Install Let’s Encrypt SSL Certificate for Domain with Virtualmin

Serve your website securely over https with free SSL certificate from Let's Encrypt

Virtualmin comes with options to manage SSL certificates for each of your domains. You can have commercial SSL certificates or free Let’s Encrypt certificates for each of your domains. This post will help you install Let’s Encrypt SSL certificate with Virtualmin.

Let’s Encrypt is a great way to obtain free SSL certificates for your domains. Certificates from letsencrypt are issued after a quick DNS verification. It’s done programmatically. Which means you need to configure your domain DNS to point to the server before requesting a SSL certificate from Let’s Encrypt.

Installing a commercial certificate is different from installing a Let’s Encrypt certificate. Follow my instructions to install NameCheap SSL certificate on Virtualmin if you’re looking for a commercial solution. But free SSL from Let’s Encrypt is sufficient for most webmasters.

I’m going to assume you already have Virtualmin installed on your VPS and have added your domain to Virtualmin. Or else this tutorial won’t work for you.

Install Let’s Encrypt SSL certificate with Virtualmin

Start by login to Virtualmin with root user account. And then select your domain name from the list on left sidebar. Domain will be already selected if you only have one domain. Now navigate to Server Configuration > Manage SSL Certificates from the left sidebar.
Virtualmin Manage SSL Certificates

As you can see from the above image, your domain is already assigned with a self-signed SSL certificate. But these certificates are not trusted by web browsers. That is why you saw a security warning when you first try to login to Virtualmin. But we’re going to fix that. Click Let’s Encrypt to switch to Let’s Encrypt settings. Here you can generate a free certificate for your domain or subdomain.
Virtualmin Letsencrypt

You can use Domains associated with this server option if you’re requesting a certificate for your root domain. You need to have both www and non-www versions of your domain pointing to your server to pass the verification. Or you can select Domain names listed here option and type the domain name in the text box to request certificate for single version of your domain.

You should use Domain names listed here option for your subdomains because Virtualmin try to request certificate for your subdomain with and without www with Domains associated with this server option. This will cause verification to fail.

Next, type 2.9 in the text box next to Months between automatic renewal. This will make sure your SSL certificate gets automatically renewed before 3 months. Let’s Encrypt SSL certificates are only valid for 3 months.

Now click Request Certificate to install Let’s Encrypt SSL certificate with Virtualmin. Assuming you have DNS setup properly, your certificate will be obtained from Let’s Encrypt and will be installed on your domain. You can now open https version of your website with your favorite browser to enjoy the shiny green padlock icon.

Copy Let’s Encrypt SSL Certificate to Virtualmin

Although your domain is configured with SSL now, Virtualmin isn’t. You’ll still get a security warning when accessing Virtualmin from port 10000. We can fix this by copying generated Let’s Encrypt SSL certificate file to Virtualmin. But remember, only do this if you’re accessing Virtualmin from the domain name SSL certificate was issued for. Or you’ll still get a security warning.

Go back to Server Configuration > Manage SSL Certificates and click Copy to Webmin. That’s it. Certificate will be applied to Virtualmin and port 10000 will also be protected with the new certificate. You might have to restart your browser to see the changes.

Tharindu

Hey!! I'm Tharindu. I'm from Sri Lanka. I'm a part time freelancer and this is my blog where I write about everything I think might be useful to readers. If you read a tutorial here and want to hire me, contact me here.

Related Articles

2 Comments

  1. Thanks for the nice hint. Could have it found and dome myself – but Virtualmin is quite a learning curve and a bit heavy on resources. And I’m greatful for guys endervering and spending time for lazy dummies like me…

  2. Hi,
    I am having issues in installig Free SSL from Let’s Encrypt. I need urgent help to resolve it please.
    The error i encountered is:
    .. request failed : Web-based validation failed :
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for extrememega.com
    http-01 challenge for mail.extrememega.com
    http-01 challenge for http://www.extrememega.com
    Using the webroot path /home/extrememega/public_html for all unmatched domains.
    Waiting for verification…
    Cleaning up challenges
    Failed authorization procedure. http://www.extrememega.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.extrememega.com/.well-known/acme-challenge/wMs3Ap0jaWJfQ72H2mYStHuwHkcfQ-gbO7v364v03WI: Connection reset by peer
    IMPORTANT NOTES:
    – The following errors were reported by the server:

    Domain: http://www.extrememega.com
    Type: connection
    Detail: Fetching
    http://www.extrememega.com/.well-known/acme-challenge/wMs3Ap0jaWJfQ72H2mYStHuwHkcfQ-gbO7v364v03WI:
    Connection reset by peer

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    DNS-based validation failed : Neither DNS zone extrememega.com or any of its sub-domains exist on this system

    Please I need help to correct this

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button