Add option to LetsEncrypt to allow 'Renewal-Hooks' with Certbot built-in webserver

With people using LetsEncrypt more but don’t always use webmin dns or cant allow an html tag added into their website easily (WP site) use of the LetsEncrypt/ Certbot built-in webserver is easier.

BUT
If you have start and stop shells setup they aren’t picked up by use of webmin LetsEncrypt service.

Can you provide an addition check box that says ‘Use Renewal Hooks’ which does that ?

It would have to be ‘remembered’ for auto-renewals.

thanks
D.

SYSTEM INFORMATION
OS type and version linux deb 12 and others
Webmin version 21.02

Can you provide an example of a Certbot hook; are you referring to --pre-hook and --post-hook options?

Also, did you try configuring the command to run before and after the LE request on the “Webmin ⇾ Webmin Configuration ⇾ Configuration: Let’s Encrypt configuration” page?

:face_with_spiral_eyes:

DOH

never saw the specific Letsencrypt tab.

yes I meant the --pre-hook and --post-hook options which are usually auto run on any certbot renewals

:ok_hand:
I think that solves my problem as I can add the stop/start apache commands there…
:people_hugging:

@Jamie, do you think we could find a better place for LE-related options in Webmin?

Why would you do it? Virtualmin already does it for you.

FYI,
My issue was with Webmin as the domain in question was not managed by Virtualmin/Virtualmin Pro - hence my posting was in Webmin rather than Virtualmin

(Virtualmin seems to have that issue covered - i hope)*

I think the current place is fine, since it’s specific to SSL cert management for Webmin itself. I don’t think it makes sense to put a general-purpose Let’s Encrypt UI into Webmin, since we already have it in Virtualmin.

What about for when we run Webmin only systems?

I also had no idea where to look for that and don’t really see why it’s where it is.

In fact I can’t find where or how to use the Certbot built-in on Webmin. :frowning:

You can use Certbot’s built-in webserver to request certs at Webmin → Webmin Configuration → SSL → Let’s Encrypt, but this generates a cert only for Webmin itself.

Jamie

I concur

BUT

if you use the actual location of the webmin ssl certs as the cert location for other services then it promulgates to other services using the webmin cert. Once restarted !!

Why not ?

I just need to remember to add postfix and dovecot restarts to the restart shell command that is called (automatically) by the webmin config > ssl config > LetsEncrypt settings…

Many thanks

I suppose in theory we could add a box for custom commands to run after the cert is renewed.

Or would it be better to set a flag to the certbot command itself? That may not work, since renewal hooks are already used by Webmin to update DNS records as part of the renewal process.

Curious.
Rhel 8.10, Webmin 2.202, there is an option for Certbot built-in server.
Rhel 9.5, Webmin 2.202, there is no such option. There is no web server installed.

On RH8 it’s erroring, I haven’t looked into why yet though.

Can you check that the certbot command is installed on this system? If not, you should be able to install it with yum install certbot

Installing certbot fixes it, but yesterday a system prompted me to install certbot and did it for me.