Webmin admin over SSL with Let's Encrypt cert (SOLVED)

I just installed Ubuntu 16.04 LTS and Virtualmin/Webmin via the Virtualmin full stack install script.

I can already access Webmin and a test page on the same host over SSL, but I can’t get rid of the browser warning for Webmin (the web page using the same hostname does work fine using a Let’s Encrypt cert). I only created the Apache virtual host with the same name to see if that would help recognize the cert.

I have tried to use a Let’s Encrypt certificate, but the browser keeps saying that I have a self-signed cert.

So I have
hostname.example.tld - I can access a webpage on this domain via https with no warnings.
hostname.example.tld:10000 to access Webmin gives me an security warning.

When I open the SSL Settings tab, it is populated with the letsencrypt key, cert an ca

However, if I go to that tab and change nothing, just accept the settings there, I get the error

Failed to save SSL options : The SSL private key file /etc/webmin/letsencrypt-key.pem does not exist or does not contain a PEM format key


The file definitely exists, so I guess it’s not in the PEM format. So it still says the cert is self-signed and not trusted when I go there in my browser.

When I generate the script on the Let’s Encrypt tab, I have it set to :

Hostnames for certificate: hostname.example.com
Website root directory for validation file: /home/hostname/public_html
Copy new key and certificate to Webmin?: Yes

And when I do that, it does in fact put the certificate files in /etc/webmin, but no matter what I get the error when I try to save my settings, saying it’s not in PM format.

I would love to know what I’m doing wrong!

By the way, this is the private key in the file named /etc/webmin/letsencrypt-key.pem which is copied there when I request a key on the Let’s Encrypt tab.

I tried an online PEM validator and it rejects it too.

-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAsJD6boW1L1VVjti1X5Wu6s2EEOKOLw6m0rFnmcuIIX2MlKgX
X7l2VDtC4cevdzfHACvIaiSA8jchYPndYDZ+Mj0dL7Ho0A6cKWIiSFAUu8DQSVwX
IWW66xr1i+PKNS+BoEfeWaxhEAuVCuZHqF/sul1Xd59KT6e7BHV9Eg3A9LuM+FW0
ZeHN2gUrKw4Obw8sPaq6cF8lKf42IcL4gxqkbI8z68qjFRamgGBHaUt/gRE5saGl
nTzHRflhaALxdcSF79mVoVtPCCP2IFY8SUtlHnpm1TrnK+i1+7s+2S9Y4NVcrXu4
BNtO+HfZ5/bdOwNkBZpzPC9QZqVxGcvCseVktyvCrV4zAsI8EarkqZc8okSf8eTp
UaPBm930HNSH8p41XbeYmpivVMZ2IQbLYmXjF87vPcjyP820g52ykraWlMHODUB4
E3ZuiFpxKu6/S6YKkDQZl3OhbW1F5HmzsR4eukL9V0InnzO1ovYHRVV1x/XTImwy
6SW9pZjM6HA1bx28gWwvpO69TQT5kLtpepLIYLwJ3nijzT3IqVuzG/z1sgzjnNb4
dAclf59Z03GlIHxjHGPBSskC311b1jzAnvvs8NjPaAvbij30D8IzlnRJ4JKZNwZ5
Bt2p5ODHXJRDMy+1xZV6E07HB9MbxKKXw/N6VEN2dT9dkxHjLYsIOYv8T8MCAwEA
AQKCAgBZz+UTAwA+q3Fxz9myXTk0RoW+8P7SAOnqkkLYgCcmoe44T6hUEMqX3e0P
W7ttMPoQpDS1iQvuKQzZfz+UCSP3+g42jJCYBFZ61mgJ0HI7bsCEEEvTuSNzI6tz
FNNualPNa8E2a/CTcNDHUotwohqQUZqERopOKkt+4SRVYpmb4yq5xx6UFF/ZXneu
1t+Qrm8ajxV2w27sBVsToVE3nv20GsOWVOTPfU4ETvUEIlshE9n8+PR9HsVeWpOp
jJW2Cdj3P/5UrVVuFpzDphnUTn2JG0njfKrKMv0epwg5AVR8SQtzU1MvZT6uNIiq
7W9q7TabgwzKuGZ1UAJP1M2cH8syZ69qQ4qAJk0roPMOLp2JGPz6K4E4CTVICthI
TLMOHFDb41yYoIcDhBsOTufm61/0geon+cJ3rz3WQgP/CY+FcRVDxNBE8swoetGi
dKjJuDGCCz1kr9qpXiFKjOAuiR5AFSKoJMV4P2ucyPVcih6WGY+C+wWgUDz9g4li
wcUd8aRsC+/2kHgiouA3Q0TThrDjy1J16bFGnQBPFXQ42xsBQ0CuoTi2438CNLEg
6Sz16sPjTWVQLK0xXo9gjX1onJq5n3E4rcIqJPYAosnZKvClt0kjggH4+H/YkOfZ
E2BE3+M4wZKAGeWKoHJiPcA3nxeZGLPrD/rTUkooMflmqDO/wQKCAQEA61mpPnnl
699WG0Y9UIpNMH19/TI0Jfbd22ZDpZfsyKMsdLM243nKIui5bZY0pXDHQdPvrkMD
S4w4CTwV35aMNhVgpWKkG0ojTn/qF9yGGrr97aXPXq5Y3jDvP9Q2BonRkct9zHzH
Cr8nv0J7XczsNGSL3KrOKBGZCshQtD5IYB5X5D0OjjFordoJF2hmtUIsPYC+BAII
xSnDuBMtPUXvsFiTEDUuZEGkw6sFGz0t8efrtDEbGmojSeswVzy5xTFOS443G2xm
A94UXAF63A5H2o207Lw9K80hYw5+lt2dEW4kvSyNLdFCGP+maS4Zlqr50oI340H6
mKk0fc4S36m/HQKCAQEAwA7v81STldCF4ZVWVLyYHZxBGDkVq6Skkyt3dptIQBt/
jwKp08573tkitvTAAOaM/SytPLNnIZm5PiEVtYdxqBVnafdReZsALZezrLdpMyBu
+Znu7hDtqhfHWR9Y3N/ZvMjwcNUSu0WEFkDIviHiRD7hL1HVJ9ZVaaglYRqaAKAV
n5G/GvNTJWZ4j/HpkivA5wzViMnxk+f5MVSA2Ljw4Zi5SCZtafS0rbQrVSHbYcwd
cl6BAb0OzNhrMEwge7Lsv6vHtW9D32gT5926HzEWDAkXPaKIP1dRhfOFvonUx+a9
f5DIUm7y9WrrK7GgSuB+AoRGqwG0wX5UvhYlL7a0XwKCAQEAi+Jh9tFrOHQpcNKh
1QIu+PhN7zVsy3fcy/APmxge0+4wmTiAElqsK22Z8SnLJt5OgLDgj/oitj+ketCs
y5VmxyqTpBlqIxJAxALBd+dKCg9EqIDaLZOBHKeHPK/8YIx/9KE3p1gu0hNmI4b3
XnxTlJyCiOk42ZYEGeWQGmG+kOrYIL+trBRv/I1QxAn4qhmnw/KGfklbPx0gyIMV
a4rq+SzcVFDXvx1JOkenJFaLvXG0pghd7KhTSzcwJ1nfrPYubDgeRv158SiJf1od
1Tfju2JovCDyVtt40bCmyzLzjY2i5pHZY/cxyzwAhBmzedsr29QsNbZcpWpE2dWn
YCs7fQKCAQBSP5Ne3598jxpmqu+XxlRWie4Ok5PGN/IK3JiCgKmGWsBb3EYiYNEH
dHG7bEE1oYZLffCKiEHoT87W3pBPdzujQddRuAp6S3jeDZNyqfExZfhgiB2ccj91
kk1ay2Pg4zR59ouRpo4pCPIyHXhahGRD2bHR8/eW4eEeKFYpqZy+G9Bmz6HJxt6a
q7GB45WldXtc91ATDniYYMWE7K1pInp2AlOGpH5C2/rsULYl9SPgU+tgaTxSJEbM
TvpIarGWh99/je8usgGdERNFPt1QMlNAwDvlt08l4R0Wgl2KZbhsC1Kn6LcBJmaB
11HzGlSM/Gq6ZS9mWIqyOonMBevS7Sl9AoIBAANNz7VVCqlkAAMWjivXTkDAN8xG
FZVetlzq3bOXpQkikr0oFrzcwEF7eGrXVsqEikoFKNeyNPIyTlIobcVM4eIlIZG0
lOYROSVXfIal6I91eQAsc+0b0jjCp0j8xzHkmCY/7uuFvcCMifIvL5rS39dM69Ln
iV/V0tiV3vpiHn2b9oa0SytmcqYIrUXz7a2vhN6jrP/7HDb0lYg2VbgtHLEAzZo4
icNwflg8Tr5ld+pCKKNTfvjuR+U8J357jTnKT/aVGH5UaF7NH4mxvD2shBSi7voX
julVswbnd+JbyYe46PjgrO1ljkP32TaVgLjYc2hTKqznUvS0oX5eiE4p2Bk=
-----END RSA PRIVATE KEY-----

I think I solved it. When I generated the cert that is actually working for hostname.example.com, LE puts a few files in /home/hostname

One of them is ssl.combined

When I changed the SSL settings to point to that file, and saved, I once again got the error message saying the file did not exist or was not PEM format (even though a PEM validator said it was). But when the browser refreshed, the security warning was gone. I opened in a new browser, and it also worked with no warning.

But then when I look at the Current Certificate tab, it looks correct

Domain name hostname.example.com
Additional domains hostname.example.com
Issuer name Let’s Encrypt Authority X3
Issuer organization Let’s Encrypt
Valid until Jan 18 03:54:45 2018 GMT
Certificate type Signed by CA