Letsencrypt automatic certificate advice

tigerfox57 · April 3, 2025, 11:49am

SYSTEM INFORMATION
OS type and version	Raspbian Linux 12
Webmin version	2.303

Hi.

I need some advice about webmin and automatic certificate provisioning using the letencrypt tab in the ssl encryption section of webmin config.

Here’s my scenario.

I have a remote server which I administer with webmin. It is running some websites under apache. Since I am the only person who will be connecting to the webmin control panel I have given it a self signed certificate which my browser trusts. I used webmin’s letsencrypt system to obtain certificates for the websites that apache is serving. During that process, I specified not to copy new keys and certificates to webmin, as that would overwrite my own cert. I also specified to renew the certs after 1 month, just as a test.

Letsencrypt successfully provided the certs, and webmin placed them in /etc/webmin/webmin/. It also created a scheduled cron job that was visible in webmin scheduled functions.

However, when the cron job runs it overwrites the webmin certificate, and does not overwrite the website certificate. After I fix this, I can rerun the letsencrypt certificate request in the letsencrypt section and it will correctly overwrite the website certs, but only if I specify not to copy the certs to the webmin server.

So the question is, is it possible to do what I want, or will I have to manually run letsencrypt before the expiry dates, which will be somewhat annoying.

Am I missing something obvious here?

Regards, Rob.

Ilia · April 3, 2025, 12:41pm

Hello,

Thanks for the heads up!

Could you clarify that part? It’s unclear to the point of being completely misunderstood.

tigerfox57 · April 3, 2025, 12:51pm

Hi, sorry for not being clear, I’ll try ro explain.

In webmin, there’s the way ro set the ssl certificate for the webmin interface running on port 10000, which I have provided my self signed certs for, in a directory of my home user. When I make letsencrypt get a certificate for the websites that apache is serving on port 443, I have to select the option “no” in “copy new key and certificare to Webmin”, otherwise webmin will then use that certificate for the webmin control panel. When the cron job runs, that option does not seem to be being checked, and so the webmin cert (my self signed cert) is overwritten.

Ilia · April 3, 2025, 1:55pm

Ah, I found the issue causing it! Could you apply the following patch and let me know if it resolves the problem on your end:

webmin patch https://patch-diff.githubusercontent.com/raw/webmin/webmin/pull/2447.patch

tigerfox57 · April 3, 2025, 3:02pm

Hi. I think it has worked.

I applied the patch, it modified three files, then I restarted webmin. I then went into the letsencrypt tab and pulled a new cert for one of the websites, which suceeded. I then went into the scheduled webmin tasks section and ran the cron job that had been created. Previously this had caused the webmin panel cert to be overwritten, but this time the just created website certs were correctly overwritten.

So it looks like things are working as expected. Fingers crossed anyway.

Thank you for your help, much appreciated.