be `/var/www/html/` or the default server webroot. Alternatively, you can create a new virtual server for your `s1.example.com` and use its webroot, whatever you set it to be. – Deltik Dec 25 '16 at 22:22
  • OMG!!!! I've been working this for two days!!!! You are an awesome individual. A million points to you. – arcee123 Oct 31 '18 at 03:53