Let's Encrypt certificate for Virtualmin host itself? [SOLVED]

richb-hanover · March 11, 2022, 1:27pm

SYSTEM INFORMATION
OS type and version	Ubuntu 18.04
Webmin version	1.990
Cloudmin version	N/A
Virtualmin version	6.17-3 Pro

I am using Webmin 1.990 and Virtualmin 6.17-3 Pro on a Ubuntu 18.04 VPS.

I have Let’s Encrypt certificates working (and automatically renewing) for all the Virtualmin servers.

I would like to install a Let’s Encrypt certificate for my Webmin/Virtualmin console.

I would also like to experiment with a Let’s Encrypt certificate for a “silly website” I also run on that server. I’m hopeful that I could combine that server’s dns name into the Webmin certificate.

Where an I find documentation for doing this? Many thanks.

calport · March 11, 2022, 1:37pm

This might do the trick:

create a virtual server with the hostname of the Virtualmin server
apply a SSL certificate
access Virtualmin on port 10000 of the hostname

Or don’t do 1 through 3 and access Virtualmin on port 10000 of any domain that is currently hosted on that server.

Joe · March 11, 2022, 3:26pm

Why? Just login to Webmin on the hostname of one of your Virtualmin managed domains. Webmin will use the cert for that domain name.

Webmin can request Let’s Encrypt certs for itself in Webmin the Webmin SSL configuration page, but it’s trickier, since it has less certainty about how things are setup than Virtualmin does.

Joe · March 11, 2022, 3:28pm

I think this is automatically done during Virtualmin installation, if it can be done and the hostname resolves. (This automatic domain is a “free” domain for Pro users. And it can’t have mail, for some technical reasons that are the same reasons we tell people don’t name your server the same as a domain you’ll be managing in Virtualmin.)

I’m ambivalent about whether this is a good feature (mostly leaning toward “not a good feature”, but Ilia and Jamie like it, so it stays). I think I prefer keeping things simple and just using Virtualmin domain names to login to Virtualmin. Then you don’t have to ever think about the name of the server itself…which is mostly irrelevant.

richb-hanover · March 11, 2022, 4:18pm

Kaboom! (Sound of a mind exploding! )

Works a treat! I just used https://one-of-my-other-domains:1234 (where 1234 is the port for my Webmin instance…)

Thanks, Joe!

technicalw · March 14, 2022, 7:20am

because cloudflare rejects connection other than on port 80 and 443.
I now created a sub server on nginx, with this conf to overcome this problem:

	location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass         "https://127.0.0.1:10000";
		proxy_set_header Host $host; # MAGIC
    }
	location /.well-known/acme-challenge/ {
	allow all;
	}

or maybe I should just edit each virtual server and add

	location /webmin {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass         "https://127.0.0.1:10000";
		proxy_set_header Host $host; # MAGIC
    }

system · March 22, 2022, 7:20am

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.