Virtualmin comes with options to manage SSL certificates for each of your domains. You can have commercial SSL certificates or free Let’s Encrypt certificates for each of your domains. This post will help you install Let’s Encrypt SSL certificate with Virtualmin.
Let’s Encrypt is a great way to obtain free SSL certificates for your domains. Certificates from letsencrypt are issued after a quick DNS verification. It’s done programmatically. Which means you need to configure your domain DNS to point to the server before requesting a SSL certificate from Let’s Encrypt.
Installing a commercial certificate is different from installing a Let’s Encrypt certificate. Follow my instructions to install NameCheap SSL certificate on Virtualmin if you’re looking for a commercial solution. But free SSL from Let’s Encrypt is sufficient for most webmasters.
I’m going to assume you already have Virtualmin installed on your VPS and have added your domain to Virtualmin. Or else this tutorial won’t work for you.
Install Let’s Encrypt SSL certificate with Virtualmin
Start by login to Virtualmin with root user account. And then select your domain name from the list on left sidebar. Domain will be already selected if you only have one domain. Now navigate to Server Configuration > Manage SSL Certificates from the left sidebar.
As you can see from the above image, your domain is already assigned with a self-signed SSL certificate. But these certificates are not trusted by web browsers. That is why you saw a security warning when you first try to login to Virtualmin. But we’re going to fix that. Click Let’s Encrypt to switch to Let’s Encrypt settings. Here you can generate a free certificate for your domain or subdomain.
You can use Domains associated with this server option if you’re requesting a certificate for your root domain. You need to have both www and non-www versions of your domain pointing to your server to pass the verification. Or you can select Domain names listed here option and type the domain name in the text box to request certificate for single version of your domain.
You should use Domain names listed here option for your subdomains because Virtualmin try to request certificate for your subdomain with and without www with Domains associated with this server option. This will cause verification to fail.
Next, type 2.9 in the text box next to Months between automatic renewal. This will make sure your SSL certificate gets automatically renewed before 3 months. Let’s Encrypt SSL certificates are only valid for 3 months.
Now click Request Certificate to install Let’s Encrypt SSL certificate with Virtualmin. Assuming you have DNS setup properly, your certificate will be obtained from Let’s Encrypt and will be installed on your domain. You can now open https version of your website with your favorite browser to enjoy the shiny green padlock icon.
Copy Let’s Encrypt SSL Certificate to Virtualmin
Although your domain is configured with SSL now, Virtualmin isn’t. You’ll still get a security warning when accessing Virtualmin from port 10000. We can fix this by copying generated Let’s Encrypt SSL certificate file to Virtualmin. But remember, only do this if you’re accessing Virtualmin from the domain name SSL certificate was issued for. Or you’ll still get a security warning.
Go back to Server Configuration > Manage SSL Certificates and click Copy to Webmin. That’s it. Certificate will be applied to Virtualmin and port 10000 will also be protected with the new certificate. You might have to restart your browser to see the changes.
Thanks for the nice hint. Could have it found and dome myself – but Virtualmin is quite a learning curve and a bit heavy on resources. And I’m greatful for guys endervering and spending time for lazy dummies like me…
Hi,
I am having issues in installig Free SSL from Let’s Encrypt. I need urgent help to resolve it please.
The error i encountered is:
.. request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for extrememega.com
http-01 challenge for mail.extrememega.com
http-01 challenge for http://www.extrememega.com
Using the webroot path /home/extrememega/public_html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. http://www.extrememega.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.extrememega.com/.well-known/acme-challenge/wMs3Ap0jaWJfQ72H2mYStHuwHkcfQ-gbO7v364v03WI: Connection reset by peer
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: http://www.extrememega.com
Type: connection
Detail: Fetching
http://www.extrememega.com/.well-known/acme-challenge/wMs3Ap0jaWJfQ72H2mYStHuwHkcfQ-gbO7v364v03WI:
Connection reset by peer
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
DNS-based validation failed : Neither DNS zone extrememega.com or any of its sub-domains exist on this system
Please I need help to correct this