See also TLS/SSL Certificate Testing

https://doxfer.webmin.com/Webmin/Let's_Encrypt

Webmin → Webmin → Webmin Configuration → SSL Encryption

Requires HTTP server or DNS server hosting the domain

virtualmin install-service-cert --domain yourdomain.com --service webmin

• webmin
• usermin
• dovecot
• postfix
• proftpd

Beware of rate limiting at Let's Encrypt. Don't run any more attempts than is absolutely necessary or you may have to wait an hour to try again.

1. Edit the virtual server you want to SSL-enable
   1. Enable SSL feature
      • A self-signed certificate is automatically created and applied
      • You must have an accessible index.html or certbot will fail
2. Configure Let's Encrypt SSL certificate
   1. Don't add mail.domain.tld
      1. Mail clients will still have to accept the host server's certificate anyway
      2. Use domain.tld or www.domain.tld as mail server
      3. Or just accept the server's cert
   2. List the desired SANs

      domain.tld
      www.domain.tld
      autoconfig.domain.tld
      autodiscover.domain.tld

   3. Adjust the auto-renewal interval
      • The default (two months) is safe

Virtualmin → <domain> → Server Configuration → Manage SSL Certificate → Let’s Encrypt (tab)

Request certificate for → Domain names listed here → <list of Subject Alternative Names>

Months between automatic renewal → 2

Virtualmin → <domain> → Services → Configure Website → Aliases and Redirects

Permanent URL redirects → From → / (slash)

Permanent URL redirects → To → https://www.yourdomainname.tld

The matching domain name must be included in the SSL certificate.

Virtualmin → <domain> → Server Configuration → Manage SSL Certificate → Current Certificate (tab) → Copy to…

• Webmin
• Usermin
• Postfix
• Dovecot
• ProFTPD