The guide :
FOLDER DOMAIN : In virtualmin directory
FULL DOMAIN: www.example.com
FULL DOMAIN: www.example.com
Login to SSH and get root privileges (root/sudo -i):
cd /home/<FOLDER DOMAIN>/ && git clone https://github.com/letsencrypt/letsencrypt
OR
cd /root/ && git clone https://github.com/letsencrypt/letsencrypt
* This will download the Let's Encrypt from github with executable script
2. Create your directory where you will be saving your certificate later on. Reason for this is because Virtualmin has a protection where it only allows a certificate from the user/domains directory:
mkdir /home/MYUSERNAMEFORDOMAIN/ssl_certificates
3. Setup your cronjobs by running: "sudo crontab -e"
01 3 1 * * cd /home/<FOLDER DOMAIN>/letsencrypt/ && ./letsencrypt-auto certonly --email info@<FULL DOMAIN> --agree-tos --webroot --renew-by-default -w /home/<FOLDER DOMAIN>/public_html/ -d <FULL DOMAIN> -d <FULL DOMAIN> --authenticator webroot && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/cert.pem /home/<FOLDER DOMAIN>/ssl/cert.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/chain.pem /home/<FOLDER DOMAIN>/ssl/chain.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/fullchain.pem /home/<FOLDER DOMAIN>/ssl/fullchain.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/privkey.pem /home/<FOLDER DOMAIN>/ssl/privkey.pem
01 3 1 * * cd /home/<FOLDER DOMAIN>/letsencrypt/ && ./letsencrypt-auto certonly --email info@<FULL DOMAIN> --agree-tos --webroot --renew-by-default -w /home/<FOLDER DOMAIN>/public_html/ -d <FULL DOMAIN> -d <FULL DOMAIN> --authenticator webroot && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/cert.pem /home/<FOLDER DOMAIN>/ssl/cert.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/chain.pem /home/<FOLDER DOMAIN>/ssl/chain.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/fullchain.pem /home/<FOLDER DOMAIN>/ssl/fullchain.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/privkey.pem /home/<FOLDER DOMAIN>/ssl/privkey.pem
OR
* Above command will copy the certificates to the correct directory after requesting them. It will do this every 1st of the month during the night. The reason we do this every month is because the certs are only valid 90 days and we have plenty of time to repair if something appears to be wrong with the cert later on..
Allright! The hard part is done!
3.1 Please log into your Virtualmin admin panel, Select "Webmin -> System -> Scheduled Cron Jobs". Go to your newly created Cronjob by clicking on it and select "RUN NOW".
4. in Virtualmin, select you domain and go to "Edit virtual server", make sure that SSL is enabled under "Enabled features".
5. Under "Server configuration" go to "Manage SSL Certificate". Select the tab "Update Certificate and Key" and under "Signed SSL certificate" select the option "File on server", fill in the location of the certificate:
"/home/<FOLDER DOMAIN>/ssl/cert.pem"
6. Do the same for section "Matching private key". Select:
"/home/<FOLDER DOMAIN>/ssl/privkey.pem"
7. Click on "Install Now".
8. Switch to tab "CA Certificate", select "In file on server " and fill in:
"/home/<FOLDER DOMAIN>/ssl/fullchain.pem"
9. Click on "Save Certificate". ***
DONE! ! ! It will now auto update every month :)
Go to your website with HTTPS,
source : https://www.virtualmin.com/node/38853
0 comments:
Post a Comment