Using letsencrypt by default

SYSTEM INFORMATION
OS type and version Ubuntu 22.04.3 LTS
Webmin version Latest

Hello everyone,

I’m joining the WebMin community after a few years on ispConfig.

I manage my hosting, mainly wordpress and wordpress MU + Nextcloud sites.

I’ll be the only one handling webmin and virtualmin.

I started to deploy a new vps to be able to transfer my data from the old VPS.

I’m having trouble understanding how to manage SSL certificates.
I usually use letsencrypt for my websites. In webmin I found 3 different places to manage the SSL aspect.

What I’d like is for the SSL-LetsEncrypt option to be deployed by default when creating a virtual space for a new site with a new domain. Or select it at the end of the virtual space deployment process.

And I’m thinking, would it be better if each certifications file were stored in the directory of each site created? But maybe it’s better if all letsencrypt files are stored in the same place?

Is this possible simply via webmin? Is there any specific documentation on this configuration aspect?

Thank you very much.

Howdy,

I highly recommend using Virtualmin for what you’re trying to do.

You can get it set up by following the guide at:

virtualmin.com/download

Furthermore, Virtualmin is set up to automatically request a Let’s Encrypt certificate when you create a new virtual server. If you need to, you can also request one manually by going to to the Manage Virtual Server ⇾ Setup SSL Certificate page.

Hi Ilia, thanks.
but I’m not sure to have not well configure webmin from the begining. For exampel, I created a test website :
https://test.democrasite.com
In Virtualmin > Web Configuration > SSL Options path is ;

/etc/ssl/virtualmin/170649223375891/ssl.combined

Is it the classic way to do ?

Thanks

Indeed, Virtualmin defaults to storing virtual server SSL certificates in the /etc/ssl/virtualmin directory. This setup safeguards against accidental deletion of SSL certificates by users from their home directories, which could otherwise cause the webserver to fail to start.

Ok, make sense. But I still have a doubt about my Webmin > Webmin Configuration > SSL Encryption > Let’s Encrypt I have as settings :

Options for new SSL certificate

Website root directory for validation file

O  Apache virtual host matching hostname 

O  A different Apache virtual host  : test.kameleon.fr

O  **Other directory  : /var/www/html is selected**

O  Use DNS domains for validation

Which option is the best to simplify the creation of my websites.

Thanks for your help

You never need to look at Webmin->Webmin Configuration->SSL Configuration.

Just connect to Webmin on your system on any hostname hosted in Virtualmin that has a certificate. Webmin will answer on any IP on the system, and IP will serve the right SSL certificate, assuming Virtualmin is managing a certificate for the domain.

Hi Joe, ok that’s fine with me actually. What is or how do you reset these settings to default if at all possible?

I wanted to enable https on the webmin:10000 page, so I created a virtual server for the domain used for the installation with a letencrypt certificate request, but it locked me out of the admin panel completely, impossible to reconnect.

You can also now enable a LetsEncrypt SSL on the Webmin/Virtualmin host name

Virtualmin --> System Settings --> Virtualmin Configuration --> Configuration category: SSL Settings --> Create host default domain with Let's Encrypt certificate: Yes

NB: unless you know why, don’t use the keep visible option

@shoulders Thanks, but as I said, I’m kicked out of the panel. I prefer to reinstall all the vps, I was a fresh install with start settings ajustements.

Just a small point though, I haven’t (or yet) found a simple explanation of the various steps to be carried out in order to enable https on the webmin/virtualmin installation domain.

I understand that at installation time the system creates a self-signed certificate and that you can then replace it with a LetsEncrypt certificate, for example.

But do I need to create a Virtualmin virtual server for the domain connected to the webmin panel, which will be used to request a certificate from LetsEncrypt? And if so, will Webmin itself replace the original self-signed certificate (or its paths) with the one generated by webroot?

I have to admit that I didn’t find this very clear in the documentation and got a bit lost.

In any case, what I’ve retained for this aspect is to check that the configuration option for certifcates is set to “apache” and its paths, and also to choose that all certificates are centralized in webmin and then everything happens in virtualmin for the web hosting part.

Thanks for your help, I’ll just have to redo the installation :slight_smile:

turn the option on above and the hostname.myvirtualminserver.com will get a cert and the you can use 10000 port aswell.

Also check my notes. Use Ctrl+F

https://quantumwarp.com/kb/articles/34-web-server/1016-my-virtualmin-notes

It is a complete setup article (assuming you have already done a Linux minimal install)

1 Like

Wow, it’s a Webmin bible :slight_smile: Thanks :wink:

1 Like

if you use FireFox and the headingsmap plugin in to generate a TOC (table of contents) it will make it even better and easier to use.

I’m asking to myself, but guys, it was a pain to solve it !!

Problem:

**Obtaining an SSL certificate for Webmin on the latest version of Virtualmin (your Panel)**.

Solution:

Create a virtual server with the same domain name as the one chosen during the installation of Webmin/Virtualmin. For example, if the domain name is panel.mondomain.org, create a virtual server with this name.
Go to "Manage Virtual Server" > "SSL Certificate Configuration" > "Let's Encrypt" and request the generation of a certificate.
Go back to the "Current Certificate" tab and at the bottom of the page, click the button to use the certificate for:
*Webmin (panel.mondomain.org)*
*Webmin (global)*
*Usermin (host panel.mondomain.org)*
*Usermin (global)*
*Dovecot (host panel.mondomain.org)*
*Dovecot (global)*
*Postfix (host panel.mondomain.org)*
*Postfix (global)*

Important points:

Virtualmin handles all necessary redirects.
This solution allows you to obtain an SSL certificate for Webmin and other services such as Usermin, Dovecot, and Postfix.

Damned, it’s confusing…

Ok, I fresh install new VPS + Webmin-Virtualmin = OK

To do it, before I changed hosts and hostname with “my.webmin.srv.com” = default domain server.

After that I create a virtualserver “my.newwordpress.com” and ask let’s encrypt cert for just this domain = ok https is enabled for this domain.

But my webmin panel is still not in https.

My question is ; do I need create a new VirtualServer for “my.webmin.srv.com” to obtain let’encrypt cert to it ? Or for the default domain (WebMin panel) there is another way ?

Thanks for your lights

VPS / Debian12/Webmin-Virtualmin GPL last version

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.