I’ve been going at this for a little while but came up with the following steps to get it working. Its working on 06-12-2015 during the public BETA. If you run into issues please let me know.
Tested on:
- Host OS is Ubuntu 14.04 LTS.
- Virtualmin version: 4.18.gpl (doesn’t really matter? build 2015+)
- Webmin version 1.770 - 1.780 (doesn’t really matter? build 2015+)
Get the following right for your “variables”, fill in your own offcourse:
MYUSERNAMEFORDOMAIN: my system username known in virtualmin
MYDOMAIN: www.example.com
*** 1. First install Let’s Encrypt script/programm. ***
Login to SSH and get root privileges (root/sudo -i):
cd /home/user/ && git clone https://github.com/letsencrypt/letsencrypt
OR
cd /root/ && git clone https://github.com/letsencrypt/letsencrypt
^^ This will download the Let’s Encrypt from github with executable script
*** 2. Create your directory where you will be saving your certificate later on. Reason for this is because Virtualmin has a protection where it only allows a certificate from the user/domains directory: ***
mkdir /home/MYUSERNAMEFORDOMAIN/ssl_certificates
*** 3. Setup your cronjobs by running: “sudo crontab -e” ***
It wil probably ask you which editor, i choose Nano, once in the editor enter the following somewhere on a new line (pick the option you choose on step 1!):
01 3 1 * * cd /home/user/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem
OR
01 3 1 * * cd /root/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem
^^ Above command will copy the certificates to the correct directory after requesting them (i gave a warning in step 2). It will do this every 1st of the month during the night. The reason we do this every month is because the certs are only valid 90 days and we have plenty of time to repair if something appears to be wrong with the cert later on…
Allright! The hard part is done!
*** 3.1 Please log into your Virtualmin admin panel, Select “Webmin -> System -> Scheduled Cron Jobs”. Go to your newly created Cronjob by clicking on it and select “RUN NOW”.
*** 4. in Virtualmin, select you domain and go to “Edit virtual server”, make sure that SSL is enabled under “Enabled features”.
*** 5. Under “Server configuration” go to “Manage SSL Certificate”. Select the tab “Update Certificate and Key” and under “Signed SSL certificate” select the option “File on server”, fill in the location of the certificate:
“/home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem”
*** 6. Do the same for section “Matching private key”. Select: “/home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem”
*** 7. Click on “Install Now”.
*** 8. Switch to tab “CA Certificate”, select "In file on server " and fill in: “/home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem”
*** 9. Click on “Save Certificate”. ***
DONE! ! ! It will now update every month
Go to your website with HTTPS, what do you get???
IF you run into any issues please let me know in the comments and i’ll try to help out!
NOTE: You can’t request a lot of different certificates. You will get the message: Too many certificates already issued for: xxx. If you want a lot of certificates for subdomains please consider using a paid wildcard certificate. Letsencrypt is a service to help out (starting/small) websites.
If you like this guide and want to donate you can do so by Bitcoin: bitcoin:1gYf6whHEhLBuhEk81DFoCt65dVva94iL