Automatic configuration apache+debian+virtualmin? i'm a bit lost


#1

Hello,

I have a debian server with virtualmin and apache. I have only one IP and about 15 different domains. I really like to try letsencrypt but i’m confused.

I read in the docs that installation and configuration on debian-apache server is automated by libaugeas0. But i think with virtualmin installed, this can’t work.

So, i’m trying to do my own guide step by step…

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
stop apache
./letsencrypt
Select virtual servers you want cert for (GUI)
Link certs on /etc/letsencrypt/live/$domain to /home/$domain/
Start apache.

Is that right?

Thanks!


#2

I just implemented this: Acquire and install certs on reverse proxy server configuration on my reverse proxy, that should do the work for you (this way you don’t have to stop apache for the challenge)

I would recommend to pass the domains as arguments “-d domain.tld -d mysub.domain.tld” so that it can run without any user input (can also be achived with the “cli.ini” file)

Also you don’t have to link the certificates to each home folder since it’s one cert for all, just think about permissions.
I’ve created a file in “/etc/apache2/https/” named ssl.conf
In that file I specify all my SSL setting and paths, then in each vhost I include “https/ssl.conf”

I’m looking at having a cron run every ~60 days to renew cert, check status (did the file change, error code 0? and so on…) and then restart apache, if there is an error it should email me so that I know it requires manual action.


#3

I work on Virtualmin. We’ll be releasing a version that supports Let’s Encrypt (nearly) automatically in the near future…we’re shooting for sometime this coming week. I am pretty sure Jamie has it mostly completed, already, but I haven’t been able to meet with him in a couple of weeks, so we haven’t talked much about the status of it, but it has been in development for a little while.

We’re as excited about Let’s Encrypt as anybody!

Cheers,
Joe


#4

Thank you! That’s great news!


#5

@swelljoe great news - wondering if there are any updates on letsencrypt support in virtualmin?
Thanks


#6

@swelljoe Hi, It looks like virtualmin only requests domain.com and not www.domain.com? Am I correct?
The certificate is only valid for the domain.com and not www.domain.com.

Or am I missing some crucial virtualmin setting?

Cheers
Jeroen Olthof