How to update Let's Encrypt SSL Certs via CLI

SkaFan · March 4, 2026, 12:39pm

SYSTEM INFORMATION
OS type and version	Rocky 9.7
Webmin version	2.621
Virtualmin version	8.1 GPL

If I renew the LE Certs

certbot renew --force-renewal

I get new Certs save into

Certificate Path: /etc/letsencrypt/live/domain.tld/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.tld/privkey.pem

Is there one easy command thatr Virtualmin will check locally for new Certs and installed them?
Virtualmin help brought only this up

SSL certificates
----------------
list-certs                Output the certificates for some or all virtual
                          servers
generate-acme-cert        Requests and installs an SSL cert for a virtual
                          server
generate-cert             Generate a new self-signed cert or CSR for a virtual
                          server
generate-letsencrypt-cert Requests and installs an SSL cert for a virtual
                          server
install-cert              Replace the SSL certificate or private key for a
                          virtual server
install-service-cert      Copy the cert and key from a virtual server to some
                          other service
list-certs-expiry         Output the certificates expiry date for matching or
                          all existing virtual servers
list-service-certs        Output a virtual server's certificates used by other
                          services
get-ssl                   Output SSL certificate information for a domain

Nothing there sounds like it would be right for me…

SkaFan · March 4, 2026, 12:55pm

I think I got it…

nano /path/to/script.sh
virtualmin install-cert --domain “$DOMAIN”
–cert “$RENEWED_LINEAGE/cert.pem”
–key “$RENEWED_LINEAGE/privkey.pem”
–ca “$RENEWED_LINEAGE/chain.pem”

as a hook…

nano /etc/crontab
0 0 1 * * root certbot renew --force-renewal --deploy-hook /path/to/script.sh --quiet

and virtualmin will gets the domain names from certbot… i hope…

Yes I know Virtualmin does keeps the Certs up-to-date by itself…
But Im planing to use SSL Certs for other services too… and therefor I would like to have all the same certs.
And by using /etc/corntab it will be all in one place…

Ilia · March 4, 2026, 4:05pm

This is not the correct approach. You should not use certbot renew with Virtualmin.

While it might work, it isn’t the recommended way. Virtualmin manages its own scheduled cron jobs, which typically run every 5 minutes by default.

Simply request an SSL certificate for the domain in “Manage Virtual Server ⇾ Setup SSL Certificate: SSL Certificate” page, set “Automatically renew certificate” to “Yes”, and let Virtualmin handle the process automatically.

system · March 12, 2026, 4:05pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.