Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » hosting » virtualmin_ssl
Trace: hyper-v-cluster
internet:hosting:virtualmin_ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:hosting:virtualmin_ssl [2018/01/21 10:34]
gcooper 		internet:hosting:virtualmin_ssl [2021/08/05 13:27] (current)
gcooper
Line 1: Line 1:
 ====== Virtualmin SSL Issues ====== ====== Virtualmin SSL Issues ======
  
-===== Let's Encrypt =====+See also **[[internet:security:ssl_tls_cert_testing|TLS/SSL Certificate Testing]]**
  
-https://techjourney.net/how-to-use-lets-encrypt-ssl-certificate-automatically-in-virtualmin-webmin/+===== For Webmin Alone =====
  
-https://www.hostinger.com/tutorials/vps/how-to-install-lets-encrypt-ssl-on-vps-running-vebmin-virtualmin+[[https://doxfer.webmin.com/Webmin/Let's_Encrypt]] 
 + 
 +**Webmin -> Webmin -> Webmin Configuration -> SSL Encryption** 
 + 
 +:!: Requires HTTP server or DNS server hosting the domain 
 + 
 +===== Install Service Certs ===== 
 + 
 +<file> 
 +virtualmin install-service-cert --domain yourdomain.com --service webmin 
 +</file> 
 + 
 +  * webmin 
 +  * usermin 
 +  * dovecot 
 +  * postfix 
 +  * proftpd 
 + 
 +===== Let's Encrypt ===== 
 + 
 +:!: Beware of rate limiting at Let's Encrypt.  Don't run any more attempts than is absolutely necessary or you may have to wait an hour to try again.
  
   - **Edit the virtual server** you want to SSL-enable   - **Edit the virtual server** you want to SSL-enable
     - **Enable SSL** feature     - **Enable SSL** feature
       * A self-signed certificate is automatically created and applied       * A self-signed certificate is automatically created and applied
 +      * You must have an accessible ''index.html'' or ''certbot'' will fail
   - **Configure Let's Encrypt** SSL certificate   - **Configure Let's Encrypt** SSL certificate
 +    - **Don't add mail.domain.tld**
 +      - Mail clients will still have to accept the host server's certificate anyway
 +      - Use ''domain.tld'' or ''www.domain.tld'' as mail server
 +      - Or just accept the server's cert
     - **List the desired SANs**<file>domain.tld     - **List the desired SANs**<file>domain.tld
 www.domain.tld www.domain.tld
-mail.domain.tld 
 autoconfig.domain.tld autoconfig.domain.tld
 autodiscover.domain.tld</file> autodiscover.domain.tld</file>
Line 34: Line 58:
  
 ===== Apply Let’s Encrypt SSL Cert to System Services ===== ===== Apply Let’s Encrypt SSL Cert to System Services =====
 +
 +<note>Most of the time, Virtualmin on newer host operating systems such as (Ubuntu 20.04) supports [[https://en.wikipedia.org/wiki/Server_Name_Indication|SNI]].  SNI presents the SSL certs of client domains based on the calling URI.</note>
 +
 +<note>If you want SNI to function for a particular virtual server (domain), you must have configured SSL for that virtual server/domain.</note>
  
 :!: The matching domain name must be included in the SSL certificate. :!: The matching domain name must be included in the SSL certificate.
internet/hosting/virtualmin_ssl.1516556042.txt.gz · Last modified: 2018/01/21 10:34 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki