Webmin with Let's Encrypt

I have Webmin and it allays uses https and I just said continue anyway.

But now that I have https I coped and paste the /etc/letsencrypt/live/XXXX cert.pem to Webmin Certificate Authority in the
Edit CA certificate part. Saved it and now it goes there with out telling me it’s not connection is not private. But it now has a red https with a / thought it. So I guess something is still not right.

I did copy between the Begin and end certificate text.

Or do I have to copy some other .pem file in the CA certificate of Webmin? There is chain, fullchain and privkey ones.

You probably stii have insecure content ( pics/css/js ) loaded.
Use the Inspector in Firefox/Chrome and look at Network, if the connections point to http:// then that’s it, you need to link those via https://

Webmin needs privkey.pem for the key.
cert.pem for the actual certificate and there is a box below all that for adding chain.pem
The chain.pem will need to be type in with full path.

Without all three of those it won’t be a proper TLS connection.

In CPanel it says you can add a chain or not, the browser should fetch it anyway and check your cert all by itself.

The crossed shield/lock means “insecure content” usually.

Browsers will, a lot of other tools, including for example cURL, won’t. Not serving intermediate certificates results in an incomplete setup.

Webmin needs the chain file or the browsers wont trust the cert. If one used the fullchain.pem as the cert it may not complain as that contains the chain with the cert.
Mixed content usually shows a yellowish icon. At least as I recall.

I think you’re running into an error here:[quote=“Ray, post:1, topic:6453”]
I did copy between the Begin and end certificate text.
[/quote]
You need to copy the full content of the required .pem files:

privkey.pem
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

cert.pem
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

chain.pem
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

into the respective fields of the form.

Webmin just errors on my when I go to save it with this:

Failed to save new key : Missing or invalid PEM format key

I did it with both the:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

In each 3 files and that part deleted from each file only between them.

But Webmin all ways say the same error.

Got it working in Webmin. It was easy now that Webmin has a new “Let’s Encrypt” tab.

You go under Webmin on the left and pick “Webmin Configuration” then the “SSL Encryption” key icon. Then can see the Let’s Encrypt tab at the top right.

It will say this because it don’t know were the command is:

Check the module configuration page to ensure you are using the correct path to the letsencrypt or letsencrypt-auto command.

You can click on “module configuration” then put in this in the Full path to Let’s Encrypt client command.

I had to put were the command was /root/letsencrypt/letsencrypt-auto because Webmin could not auto find it.

Then log in with your URL you set up with Letsencrypt and it will not says it’s not private any more.

Then in Webmin under the Let’s Encrypt tab can click on “Request Certificate”.

Webmin will say then under that tab this:

Let’s Encrypt is a free, automated, and open certificate authority that can be used to generate an SSL certificate for use by Webmin.
This page can be used to request a new certificate, which will overwrite any other currently have configured in Webmin. However, the Let’s Encrypt service requires that your ownership of the certificate domain be validated by checking that this system hosts the website for the domain. This is done by placing a small temporary file in the website’s document directory.

Nice it has it built in for this let’s encrypt now.

It’s the “SSL support” tab in Webmin that Freigeist in the next post is talking about.

Even if this topic is a bit older: If you are used to request a certificate for the domain you are using for webmin anyway, you should just specify the paths to the certs like this (sorry, my webmin is configured to be served in german, but should be understandable anyway):

If you renew your cert, just restart your webmin server like service webmin restart or any other way you use to start/stop/restart your webmin instance.

1 Like

Thank you that’s good. I edit my Webmin like you show in your screen shot of it. Just replace the blacked out with your URL name.

Saved it and Webmin did not say error. So looks like it worked.

But it worked before this too. I guess Webmin copied the keys to it’s keys from the Let’s Encrypt ones.

Webmin auto checked mine in the SSL protocol versions to reject and it has all but the last one TLSv1.2 checked. Looks like only the 1st 2 on yours are checked.

-Raymond Day

Some times seems hard to get Webmin to work with the Let’s Encrypt tab. If you have the red https with a slash though it webmin can with a little time not display.

The best way is to paste the 3 places in the SSL Settings tab. Save and it my not display but re-go to the https and it works.

Thank you Freigeist for showing this. Works good with Webmin.

-Raymond Day

I have letsencrypt working on an Apache server running on the same box as my webmin, just a different port. So I know the keys are right. But webmin gives me the following error:

Failed to save SSL options : The SSL private key file /etc/letsencrypt/live/[mydomainname].com/privkey.pem does not exist or does not contain a PEM format key

What am I doing wrong?

Check your /etc/letsencrypt/live directory, if [mydomainname].com exists or if your cert is saved as something like [mydomainname].com-0001

ls -al /etc/letsencrypt/live/mydomainname.com
total 12
drwxr-xr-x 2 root root 4096 Oct 25 12:35 .
drwx------ 3 root root 4096 Aug 26 13:10 …
-rw-r–r-- 1 root root 543 Aug 26 13:10 README
lrwxrwxrwx 1 root root 45 Oct 25 12:35 cert.pem -> …/…/archive/mydomainname.com/cert2.pem
lrwxrwxrwx 1 root root 46 Oct 25 12:35 chain.pem -> …/…/archive/mydomainname.com/chain2.pem
lrwxrwxrwx 1 root root 50 Oct 25 12:35 fullchain.pem -> …/…/archive/mydomainname.com/fullchain2.pem
lrwxrwxrwx 1 root root 48 Oct 25 12:35 privkey.pem -> …/…/archive/mydomainname.com/privkey2.pem

???

I crossposted to the webmin support discussion, good answer here. Appears to be a bug in webmin, fix expected any time now…

1 Like