| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu Linux 22.04.3 |
| Webmin version | 2.105 |
| Usermin version | 2.005 |
| Virtualmin version | 7.8.2 |
Just wondering if it’s possible to modify the default scripts Virtualmin uses to distribute the SSL certs to apps to include copying to somewhere custom (Say BIND), and also restarting the service when updating certs. I know Let’s Encrypt can do this on it’s own, but I used VirtualMin to setup everything else, would hate to brake something.
Thanks.
I am sure it is possible to make changes to the code → but you will be responsible for maintaining your changes. AND of course when Virtualmin is updated your changes will be overwritten.
It is your VM you can do what you want with it. the only question you have to justify to yourself is WHY?
The why is easy. Lots of services (including BIND/NAMED) offer TLS encryption built in (in this specific case, DoT) so I can access DNS via “private DNS” on my mobile. Most of these apps run with reduced permission by design, and are not part of the superuser group, therefore cannot access the certificate, and even if they could, they need to be restarted upon acquisition of a new cert to load it. Yes, I suppose I could run a reverse proxy from NGINX, but that consumes more resources then just running BIND w/ TLS alone, and it’s really not hard to tap the unencrypted traffic between NGINX and BIND/any other micro service setup this way.
Anyhow, I was just hoping I missed something in the documentation and there was something like the hooks that come with LetsEncrypt CertBot, seeming as VirtualMin wants to manage all the SSL certs it only seems sensible that it should be able to distribute them to whatever else may need them on the system.
As I said “I’m sure it is possible” maybe even a simple change to be incorporated. But this does look like a one-off case so perhaps not something worth the investment of the team’s time. I was not trying to put you off implementing it yourself just warning about being aware that there would be a high risk of any such work outside the basic Virtualmin would be likely to be overwritten by updates. Though your alternative would be less likely and probably a more solid route.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.