New information:
Requesting a certificate for your domains on an apache webserver running on Debian server is extremely easy.
Install certbot, a utility to help request letsencrypt certificates:

apt-get install python-certbot-apache -t jessie-backports

Now run it:

certbot --apache

This will start a curses interface to select sites whose certificates you want to renew.
This works very well and worked when the certicate module of webmin was botched up.

Older post:
This tutorial describes how to create a new SSL certificate using Let’s Encrypt (Public beta as of 06/12/2015).

Let’s Encrypt doku is at:

Let’s create a new droplet at Digitalocean to test Let’s Encrypt.
Now login via ssh to the server:

Install git, an editor (I prefer emacs) and letsencrypt:

apt-get install git emacs
git clone
cd letsencrypt

To install and run the client you just need to type:

./letsencrypt-auto certonly --webroot -w /var/www/virtual/ -d -d

– If you lose your account credentials, you can recover through
e-mails sent to [email protected]
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/ Your cert will
expire on 2016-03-05. To obtain a new version of the certificate in
the future, simply run Let’s Encrypt again.
– Your account credentials have been saved in your Let’s Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let’s
Encrypt so making regular backups of this folder is ideal.
– If like Let’s Encrypt, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt:
Donating to EFF:

Automatically installing letsencrypt certificates for a server running i-mscp control panel:
Once you’ve generated certificates as mentioned above, login to i-mscp,
Go to
Next to your domain, click on “Add/Edit SSL Certificate”

Use the contents of the following file for each text box:

Private key -> /etc/letsencrypt/live/
Certificate -> /etc/letsencrypt/live/
Intermediate certificate(s) -> /etc/letsencrypt/live/

Manually installing letsencrypt certificates for a server running i-mscp control panel:
The following additional information pertains to manually installing these certificates for a server running i-mscp:

So, you’ve generated a certificate for the site The files created are at /etc/letsencrypt/live/ and are as followings:

lrwxrwxrwx 1 root root   36 Dec  6 09:12 cert.pem -> ../../archive/
lrwxrwxrwx 1 root root   37 Dec  6 09:12 chain.pem -> ../../archive/
lrwxrwxrwx 1 root root   41 Dec  6 09:12 fullchain.pem -> ../../archive/
lrwxrwxrwx 1 root root   39 Dec  6 09:12 privkey.pem -> ../../archive/

Copy these as follows:

cp /etc/letsencrypt/live/ /var/www/imscp/gui/data/certs/
cp /etc/letsencrypt/live/ /var/www/imscp/gui/data/certs/
cp /etc/letsencrypt/live/ /var/www/imscp/gui/data/certs/

Now edit the file /etc/apache2/sites-enabled/elephant.in_ssl.conf:

Add/Edit the following directives:

SSLEngine On
SSLCertificateFile /var/www/imscp/gui/data/certs/
SSLCertificateChainFile /var/www/imscp/gui/data/certs/
SSLCertificateKeyFile /var/www/imscp/gui/data/certs/

Restart apache2:

service apache2 restart

Now reload your website, and you will see the following certificate information:

SSLEngine On
SSLCertificateFile /var/www/imscp/gui/data/certs/
SSLCertificateChainFile /var/www/imscp/gui/data/certs/
SSLCertificateKeyFile /var/www/imscp/gui/data/certs/

If your site shows invalid issuer information, you havent done these steps correctly.

Renewing certificates

Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.

For renewing, use the same command as you did when you generated the certificates. For automating renewal use --renew-by-default.


./letsencrypt-auto certonly --webroot -w /var/www/virtual/ -d -d --renew-by-default