Let's Encrypt autorenewal

I just checked the new built in Let’s Encrypt feature in webmin 1.791. Securing a website is so much easier. No custom scripts, not even a need to install letsencrypt. Brilliant.

I have a few question about the Let’s Encrypt renewals:

  1. If setting the renewal to “manual”: Do I get warning (on the info page or by email) if a certificate for a hosted domain is (almost) expired?

2a) What does “Months between automatic renewal” do? Is a cron job that renews certificates?

2b) Would it not be handier to have a “autorenew 15 days before expiration” option?

2c) Does automatic renewal also automatically copy the certificates to Dovecot, Postfix, Webmin and Usermin if those are enabled?

Good questions, I cant find much documentation about this, and such an important service too! Did you mange to find your answers? Thanks

  1. You get no reminders either way; but if you have auto-renewal working, it should email you to tell you it was updated, if it does so successfully.

2a) Probably a cron job, yes. It renews the cert. The “Let’s Encrypt” certs are good for, I believe, only 4 months. Then you have to renew. If you set the auto-renewal for 4 months, you might have a non-working website for a day or two, so I set mine for 3 months. No attempt was made to alert us that the certs were only good for 4 months, and I have no idea why, then, that anyone would not want it auto-renewed by default.

2b) Tell that to these guys. There are lots of things that need to be polished up.

2c? Why could this not be #4?) No. I have found that I have to do it manually. Fun! Also, use this carefully. You cannot arrange for each of your virtual server domains to have their certs installed in Dovecot, etc., since each of these services currently only allows for one cert installed at a time. So, when you change the active virtual server to another domain, go to Manage SSL Certificate and press one of those buttons, you’re just overwriting the other domain’s cert you’d installed earlier. Yes, this still applies when accessing Virtualmin/Webmin at your domain’s name. You’ll get an invalid cert warning if you happen to be using one of your other domains than the one whose cert you “copied to webmin”. ugh.