I did it. (lol)
I ran that option 2:
/letsencrypt-auto certonly --renew-by-default -c /etc/letsencrypt/cli.ini
And experienced some confusion in the /etc/letsencrypt/live directory. Since i had created one cert before for another subdomain, it created the new SAN cert not with servername, although i had this first in my domain list, but with the existing subdomain. So i cleared all folders by removing all content in all folders and ran that command again. And guess what? it worked. Now the live folder contains server02.example.com folder with all other files.
Then i moved on to change virtualmins virtual host config so it can use the new cert.
You wrote
but you should be able to globally set the default SSLCertificateFile, SSLCertificateChainFile and SSLCertificateKeyFile.
Instead setting it globally i did it in the virtualhost conf file.
i found out that the options are this:
SSLCertificateFile /etc/letsencrypt/live/server02.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server02.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/server02.example.com/fullchain.pem
Since i am still running apache 2.4.7, i think the SSLCertificateChainFile setting you mentioned is here the SSLCACertificateFile, so i set it like above.
then
service apache2 restart
....
Next i opened the domain where i changed the config file and it showed the green lock in front and opening the cert it says:
DSA Root Level 3 has identified this site as:
whatever.com
This connection to the server is encrypted.
Show certificate yields this:
issued for: server02.example.com
issued by Let’s Encdrypt Authority X3
So as far as i came here, i think this should work.
Next is to put this certs in place with Postfix, Dovecot and Virtualmin.
I put it within Webminconfig, which was working, when i pointed it to letsencrypt folder. If i view the cert in Webmin it shows me the additional domains, so that is working too.
In Virtualmin i have the option to copy certs into dovecot, proftpd and postfix, but i haven’t found something within webmin for the webmin cert yet.
If i cant find anything i will need to do it manually.
But didn’t think i would get so far.
Thanks again.
Best
PS: If i am through with everything i will put together an according guide for this, because it is hard to figure everything out and work your way. But it is fun and you learn a lot, as you pointed out above.