Using letsencrypt certbot to manually deploy SSL certificates on webmin

If server is running apache on debian 8:

sudo apt-get install python-certbot-apache -t jessie-backports
sudo certbot -d --manual --preferred-challenges dns certonly
$sudo certbot -d --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
(Y)es/(N)o: y

Please deploy a DNS TXT record under the name with the following value:


Once this is deployed,
Press Enter to Continue

Once deployed, the certificates are key are listed under:

$l /etc/letsencrypt/live/
total 12K
drwxr-xr-x 2 root root 4.0K Jun 21 16:15 .
drwx------ 5 root root 4.0K Jun 21 16:15 ..
lrwxrwxrwx 1 root root   40 Jun 21 16:15 cert.pem -> ../../archive/
lrwxrwxrwx 1 root root   41 Jun 21 16:15 chain.pem -> ../../archive/
lrwxrwxrwx 1 root root   45 Jun 21 16:15 fullchain.pem -> ../../archive/
lrwxrwxrwx 1 root root   43 Jun 21 16:15 privkey.pem -> ../../archive/
-rw-r--r-- 1 root root  543 Jun 21 16:15 README

Copy these to virtualserver root:

cp /etc/letsencrypt/live/*pem /home/entosce/domains/

Now if using webmin, add these to the configuration:
Virtualmin > > Server configuration > Manage SSL certificate > Update certificate and key:

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.