I have a domain secure.domain.com and I was able to configure ports 443, 20001 and 30000 to use valid SSL certificates, however when I go to port 10000 for virtualmin or 20000 for usermin it is using the self-signed ones. How do I change the httpd.conf options for virtualmin/usermin?
Once you’ve setup your SSL certificate, you can go into System Settings -> Manage SSL Certificates, and there’s a few buttons there to help you install the certificate into Webmin/Virtualmin, Usermin, Postfix, and Dovecot.
To do what you’re asking above, you can just click the “Copy to Webmin” and “Copy to Usermin” buttons.
Thanks for getting back to me. I don’t have a “Manage SSL Certificates” section there or anywhere. I might have somehow disabled the module for it. How do I get it back?
Hrm, how did you go about setting up the SSL certificate?
Typically, you’d go into Edit Virtual Server, enable the SSL feature, and once you’ve done that, there would be a Server Configuration -> Manage SSL Certificate option available for that particular domain.
I think I know what happened. I have to:
Select the domain that has SSL enabled
Under “Server Configuration” (not “System Settings”) is where Manage SSL Certificate appears.
I think my problem was that I didn’t select the domain first since I assumed it was a “System Setting”. All is working now. Thanks.
Hah, whoops, I’m sorry, I guess I did say “Server Settings”
Sorry for leading you stray there, and glad you got it working!
Well I have a similar problem.
I have turned SSL website on for one of my virtual servers, But I don’t see the Manage SSL Certificate option under Server Configuration.
Make sure you’ve selected the domain you enabled SSL for, in the drop-down list on the top-left.
After you’ve selected the domain, if SSL is enabled, the Manage SSL Certificates link should pop up under Server Configuration.
When you go into Edit Virtual Server, and look under “Enabled Features”, is Virtualmin still showing the SSL feature as being enabled?
Hmm, that sounds like it may be the key!
What you see in the Server Template and the Account Plans is simply whether or not a given Virtual Server has permission to enable SSL.
However, to actually enable it, you would do so in the Virtual Server features.
sorry i comment in wrong post
I am in a similar situation but I have certs created using certbot-auto (let’s encrypt) months ago from command line.
Using ‘Update Certificate and Key’ tab and filling paths of let’s encrypt files I get an error “… must be under the virtual server’s home directory”
They are at /etc/letsencrypt/live/ directory.
What do you suggest?
I can move those files but I will loose auto-renew feature.
Edit 1: I copied all files from /etc/letsencrypt/live/domain.tld to /home/domain.tld
“Update Certificate and Key” and uploaded cert.pem and privkey.pem
“Copy to Webmin” and now https://host.domain.tld:10000 is secure.
Because certbot auto renew updates certs a few days before their expiration I have to implement a cron task to replace both files if those correspondant at /etc/letsencrypt have changed.
What about the “Copy to Webmin” button procedure?
What can I execute after updating cert and key files at /home… to use this certificate in Webmin?
if they are letsencrypt ones, just delete them and let virtualmin install new ones. it will renew them for you automatically anyway, so the old ones can be trashed.
Far easier to do this than stuff around copying and pasting and manually setting up cron jobs for something that virtualmin can setup for you with a the click of a single button at the start…then forget about it.
Whilst the virtualmin interface needs a street directory in order to navigate ones way around, if you let it setup everything its own way, generally, things down the track will be far more stable and predictable. Modifying things outside of defaults without being 100% sure almost always ends up in problems down the track!
Thanks Adam for your answer.
Trying to install a new certificate from Virtualmin/Let’s Encrypt some time ago I got an error message.
To reproduce it I edited a VS with a domain I only use for redirection and checked SSL option.
Then went to SSL Certificate and requested a Let’s Encrypt Cert for that domain.
This is the error message I got:
Requesting a certificate for domain.tld from Let’s Encrypt …
… request failed : Web-based validation failed : The native Let’s Encrypt client was used previously on this system, and must be used for all future certificate requests DNS-based validation failed : The native Let’s Encrypt client was used previously on this system, and must be used for all future certificate requests
So it is not that easy to revert procedures.
At this time I have a task in cron.daily to update /home/…cert&key if new versions are found at /etc/letsencrypt/…
I guess this is not enough for Webmin, that’s why I’m asking which other updates are needed to add to that script to let things the same as clicking on “Copy to Webmin” from Virtualmin Current Certificate.
Thank you again