• Home
  • Uncategorized
  • Using letsencrypt certbot to manually deploy SSL certificates on webmin

Using letsencrypt certbot to manually deploy SSL certificates on webmin

Posted by: Joel G Mathew Posted on: June 21, 2017 , , ,

If server is running apache on debian 8:

sudo apt-get install python-certbot-apache -t jessie-backports
sudo certbot -d wiki.entosce.com --manual --preferred-challenges dns certonly
$sudo certbot -d wiki.entosce.com --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for wiki.entosce.com

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: y

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.wiki.entosce.com with the following value:

0MEpem0O24coudtJNfAU9zEOXaW8_nJ6oaQ1pOsOIKM

Once this is deployed,
-------------------------------------------------------------------------------
Press Enter to Continue

Once deployed, the certificates are key are listed under:
/etc/letsencrypt/live/wiki.entosce.com/

$l /etc/letsencrypt/live/wiki.entosce.com/
total 12K
drwxr-xr-x 2 root root 4.0K Jun 21 16:15 .
drwx------ 5 root root 4.0K Jun 21 16:15 ..
lrwxrwxrwx 1 root root   40 Jun 21 16:15 cert.pem -> ../../archive/wiki.entosce.com/cert1.pem
lrwxrwxrwx 1 root root   41 Jun 21 16:15 chain.pem -> ../../archive/wiki.entosce.com/chain1.pem
lrwxrwxrwx 1 root root   45 Jun 21 16:15 fullchain.pem -> ../../archive/wiki.entosce.com/fullchain1.pem
lrwxrwxrwx 1 root root   43 Jun 21 16:15 privkey.pem -> ../../archive/wiki.entosce.com/privkey1.pem
-rw-r--r-- 1 root root  543 Jun 21 16:15 README

Copy these to virtualserver root:

cp /etc/letsencrypt/live/wiki.entosce.com/*pem /home/entosce/domains/wiki.entosce.com

Now if using webmin, add these to the configuration:
Virtualmin > wiki.entosce.com > Server configuration > Manage SSL certificate > Update certificate and key: