just wanting to check the procedure for renewing server LEts Encrypt ssl certificate using the command line.
Can I just follow the certbot website instructions as is? (btw there are shared hosted domains on this server owned by clients that are working fine, so I don’t want to stuff up their ssl certs…only change the webmin and now i suppose also the primary website one so its the same as webmin) https://certbot.eff.org/lets-encrypt/debianstretch-apache
I thought I had the right ssl cert (after the notification from letsencrypt a few days ago about a bug), however, for some reason my webmin SSL (which is the same as my primary website and virtual server) is now being blocked by browsers…so I cant access my webmin system via virtualmin interface at all even though the actual website ssl is accessible in same web browsers without any errors!
primary website = domain.com (works in web browsers without any ssl errors)
webmin = webmin.domain.com:10000 (I have no access to virtualmin due to ssl error)
(where domain.com in both of the above is identical and uses the same lets encrypt certificate and renewal cron in virtualmin)
[root@debug-centos7 ~]# virtualmin generate-letsencrypt-cert
Missing --domain parameter
Requests and installs a Let's Encrypt cert for a virtual server.
virtualmin generate-letsencrypt-cert --domain name
[--host hostname]*
[--default-hosts]
[--renew months]
[--size bits]
[--staging]
[--check-first | --validate-first]
[--web | --dns]
[root@debug-centos7 ~]# virtualmin help generate-letsencrypt-cert
Requests and installs a Let's Encrypt cert for a virtual server.
The server must be specified with the "--domain" flag, followed by a
domain name. By default the certificate will be the for either previously
used hostnames for Lets Encrypt, or the default SSL hostnames for the
domain. However, you can specify an alternate list of hostnames with the
"--host" flag, which can be given multiple times. Or you can force use of
the default SSL hostname list with "--default-hosts".
If the optional "--renew" flag is given, automatic renewal will be
configured for the specified number of months in the future.
To have Virtualmin attempt to verify external Internet connectivity to
your domain before requesting the certificate, use the "--check-first"
flag. This will detect common errors before your Lets Encrypt service
quota is consumed.
To have Virtualmin perform a local validation check of the domain, use the
"--validate-first" flag. This is automatically enabled when
"--check-first" is set.