Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » hosting » virtualmin_ssl
Trace: hyper-v-cluster
internet:hosting:virtualmin_ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:hosting:virtualmin_ssl [2018/07/09 14:28]
gcooper 		internet:hosting:virtualmin_ssl [2021/08/05 13:27] (current)
gcooper
Line 1: Line 1:
 ====== Virtualmin SSL Issues ====== ====== Virtualmin SSL Issues ======
 +
 +See also **[[internet:security:ssl_tls_cert_testing|TLS/SSL Certificate Testing]]**
 +
 +===== For Webmin Alone =====
 +
 +[[https://doxfer.webmin.com/Webmin/Let's_Encrypt]]
 +
 +**Webmin -> Webmin -> Webmin Configuration -> SSL Encryption**
 +
 +:!: Requires HTTP server or DNS server hosting the domain
 +
 +===== Install Service Certs =====
 +
 +<file>
 +virtualmin install-service-cert --domain yourdomain.com --service webmin
 +</file>
 +
 +  * webmin
 +  * usermin
 +  * dovecot
 +  * postfix
 +  * proftpd
  
 ===== Let's Encrypt ===== ===== Let's Encrypt =====
Line 8: Line 30:
     - **Enable SSL** feature     - **Enable SSL** feature
       * A self-signed certificate is automatically created and applied       * A self-signed certificate is automatically created and applied
 +      * You must have an accessible ''index.html'' or ''certbot'' will fail
   - **Configure Let's Encrypt** SSL certificate   - **Configure Let's Encrypt** SSL certificate
     - **Don't add mail.domain.tld**     - **Don't add mail.domain.tld**
-      - Mail clients will still have to accept the cert presented anyway+      - Mail clients will still have to accept the host server's certificate anyway 
 +      - Use ''domain.tld'' or ''www.domain.tld'' as mail server 
 +      - Or just accept the server's cert
     - **List the desired SANs**<file>domain.tld     - **List the desired SANs**<file>domain.tld
 www.domain.tld www.domain.tld
Line 33: Line 58:
  
 ===== Apply Let’s Encrypt SSL Cert to System Services ===== ===== Apply Let’s Encrypt SSL Cert to System Services =====
 +
 +<note>Most of the time, Virtualmin on newer host operating systems such as (Ubuntu 20.04) supports [[https://en.wikipedia.org/wiki/Server_Name_Indication|SNI]].  SNI presents the SSL certs of client domains based on the calling URI.</note>
 +
 +<note>If you want SNI to function for a particular virtual server (domain), you must have configured SSL for that virtual server/domain.</note>
  
 :!: The matching domain name must be included in the SSL certificate. :!: The matching domain name must be included in the SSL certificate.
Line 43: Line 72:
   * Dovecot   * Dovecot
   * ProFTPD   * ProFTPD
- 
-<note>The "Copy to Dovecot" button will copy the domain's cert to be the default for IMAP connections. However, if you go to System Settings -> Virtualmin Configuration -> SSL settings and change "Copy per-IP SSL certificates to Dovecot?" to "Yes", any domain with SSL and it's own IP will get a separate Dovecot cert for just connections to that IP.</note> 
internet/hosting/virtualmin_ssl.1531168101.txt.gz · Last modified: 2018/07/09 14:28 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki