There is an option towards the lower portion of the page: Click on the option to automatically renew and put in the number of months. I usually set that for 2 months. The letsencrypt cert expires in 3 months.
ah ok, I’ll keep an eye on the dates for expiry then. pity it’s only 3 months.
You are a fucked genius!!
Much much respect for you! 
I am using letsencrypt on two VPS with Centos 7.4, NGINX, PHP7.1, MariaDB 10.2. The servers are fresh installs using the newest virtualmin/Webmin 6.x install script.
The letsencrypt cert installs so long as you have your domain pointed to the server’s IP address and it has had time to propagate.
Some hints:
If you are changing the IP address that the domain points to, first set the domain DNS catch time ($ttl) to be short, like 1200-2400 so that the DNS servers on the web will refresh. This can be set a day or more before. Letsencrypt uses the domain IP as it finds it. If it points to the old/wrong address, the cert request will be rejected. Point the domain to the new IP of the server. This is done at your domain host.
Set up the reverse PTR for the domain you wish to host your email server. This often requires a request of the server host. Some VPS providers allow a user to set their own reverse PTR, others require this via a service ticket or a call. This is not necessary for Letsencrypt to issue a certificate. However, if you wish for your mail server to be recognized by Google and other email services or want to encrypt emails, it has become needed.
I usually request additional sub-domains including mail.myserver.com. This may not be necessary, however, Letsencrypt issues a cert that includes proper subdomains.
Letsencrypt has worked ‘out of the box’ on a fresh install as described above. In the past, I installed letsencrypt from the command line but the new Virtualmin install script appears to take care of that. You may need to install the Webmin module. See the tutorials for how to do that.
I can manually copy the certificate in subdomains…?
I’ve read that the next Virtualmin release will let you enter whatever hostnames you like for inclusion in the Let’s Encrypt cert request
Virtualmin/Webmin do not control what domain names are accepted by Letsencrypt. The domain name must be the fully qualified domain name that is registered with the domain’s registrar. Letsencrypt allows use of subdomains that resolve to the FQDN. See the Letsencrypt documents for a full explanation. Virtualmin automates the process: the form guides the user to fill in parameters that are input in the certificate request to Letsencrypt. It does not allow doing anything different than can be accomplished using the Letsencrypt Certbot ACME client script or similar script.
The Letsencrypt website has good documentation and blog info. And there are many tutorials including those for different servers including the popular versions of Linux and, Apache, NGINX, Virtualmin. An alternative to using Virtualmin is to use command-line interface and set up a CRON job. That is what Virtualmin does when the option to renew is selected. I have done both. Virtualmin/Webmin now does it all for you.
On the “auto” renewal …
This is the default - "Months between automatic renewal {tick box - off} Only renew manually {tick box - on} 2 "
I believe this means that auto-renewal is on, but the layout is a tad weird / confusing and it is hard to know until the 2 months are up.
Any idea.
I see that as a minor issue and not worth making any changes. If the server is set up properly. the Virtualmin LE module has always worked for me and it is easy to request a new cert if a mistake is made.
My biggest issue with certifications is that an automated process must be limited to domain or other type of certification that a BOT can verify without additional documents or process steps. That means that it is extremely unlikely that LE can ever be extended to eCommerce business or another type of certification that requires verification of the business or individual making the request. Commercial class certs are far more expensive than they could be if the certification process could be made streamlined from end-to-end. If, for example, the certificate authority that issues the cert had access to a clearinghouse for state and local business license records and those records required similar verification as currently done by each cert authority. Then the Class II/III cert could be automated similar to Letsencrypt. That would probably not result in commercial certs being free but since all providers would have a lower and much-streamlined cost basis, would drive down the cost dramatically and make the process much easier for the business. Since businesses must already pay for and maintain their business licenses, that would reduce duplication of something that has to be dealt with each time a server is moved or changed such that it normally requires reissue of a cert. Maybe that will happen over time. It might be available in some parts of the world due to government action in that direction.
I totally agree with all your comments. In regards to the dialog, I was just looking at it all wrong! (operator error!), but I do (still) believe that a link to the “Lets Encrypt Agreement” should be provided on that page with a check box that asks to agree / disagree. It is something you have to do if run manually using the scripts and Virtualmin really should give the option.
I’m one of those “photographer / geeks” that runs their own web server so I can totally control the galleries with my photographs. I’m in the reverse position of all the companies because getting three or four certificates was just too darn expensive, at least a registered company can write off the cost on operating expenses. But looking at your idea for the process to automatically scan business records, but the Class II/III cert has become such a cash cow for companies like GoDaddy I could really see them pushing back.
And of course, this is all happening because some one (Google?) decided that everything has to be encrypted, when in fact it does not. The only reason I have gone this route is to stop visitors to my galleries getting the impression that “they are “not secure””, when in fact, they are perfectly secure as I’m not asking for any information!
StartSSL will soon cease operation. It makes no sense to use them IMO.
Letsencrypt has released a new version of the Achme BOT that can do wildcard certificates and has some other added features. Wildcard certs can cover a host of subdomains so that individual subdomains requests would not be required. For example, if your cert request had been set up to for mail.mydomain.com, mydomain.com and server.mydomain.com, a valid Achme 2 request could be either for *.mydomain.com or for *.mydomain.com, mydomain.com.
To use the V2 cert requires a V2 Achme client. That should usually be done through a standard upgrade.
Can someone write simple steps, commands on latest virtualmin so that auto renewal works?
Currently auto renewal is not working as it gives an error related to permission error on ACME directory.
Dear jochem,
I installed a new server running from AWS and using webmin/virtualmin. We create a new virtual server and loaded the website code but the moment we moved our nameservers to cloudflare and enabled SSL from from there, we are getting too many redirect error on the website.
We tried so many options by disabling SSL and what not but nothing is working.
ip address of our server is 13.233.141.234 and the website name is softtests.com.
Can you pls help us. how do i provide you with the server user id and password. pls let me know.
I have attached the apache2 folder zip so that you can check whats casing this issue. Posting the conf file for your reference
File#1
**************************sites-enabled/sottests.com.confFile***************************************
<VirtualHost 172.31.31.117:80>
SuexecUserGroup “#1001” “#1001”
ServerName softtests.com
ServerAlias www.softtests.com
ServerAlias mail.softtests.com
ServerAlias webmail.softtests.com
ServerAlias admin.softtests.com
DocumentRoot /home/softtests/public_html
ErrorLog /var/log/virtualmin/softtests.com_error_log
CustomLog /var/log/virtualmin/softtests.com_access_log combined
ScriptAlias /cgi-bin/ /home/softtests/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/softtests/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php7.0
FCGIWrapper /home/softtests/fcgi-bin/php7.0.fcgi .php
FCGIWrapper /home/softtests/fcgi-bin/php7.0.fcgi .php7.0
<Directory /home/softtests/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.softtests.com
RewriteRule ^(.) https://softtests.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.softtests.com
RewriteRule ^(.) https://softtests.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.0
FcgidMaxRequestLen 1073741824
Alias /dav “/home/softtests/public_html”
<Location /dav>
DAV on
AuthType Basic
AuthName “softtests.com”
AuthUserFile /home/softtests/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php7.0
RewriteEngine off
RedirectPermanent / https://www.softtests.com
<VirtualHost 172.31.31.117:443>
SuexecUserGroup “#1001” “#1001”
ServerName softtests.com
ServerAlias www.softtests.com
ServerAlias mail.softtests.com
ServerAlias webmail.softtests.com
ServerAlias admin.softtests.com
DocumentRoot /home/softtests/public_html
ErrorLog /var/log/virtualmin/softtests.com_error_log
CustomLog /var/log/virtualmin/softtests.com_access_log combined
ScriptAlias /cgi-bin/ /home/softtests/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/softtests/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php7.0
FCGIWrapper /home/softtests/fcgi-bin/php7.0.fcgi .php
FCGIWrapper /home/softtests/fcgi-bin/php7.0.fcgi .php7.0
<Directory /home/softtests/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.softtests.com
RewriteRule ^(.) https://softtests.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.softtests.com
RewriteRule ^(.) https://softtests.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.0
FcgidMaxRequestLen 1073741824
Alias /dav “/home/softtests/public_html”
<Location /dav>
DAV on
AuthType Basic
AuthName “softtests.com”
AuthUserFile /home/softtests/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php7.0
RewriteEngine off
SSLEngine on
SSLCertificateFile /home/softtests/ssl.cert
SSLCertificateKeyFile /home/softtests/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
RedirectPermanent / https://www.softtests.com
**************************sites-enabled/sottests.com.confFile***************************************
File#2
**************************sites-available/sottests.com.confFile***************************************
<VirtualHost 172.31.31.117:80>
SuexecUserGroup “#1001” “#1001”
ServerName softtests.com
ServerAlias www.softtests.com
ServerAlias mail.softtests.com
ServerAlias webmail.softtests.com
ServerAlias admin.softtests.com
DocumentRoot /home/softtests/public_html
ErrorLog /var/log/virtualmin/softtests.com_error_log
CustomLog /var/log/virtualmin/softtests.com_access_log combined
ScriptAlias /cgi-bin/ /home/softtests/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/softtests/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php7.0
FCGIWrapper /home/softtests/fcgi-bin/php7.0.fcgi .php
FCGIWrapper /home/softtests/fcgi-bin/php7.0.fcgi .php7.0
<Directory /home/softtests/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.softtests.com
RewriteRule ^(.) https://softtests.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.softtests.com
RewriteRule ^(.) https://softtests.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.0
FcgidMaxRequestLen 1073741824
Alias /dav “/home/softtests/public_html”
<Location /dav>
DAV on
AuthType Basic
AuthName “softtests.com”
AuthUserFile /home/softtests/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php7.0
RewriteEngine off
RedirectPermanent / https://www.softtests.com
<VirtualHost 172.31.31.117:443>
SuexecUserGroup “#1001” “#1001”
ServerName softtests.com
ServerAlias www.softtests.com
ServerAlias mail.softtests.com
ServerAlias webmail.softtests.com
ServerAlias admin.softtests.com
DocumentRoot /home/softtests/public_html
ErrorLog /var/log/virtualmin/softtests.com_error_log
CustomLog /var/log/virtualmin/softtests.com_access_log combined
ScriptAlias /cgi-bin/ /home/softtests/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/softtests/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php7.0
FCGIWrapper /home/softtests/fcgi-bin/php7.0.fcgi .php
FCGIWrapper /home/softtests/fcgi-bin/php7.0.fcgi .php7.0
<Directory /home/softtests/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.softtests.com
RewriteRule ^(.) https://softtests.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.softtests.com
RewriteRule ^(.) https://softtests.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.0
FcgidMaxRequestLen 1073741824
Alias /dav “/home/softtests/public_html”
<Location /dav>
DAV on
AuthType Basic
AuthName “softtests.com”
AuthUserFile /home/softtests/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php7.0
RewriteEngine off
SSLEngine on
SSLCertificateFile /home/softtests/ssl.cert
SSLCertificateKeyFile /home/softtests/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
RedirectPermanent / https://www.softtests.com
**************************sites-available/sottests.com.confFile***************************************