This is a great guide, but I was wondering it it’s possible to use Letsencrypt certificates for mail server also with a different subdomain (eg. mail mydomain.com).
If I’m not mistaken, you should be able to add -d mail.mydomain.com to the cronjob because I think it lets you do something like 10? domains. Then once you install the cert in virtualmin it should give you the option to install it into your mail system, webmin, etc.
will you be updating this howto to include the instructions under 1.78?
Subcribing
Webmin 1.780 was release today for Debian. It includes support for Letsencrypt. It’s under “Webmin -> Webmin -> Webmin Configuration -> SSL Encryption” menu -> “Let’s Encrypt” tab.
Anyone tried it?
I’ve looked into it but it seems its only for the webmin system itself.
http://www.virtualmin.com/node/39162
Changes since 1.770:
Webmin can now request an SSL certificate for itself from Let’s Encrypt, if you have the letsencrypt client command installed.
Hi midol,
It still works under 1.780. No need to make seperate how to’s.
The webmin intergration is fine, but what about the virtualmin intergration ?
This guide is for the virtualservers and as far as i can see this part is still missing in webmin/virtualmin
Hi
Thanks for this, works like a charme.
Both on https / webmin / virtualmin / mail 
Regards Lars
I worked on similars scripts that may help:
https://www.virtualmin.com/node/39175
It use API for certificate instal.
Maybe can be a quicker way than CP files to virtualhost user directory and make the co,figuration (Virtualmin does it for us 
)
This works perfectly for me. Thanks. The only thing I’ve changed is I’ve installed to /opt like so:
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
I’ve set the cron to run every other month, so roughly every 60 days which is what letsencrypt are currently recommending.
Works a charm.
Webmin version 1.782 | Virtualmin version 5.0.gpl | Operating system Ubuntu Linux 14.04.1
I’ve written a quick script which handles this automatically. Basically, when SSL is enabled in a virtual server, it automatically creates the letsencrypt ssl certs and sets a monthly cron.
You need to add the script to the “Virtualmin” -> “System Settings” -> “Virtualmin Configuration” -> “Command to run after making changes to a server”.
Written & tested for centos/RH distros. You’ll need to adjust the 4 variables at the top of the script to suit your setup. It uses the virtualmin CLI to actually install the certs so that should be universal.
#!/bin/bash
# Script created by ASU Web Services Ltd
# Script to generate letsencrypt ssl certificate. Updated by monthly cron.
#change the below vars to match you system/setup
userdir="/home/$VIRTUALSERVER_USER";
sourcedir="/root/letsencrypt";
livedir="/etc/letsencrypt/live";
crondir="/etc/cron.monthly";
if
[[ “$VIRTUALSERVER_ACTION” = “CREATE_DOMAIN” && “$VIRTUALSERVER_SSL” = “1” ]] ||
[[ “$VIRTUALSERVER_ACTION” = “MODIFY_DOMAIN” && “$VIRTUALSERVER_SSL” = “1” ]]; then
#create a certificate
echo “#!/bin/bash
cd $sourcedir
./letsencrypt-auto certonly --email info@$VIRTUALSERVER_DOM --agree-tos --renew-by-default -w $userdir/public_html -d www.$VIRTUALSERVER_DOM -d $VIRTUALSERVER_DOM --authenticator webroot
virtualmin install-cert --domain $VIRTUALSERVER_DOM --cert $livedir/www.$VIRTUALSERVER_DOM/cert.pem --key $livedir/www.$VIRTUALSERVER_DOM/privkey.pem --ca $livedir/www.$VIRTUALSERVER_DOM/fullchain.pem” >> /etc/cron.monthly/letsencrypt-$VIRTUALSERVER_USER
chmod 700 $crondir/letsencrypt-$VIRTUALSERVER_USER
#manually run cron script to generate certs now
sh $crondir/letsencrypt-$VIRTUALSERVER_USER
fi
Remove cron when deleting a virtual-server or disabling ssl
if [[ “$VIRTUALSERVER_ACTION” = “DELETE_DOMAIN” ]] ||
[[ “$VIRTUALSERVER_ACTION” = “MODIFY_DOMAIN” && “$VIRTUALSERVER_SSL” = “0” ]]; then
if [ -f $crondir/letsencrypt-$VIRTUALSERVER_USER ];then
rm -rf $crondir/letsencrypt-$VIRTUALSERVER_USER
fi
fi
That looks pretty sweet! I might have to try it. Thanks for sharing!
What about nginx, postfix, dovecot, and ftp though? Can those also be automated? Even the built-in Virtualmin one doesn’t work for me with nginx for some reason though:
Requesting a certificate for example.com, www.example.com from Let’s Encrypt …
… request failed :
Updating letsencrypt and virtual environment dependencies…
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot -d example.com -d www.example.com --webroot-path /home/example/public_html --duplicate --config /tmp/.webmin/237785_12142_2_letsencrypt.cgi
Failed authorization procedure. www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/AZz_lWbDSeYIU9Vng4rl0bJ764DJazriYnu8Wc3GYEU [xxx.xxx.xxx.xxx]: 404, example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/_mj42DTvYmdLTHKo0AslsQF6iE8QuVn95fl47JCnROI [xxx.xxx.xxx.xxx]: 404
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.example.com
Type: unauthorized
Detail: Invalid response from http://www.example.com/.well-known/acme-
challenge/AZz_lWbDSeYIU9Vng4rl0bJ764DJazriYnu8Wc3GYEU
[xxx.xxx.xxx.xxx]: 404Domain: example.com
Type: unauthorized
Detail: Invalid response from http://example.com/.well-known/acme-
challenge/_mj42DTvYmdLTHKo0AslsQF6iE8QuVn95fl47JCnROI
[xxx.xxx.xxx.xxx]: 404To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
your nginx configuration doesn’t permit to access to:
.well-known/acme-challenge/XXXXXXXXXXXXXXX
take a look here:
https://community.letsencrypt.org/t/how-to-nginx-configuration-to-enable-acme-challenge-support-on-all-http-virtual-hosts/5622
Quick answer: thank you very much for the guide. It worked like a charm
(here on debian wheezy, just made this little change to run it as root and get rid of all the sudos)
I’m confused. Has this thread been made redundant by subsequent upgrades to Virtualmin. When I enable SSL for a server I have a Lets Encrypt tab under “Manage SSL Certificate” for that server which once enabled seems to work fine. Are further steps needed, to create the cron for example?
@asuweb I did try your script also but it failed on CentOS 6.7
I just tried this feature, and let me say, it is awesome and works so quickly it feels like I am cheating!
To create the cron, you choose the frequency of renewal, vs. default manual renewal.
EDIT:
Now that LetsEncrypt is part of the Webmin / Virtualmin interface, I have stopped using the script referenced below.
TIP: I spent quite some time looking for the “Webmin module config”-page in the Authentic theme where the path for the LetsEncrypt script should go. You have to press the little cogwheel at the top left on the “Webmin configuration” page,
Thanks for the guide, jochem!
I was wondering a bit about the cron entries and the way the variables are inserted.
Is it not an error when you write
MYDOMAIN: www.example.com
and then later
-d www.MYDOMAIN.net -d MYDOMAIN.net
Isn’t the .net part supposed to go away?
Also - in this line:
/home/MYDOMAIN/public_html/
Isn’t that supposed to be MYUSERNAMEFORDOMAIN?
I have made a script from the guidelines here, with my changes and it seems to work:
https://gist.github.com/benjamin-dk/904a16b5507be56a12e4
Bonus info: if you run into the following issue
Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http:///.well-known/acme-challenge/-CFACzoI1ZDB97dSfYPWgxNMA5KDyOs97MmotTKfeoY
It might be a Drupal .htaccess related error, see
I found this guide to get a free SSL for a year,
https://tjosm.com/3752/obtain-free-ssl-certificate-startssl/
Why is it a big deal? there are provides who offer free SSL certificates. I don’t understand.