Letsencrypt Cert for Webmin/Virtualmin panel itself

Hi, quite a newbie here. I have installed successfully Virtualmin on CentOS 7 and am running Nextcloud, Wordpress and Lime Survey with it. Everything is working out great. Webmin/Virtualmin itself has the domain virtualmin.domain.tld, nextcloud cloud.domain.tld. and so on. It was no problem to get the letsencrypt Cert for the applications with the help of the built-in SSL functions of Virtualmin.

My question: How can I get a Letsencrypt certificate for virtualmin.domain.ltd, in other words Webmin/Virtualmin itself? I got stuck at Webmin/Webmin Configuration/SSL/Letsencrypt. The documentation https://doxfer.webmin.com/Webmin/Let's_Encrypt does not really help.

Any ideas?


Hi, you should be able to do this easy. if you have host virtualmin.domain.tld then issue the ssl cert for domain.tld. once the cert is issued and in a place then go to the tab > Current SSL certificate and there use buttons > COPY to webmin, virutalmin mail etc… copy it for whatever service you need it. Once ssl cert is copied, you can load virtualmin.domain.tld:your-port with lets encrypt ssl cert without problem and also when that cert will be renewed, virtualmin will copy new cert automatically. I will give you some screenshots so you know where to look… just give me few moments.

Edit: Attached screenshots

As seen on screenshot you can follow it (I am not on centos but I believe that its same for all distros).

  1. select your desired domain.tld then on selected domain click on server configuration and under that click on manage ssl certificate
  2. there click on Lets encrypt tab (you may want to setup some stuff there like auto renewal request etc…)
  3. click request certificate button
  4. click back to current certificate tab and check if the issuer organisation is really lets encrypt
  5. use following buttons (COPY TO…) to copy that cert into your webmin. Once you copy them you would be able to use ssl from lets encrypt on your host aka virtualmin.domain.tld:10000 and so on.
  6. Note: once you copy the cert with those buttons you would see that it is in use for selected function (the button you have been clicked on) and from that time, webmin will be doing this automatically when the certificate is renewed. You may log out from webmin, clean cache in your browser and reload the page:10000 and you done. It should works right a way. If you run into trouble with this somehow, just let me know.

original img size

original img size

Im in hope that this helped you or someone else, somehow… Have good day :slight_smile:

Thank you so much! It works like a charm!

Great @kosmonaut_75, keep virtualmin great by using it and sharing the knowledge somehow :slight_smile: - if you could… thanks.

Problems with Copy to Dovecot button
SSL Certificate
In domain MyDomain.com

Copying certificate and key to Dovecot files …
… wrote out certificate and CA in /home/me/domains/sub.MyDomain.com/ssl.cert, and key in /home/me/domains/sub.MyDomain.com/ssl.key
Enabling SSL in Dovecot configuration …
… done

Why is it copying cert/key to a subdomain that it is not listed in Domain names listed here?
After doing that Copy to Dovecot button is still there and This SSL certificate is already being used by : Webmin, Usermin, Postfix, ProFTPD
Dovecot is not listed.
Moreover, from Dashboard I see Dovecot IMAP / POP3 Server has stopped and won’t start.
From log file:
config: Warning: /etc/dovecot/dovecot.conf line 224: Global setting ssl_cert won’t change the setting inside an earlier filter at /etc/dovecot/dovecot.conf line 105 (if this is intentional, avoid this warning by moving the global setting before /etc/dovecot/dovecot.conf line 105)
Same for key
sub.MyDomain.com has its own cert/key
I don’t remember but it is possible I tried in the past to include sub.MyDomain.com cert in MyDomain.com cert. At this time it is not listed.
Looking at dovecot.conf I see confs like
local_name domain.com {
ssl_cert = </home/domain/ssl.cert
ssl_key = </home/domain/ssl.key

That sub.MyDomain.com was not included in its local_name. Both cert/key were isolated so I manually included them in their own local_name
Started Dovecot service again but failed.
Rebooted and it was running again.
But Copy to Dovecot button is still there despite
local_name MyDomain.com {
ssl_cert = </home/me/ssl.cert
ssl_key = </home/me/ssl.key

is included in dovecot.conf

Copy certificate to Postfix/dovecot…and right there is where things go pearshaped.

I never copy virtual server SSL certs to Postfix. Postfix is not running from virtual server, it’s running from webmin. Copying a virtual server SSL to Postfix over writes your webmin postfix ssl cert for the vps server itself. I am thinking
You don’t want to do that if you are hosting multiple domains on a single shared IP address that belonged to the server itself.

I’m stuck here also.
My question is, how to properly configure multiple virtual servers with one certificate?
When client configuring email, it gets warning message that certificate does not match for that domain. However, marking permanent exception everything works.

1 Like