Hi, quite a newbie here. I have installed successfully Virtualmin on CentOS 7 and am running Nextcloud, Wordpress and Lime Survey with it. Everything is working out great. Webmin/Virtualmin itself has the domain virtualmin.domain.tld, nextcloud cloud.domain.tld. and so on. It was no problem to get the letsencrypt Cert for the applications with the help of the built-in SSL functions of Virtualmin.
My question: How can I get a Letsencrypt certificate for virtualmin.domain.ltd, in other words Webmin/Virtualmin itself? I got stuck at Webmin/Webmin Configuration/SSL/Letsencrypt. The documentation https://doxfer.webmin.com/Webmin/Let's_Encrypt does not really help.
Hi, you should be able to do this easy. if you have host virtualmin.domain.tld then issue the ssl cert for domain.tld. once the cert is issued and in a place then go to the tab > Current SSL certificate and there use buttons > COPY to webmin, virutalmin mail etc… copy it for whatever service you need it. Once ssl cert is copied, you can load virtualmin.domain.tld:your-port with lets encrypt ssl cert without problem and also when that cert will be renewed, virtualmin will copy new cert automatically. I will give you some screenshots so you know where to look… just give me few moments.
Edit: Attached screenshots
As seen on screenshot you can follow it (I am not on centos but I believe that its same for all distros).
select your desired domain.tld then on selected domain click on server configuration and under that click on manage ssl certificate
there click on Lets encrypt tab (you may want to setup some stuff there like auto renewal request etc…)
click request certificate button
click back to current certificate tab and check if the issuer organisation is really lets encrypt
use following buttons (COPY TO…) to copy that cert into your webmin. Once you copy them you would be able to use ssl from lets encrypt on your host aka virtualmin.domain.tld:10000 and so on.
Note: once you copy the cert with those buttons you would see that it is in use for selected function (the button you have been clicked on) and from that time, webmin will be doing this automatically when the certificate is renewed. You may log out from webmin, clean cache in your browser and reload the page:10000 and you done. It should works right a way. If you run into trouble with this somehow, just let me know.
Problems with Copy to Dovecot button SSL Certificate
In domain MyDomain.com
Copying certificate and key to Dovecot files …
… wrote out certificate and CA in /home/me/domains/sub.MyDomain.com/ssl.cert, and key in /home/me/domains/sub.MyDomain.com/ssl.key
Enabling SSL in Dovecot configuration …
… done
Why is it copying cert/key to a subdomain that it is not listed in Domain names listed here?
After doing that Copy to Dovecot button is still there and This SSL certificate is already being used by : Webmin, Usermin, Postfix, ProFTPD
Dovecot is not listed.
Moreover, from Dashboard I see Dovecot IMAP / POP3 Server has stopped and won’t start.
From log file: config: Warning: /etc/dovecot/dovecot.conf line 224: Global setting ssl_cert won’t change the setting inside an earlier filter at /etc/dovecot/dovecot.conf line 105 (if this is intentional, avoid this warning by moving the global setting before /etc/dovecot/dovecot.conf line 105)
Same for key sub.MyDomain.com has its own cert/key
I don’t remember but it is possible I tried in the past to include sub.MyDomain.com cert in MyDomain.com cert. At this time it is not listed.
Looking at dovecot.conf I see confs like local_name domain.com {
ssl_cert = </home/domain/ssl.cert
ssl_key = </home/domain/ssl.key
}
That sub.MyDomain.com was not included in its local_name. Both cert/key were isolated so I manually included them in their own local_name
Started Dovecot service again but failed.
Rebooted and it was running again.
But Copy to Dovecot button is still there despite local_name MyDomain.com {
ssl_cert = </home/me/ssl.cert
ssl_key = </home/me/ssl.key
}
is included in dovecot.conf
Copy certificate to Postfix/dovecot…and right there is where things go pearshaped.
I never copy virtual server SSL certs to Postfix. Postfix is not running from virtual server, it’s running from webmin. Copying a virtual server SSL to Postfix over writes your webmin postfix ssl cert for the vps server itself. I am thinking
You don’t want to do that if you are hosting multiple domains on a single shared IP address that belonged to the server itself.
I’m stuck here also.
My question is, how to properly configure multiple virtual servers with one certificate?
When client configuring email, it gets warning message that certificate does not match for that domain. However, marking permanent exception everything works.