This guide will provide you with the necessary steps to create your own free SSL certificates provided by the Let's Encrypt initiative.

You can order up to 10 free certificates for each domain. This may change in the future as the project exits its public BETA phase.

We assume that you will be using this from a system administrator point of view.

The domain name example.com will be used in this guide. You must substitute with your own domain name for the key generation to work.

When you add a new domain in Virtualmin it also creates a DNS entry such as mail.example.com for the purposes of IMAP, POP3 and SMTP services. However, there is no webroot for these domains in the virtual domain home. This will cause errors when trying to authenticate with Let's Encrypt using the 'webroot' method if we point only to the public_html webroot of the virtualhost.

In order to work around this issue we specify a separate webroot for mail.example.com so that webroot authentication performed. By default, domains which do not have an explicit virtualhost specified will be directed to the the default htdocs directory as specified by Apache.

If you are using Debian based system, such as Ubuntu this directory will be /var/www. As such we formulate our command to utilize a different webroot for mail.example.com as illustrated below.

First you must clone the git repo to your root home. If you are using another username for root such as admin you will do the the same except clone into /home/admin or /admin. There is a letsencrypt package now available that will remove the need to manually clone the git repo, however at this time it does not seem to be available via the virtualmin repos.

cd ~/

git clone https://github.com/letsencrypt/letsencrypt

cd ~/letsencrypt/ && ./letsencrypt-auto certonly --email This email address is being protected from spambots. You need JavaScript enabled to view it. --agree-tos --webroot --renew-by-default -w /home/example/public_html -d www.example.com -d example.com -w /var/www -d mail.example.com && cp -f /etc/letsencrypt/live/www.example.com/cert.pem /home/example/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.example.com/chain.pem /home/example/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.example.com/fullchain.pem /home/example/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.example.com/privkey.pem /home/example/ssl_certificates/privkey.pem

Whooa, there's a lot of stuff going on there. Well, it's not that bad. We are issuing a command that will create 3 certificates and place them in ssl_certificate folder where we will then add them to the virtualhost using Manage SSL Certificates in Virtualmin web GUI.

 

Update: If you are using this on a domain and are getting authentication errors this may be caused by a .htaccess or other web server rule which prevents the webroot authentication to work as expected. When you are creating a new certificate chain you can temporarily rename .htaccess and then rename it back when the certificate is created.

 

What we do

We develop secure websites and mobile apps with scalable hosting, maintenance and support.

 

We accept Visa, Mastercard, Interac, Amex and BitCoin!

BitCoin accepted here

Certified SSL Site Seal

We specialize in open-source platforms such as Joomla, Wordpress, Magento, OpenCart, Odoo (formerly OpenERP), OwnCloud