I've been going at this for a little while but came up with the following steps to get it working. Its working on 06-12-2015 during the public BETA. If you run into issues please let me know.
Tested on: - Host OS is Ubuntu 14.04 LTS. - Virtualmin version: 4.18.gpl (doesn't really matter? build 2015+) - Webmin version 1.770 - 1.780 (doesn't really matter? build 2015+)
Get the following right for your "variables", fill in your own offcourse:
MYUSERNAMEFORDOMAIN: my system username known in virtualmin
MYDOMAIN: www.example.com
*** 1. First install Let's Encrypt script/programm. ***
Login to SSH and get root privileges (root/sudo -i):
cd /home/user/ && git clone https://github.com/letsencrypt/letsencrypt
OR
cd /root/ && git clone https://github.com/letsencrypt/letsencrypt
^^ This will download the Let's Encrypt from github with executable script
*** 2. Create your directory where you will be saving your certificate later on. Reason for this is because Virtualmin has a protection where it only allows a certificate from the user/domains directory: ***
mkdir /home/MYUSERNAMEFORDOMAIN/ssl_certificates
*** 3. Setup your cronjobs by running: "sudo crontab -e" ***
It wil probably ask you which editor, i choose Nano, once in the editor enter the following somewhere on a new line (pick the option you choose on step 1!):
01 3 1 * * cd /home/user/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem
OR
01 3 1 * * cd /root/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem
^^ Above command will copy the certificates to the correct directory after requesting them (i gave a warning in step 2). It will do this every 1st of the month during the night. The reason we do this every month is because the certs are only valid 90 days and we have plenty of time to repair if something appears to be wrong with the cert later on..
Allright! The hard part is done!
*** 3.1 Please log into your Virtualmin admin panel, Select "Webmin -> System -> Scheduled Cron Jobs". Go to your newly created Cronjob by clicking on it and select "RUN NOW".
*** 4. in Virtualmin, select you domain and go to "Edit virtual server", make sure that SSL is enabled under "Enabled features".
*** 5. Under "Server configuration" go to "Manage SSL Certificate". Select the tab "Update Certificate and Key" and under "Signed SSL certificate" select the option "File on server", fill in the location of the certificate:
"/home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem"
*** 6. Do the same for section "Matching private key". Select: "/home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem"
*** 7. Click on "Install Now".
*** 8. Switch to tab "CA Certificate", select "In file on server " and fill in: "/home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem"
*** 9. Click on "Save Certificate". ***
DONE! ! ! It will now update every month :)
Go to your website with HTTPS, what do you get??? :D :) :D
IF you run into any issues please let me know in the comments and i'll try to help out!
NOTE: You can't request a lot of different certificates. You will get the message: Too many certificates already issued for: xxx. If you want a lot of certificates for subdomains please consider using a paid wildcard certificate. Letsencrypt is a service to help out (starting/small) websites.
If you like this guide and want to donate you can do so by Bitcoin: bitcoin:1gYf6whHEhLBuhEk81DFoCt65dVva94iL
thank you!
Just a small suggestion. I would pass the -d paramater for both www.domain.tld and domain.tld to make the SSL certificate work for both, like this:
-d MYDOMAIN.net -d www.MYDOMAIN.netThanks for the guide though - appreciate it :-)
Thanks for the suggestion. I've added it in the guide.
Oh Nice guide. I was looking at carving out some time to look into this.
Great work. I will have to give this a go at later time.
Nice work and thank you.
90 days = 3 months, probably don't need to run it every 30 days. Otherwise nice work, and glad to see this contribution made available to us all.
Hi, thank you for guide.
I followed it and stuck at 5. as there was no certs to add.
I think You would have to wait to 1st of the month for cron to execute command :)
so what I did is:
cd /home/user/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem
or
cd /root/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem
I've added an extra step 3.1 (moved from the addition). If you do that before 5 it should go better since the certs will be created.
.
This worked great except for some python errors I ran into with virtual environments.
I am running CentOS 6 on my box so I installed pip to get the virutal issue resolved. Still had problems and found it easier to install python 2.7 following https://community.letsencrypt.org/t/redhat-centos-6-x-users-need-python-...
I would suggest you disable the repos when you've got your python installed cause the EPEL repo will update proftpd which breaks the FTP in my version of Virtualmin.
The problem I have now is I can't seem to get apache to expose the /.well-known folder so letsencrypt can't verify the domain. Anyone have a quick idea how to do this in virtualmin? I've tried setting up alias and redirects. I'm guessing somewhere in virtualmin it is blocking hidden files/folders. But I can't seem to find it.
The script will put a file in the public_html/.well-known/acme-challenge/ folder. Then it will see if it can access that path on the webbrowser. What happens if you login to FTP and see if any files get written during verification? Also what is your error? Maybe you can use --verbose.
I tried the --verbose which kicks back a dialog error.
However https://github.com/letsencrypt/letsencrypt/issues/1154 points to using --text -vvvvvv instead which gets the script to run.
Everything goes fine. files get download and copied into the .well-known/acme-challenge but then it returns The following 'urn:acme:error:unauthorized' errors were reported by the server:
I am pretty sure it's an apache indexignore issue. Cause in my httpd.conf I see where it has .?? as ignore. If i'm not mistaken this should keep "hidden" files and folders from showing up. I try to browse to ./well-known/test.html and I get a 404 error like the page doesn't exist.
I've commented out the indexignore. Restarted the apache. No joy. I've tried adding IndexIgnore Reset On and restarted with no joy as well. Until I can see into that folder I am pretty sure I am going to have issues.
So the --verbose throws a python dialog error. But using --text -vvvvvv from https://github.com/letsencrypt/letsencrypt/issues/1154 generated the information.
Turned out to be a permission issue as I suspected in Apache as I was unable to browse files in ./well-known. Apparently when I was working on this yesterday I screwed up my httpd.conf because the site I was trying to get the SSL cert was loading a different virtual host.
Rolled back my httpd.conf. restarted Apache then ran the script again. This time everything appeared to work except it wouldn't let me install the CA.
Went back into virtualmin and disabled SSL on the site. Saved. Restart Apache. Re-Enable SSL. Restart Apache. It accepted the CA at that point.
Strange thing is in VirtualMin it shows:
Web server hostname XXX.XXX Issuer name Let's Encrypt Authority X1 Issuer organization Let's Encrypt Expiry date Mar 12 14:11:00 2016 GMT Certificate type Signed by CA
And I copied the cert to webmin/usermin/etc without issue and https to those address now show a valid SSL cert! Happy happy joy joy.
But https://www.xxx.xxx still shows a self-signed cert. I've restarted Apache again with no joy. Maybe I'll just reboot the whole server and see what happens.
Ok so I think my sever is possessed :p.
Just for the record:
OS CentOS 6.7 Webmin version 1.770 Virtualmin version 4.18
So my system hostname is ns0.dummy.com <=- obviously not the real domain
and the virtualhost I am trying to set this up on is www.dummy.com. This is where I think the issue is happening.
When I go into virtualmin/Edit virtual Server/enable features/ssl website enabled things break. Once I click that on everything in dummy.com gets can't seem to find the virtualhost information and defaults to /var/www/html instead of the /home directory.
If I go back into vitualmin and uncheck SSL. restore my httpd.conf file and restart the server. Everything is back to normal.
So somewhere, somehow I think i need to change my systemhost name. I've tried in ssl.conf to change it to localhost with no joy.
I havent had an issue with the system host name. My system host name is for a different domain. Are the ssl certs copied to ssl_certificates? Also if you check the signing company in your webbrowser, what does it say?
small note... cp doesn't like it when files already exists... so other rm the file or cp -f it instead
else looking forward to the plugin for virtualmin is completed
just hope there will be an on/off for each domain, so that not all need to run it.
Thanks for the addition! Added it into the guide.
thanks :)
So this was obviously a misconfig on my part.
Inside the virtual host settings/Server Configuration/Change IP. My Shared address was my ext. IP. Once I changed the shared address to the internal IP and specified my External IP address to the correct information. Everything works great now!
This is a nice tutorial, thank you for sharing it. Would it be worth adding some common troubleshooting to the guide?
One that tripped me up: LetsEncrypt checks the URL "^.well-known/acme-challenge" on your domain. Domains running Drupal will, by default, block this URL causing LetsEncrypt to fail to generate the certificates properly. See https://community.letsencrypt.org/t/drupals-defualt-htaccess-file-breaks... for a clear solution.
This is a great guide, but I was wondering it it's possible to use Letsencrypt certificates for mail server also with a different subdomain (eg. mail mydomain.com).
If I'm not mistaken, you should be able to add -d mail.mydomain.com to the cronjob because I think it lets you do something like 10? domains. Then once you install the cert in virtualmin it should give you the option to install it into your mail system, webmin, etc.
will you be updating this howto to include the instructions under 1.78?
Hi midol,
It still works under 1.780. No need to make seperate how to's.
Webmin 1.780 was release today for Debian. It includes support for Letsencrypt. It's under "Webmin -> Webmin -> Webmin Configuration -> SSL Encryption" menu -> "Let's Encrypt" tab. Anyone tried it?
- - -
Senior Product Manager, and Co-Founder at Ubertus.org Inc.
Love back your Virtualmin & Webmin community
I've looked into it but it seems its only for the webmin system itself.
http://www.virtualmin.com/node/39162
Changes since 1.770:
Webmin can now request an SSL certificate for itself from Let's Encrypt, if you have the letsencrypt client command installed.
Subcribing
- - -
Senior Product Manager, and Co-Founder at Ubertus.org Inc.
Love back your Virtualmin & Webmin community
The webmin intergration is fine, but what about the virtualmin intergration ?
This guide is for the virtualservers and as far as i can see this part is still missing in webmin/virtualmin
Hi Thanks for this, works like a charme. Both on https / webmin / virtualmin / mail :-)
Regards Lars
I worked on similars scripts that may help: https://www.virtualmin.com/node/39175
It use API for certificate instal. Maybe can be a quicker way than CP files to virtualhost user directory and make the co,figuration (Virtualmin does it for us ;-) )
This works perfectly for me. Thanks. The only thing I've changed is I've installed to /opt like so:
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencryptI've set the cron to run every other month, so roughly every 60 days which is what letsencrypt are currently recommending.
Works a charm.
Webmin version 1.782 | Virtualmin version 5.0.gpl | Operating system Ubuntu Linux 14.04.1
EDIT:
Now that LetsEncrypt is part of the Webmin / Virtualmin interface, I have stopped using the script referenced below.
TIP: I spent quite some time looking for the "Webmin module config"-page in the Authentic theme where the path for the LetsEncrypt script should go. You have to press the little cogwheel at the top left on the "Webmin configuration" page,
Thanks for the guide, jochem!
I was wondering a bit about the cron entries and the way the variables are inserted.
Is it not an error when you write
MYDOMAIN: www.example.comand then later
-d www.MYDOMAIN.net -d MYDOMAIN.netIsn't the .net part supposed to go away?
Also - in this line:
/home/MYDOMAIN/public_html/Isn't that supposed to be
MYUSERNAMEFORDOMAIN?I have made a script from the guidelines here, with my changes and it seems to work:
https://gist.github.com/benjamin-dk/904a16b5507be56a12e4
Bonus info: if you run into the following issue
Failed authorization procedure. <yourdomain> (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://<yourdomain>/.well-known/acme-challenge/-CFACzoI1ZDB97dSfYPWgxNMA5KDyOs97MmotTKfeoYIt might be a Drupal .htaccess related error, see
https://community.letsencrypt.org/t/drupals-defualt-htaccess-file-breaks-webroot-authentication/3014/3
I've written a quick script which handles this automatically. Basically, when SSL is enabled in a virtual server, it automatically creates the letsencrypt ssl certs and sets a monthly cron.
You need to add the script to the "Virtualmin" -> "System Settings" -> "Virtualmin Configuration" -> "Command to run after making changes to a server".
Written & tested for centos/RH distros. You'll need to adjust the 4 variables at the top of the script to suit your setup. It uses the virtualmin CLI to actually install the certs so that should be universal.
#!/bin/bash
# Script created by ASU Web Services Ltd
# Script to generate letsencrypt ssl certificate. Updated by monthly cron.
#change the below vars to match you system/setup
userdir="/home/$VIRTUALSERVER_USER";
sourcedir="/root/letsencrypt";
livedir="/etc/letsencrypt/live";
crondir="/etc/cron.monthly";
if
[[ "$VIRTUALSERVER_ACTION" = "CREATE_DOMAIN" && "$VIRTUALSERVER_SSL" = "1" ]] ||
[[ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" && "$VIRTUALSERVER_SSL" = "1" ]]; then
#create a certificate
echo "#!/bin/bash
cd $sourcedir
./letsencrypt-auto certonly --email info@$VIRTUALSERVER_DOM --agree-tos --renew-by-default -w $userdir/public_html -d www.$VIRTUALSERVER_DOM -d $VIRTUALSERVER_DOM --authenticator webroot
virtualmin install-cert --domain $VIRTUALSERVER_DOM --cert $livedir/www.$VIRTUALSERVER_DOM/cert.pem --key $livedir/www.$VIRTUALSERVER_DOM/privkey.pem --ca $livedir/www.$VIRTUALSERVER_DOM/fullchain.pem" >> /etc/cron.monthly/letsencrypt-$VIRTUALSERVER_USER
chmod 700 $crondir/letsencrypt-$VIRTUALSERVER_USER
#manually run cron script to generate certs now
sh $crondir/letsencrypt-$VIRTUALSERVER_USER
fi
# Remove cron when deleting a virtual-server or disabling ssl
if [[ "$VIRTUALSERVER_ACTION" = "DELETE_DOMAIN" ]] ||
[[ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" && "$VIRTUALSERVER_SSL" = "0" ]]; then
if [ -f $crondir/letsencrypt-$VIRTUALSERVER_USER ];then
rm -rf $crondir/letsencrypt-$VIRTUALSERVER_USER
fi
fi
That looks pretty sweet! I might have to try it. Thanks for sharing!
What about nginx, postfix, dovecot, and ftp though? Can those also be automated? Even the built-in Virtualmin one doesn't work for me with nginx for some reason though:
Requesting a certificate for example.com, www.example.com from Let's Encrypt ..
.. request failed :
Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot -d example.com -d www.example.com --webroot-path /home/example/public_html --duplicate --config /tmp/.webmin/237785_12142_2_letsencrypt.cgi
Failed authorization procedure. www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/AZz_lWbDSeYIU9Vng4rl0bJ764DJazriYnu8Wc3GYEU [xxx.xxx.xxx.xxx]: 404, example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/_mj42DTvYmdLTHKo0AslsQF6iE8QuVn95fl47JCnROI [xxx.xxx.xxx.xxx]: 404
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.example.com
Type: unauthorized
Detail: Invalid response from http://www.example.com/.well-known/acme-
challenge/AZz_lWbDSeYIU9Vng4rl0bJ764DJazriYnu8Wc3GYEU
[xxx.xxx.xxx.xxx]: 404
Domain: example.com
Type: unauthorized
Detail: Invalid response from http://example.com/.well-known/acme-
challenge/_mj42DTvYmdLTHKo0AslsQF6iE8QuVn95fl47JCnROI
[xxx.xxx.xxx.xxx]: 404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
your nginx configuration doesn't permit to access to:
.well-known/acme-challenge/XXXXXXXXXXXXXXX
take a look here: https://community.letsencrypt.org/t/how-to-nginx-configuration-to-enable...
Quick answer: thank you very much for the guide. It worked like a charm :) (here on debian wheezy, just made this little change to run it as root and get rid of all the sudos)
I'm confused. Has this thread been made redundant by subsequent upgrades to Virtualmin. When I enable SSL for a server I have a Lets Encrypt tab under "Manage SSL Certificate" for that server which once enabled seems to work fine. Are further steps needed, to create the cron for example?
@asuweb I did try your script also but it failed on CentOS 6.7
To create the cron, you choose the frequency of renewal, vs. default manual renewal.
Indeed. The more recent versions of Virtualmin appear to have automated whatever this whole discussion is about.
Just go into Virtualmin > Server Configuration > Manage SSL > Let's Encrypt and hit "Request Certificate".
Setting up a number of months between automatic renewals seems to do the cron job you're asking about.
I just tried this feature, and let me say, it is awesome and works so quickly it feels like I am cheating!
I found this guide to get a free SSL for a year, https://tjosm.com/3752/obtain-free-ssl-certificate-startssl/
Why is it a big deal? there are provides who offer free SSL certificates. I don't understand.
I provide FREE Server Management Services in exchange of money
There are additional providers beginning to offer completely free SSL certificates, but Let's Encrypt changed the landscape in how they're offering their service.
The guide you linked to describes a series of steps to obtain a free SSL cert (and, to my knowledge, those free certs are only available in certain cases).
There aren't any steps to follow in using Virtualmin's Let's Encrypt support. It's simply, click the Let's Encrypt button, and you're finished. No creating an account on a remote system, no emails, no manual validation, no manual renewals. It's all immediate and automatic. Validation is handled automatically as part of their protocol. Renewals occur automatically after several months.
They really have greatly simplified the SSL process.
-Eric
I have used StartSSL in the past. However, the company was sold to a Chinese SSL provider who has become no longer recognized by Google Chrome, Microsoft and other popular web browsers due to issues of back-dating of certs or some such. StartSSL is now owned by a Chinese security software and services company, the one that provides 360 Total Security software for PC and mobile devices. They have said that they are in the process of regaining cert status with leading browsers and others but have not yet done so. They had said this would happen by April of 2017.
I hope they do because StartSLL offered the lowest price for corporate level certificates and had other features not (yet) provided by Letsencrypt including wildcard certs. That would allow the TLD to be certified with subdomains included under the wildcard. Their certs also worked for one or two years, depending on the type. You could certify specific email addresses and servers separately, which allowed hosting email servers more independent. The biggest benefit was the cost was less... company certs are expensive... think about it - the process can be automated once the identity of the site or business owner has been verified. Although business verification requires such things as sending of certified mail to the address of the business as registered in the business license, the process should not be so expensive.
Until StartSSL is recertified with the major web browsers it is best to not try to use them.
StartSSL will soon cease operation. It makes no sense to use them IMO.
LE made it possible for me to offer easy, free ssl basic ssl connections. Most of my client opt for my second level product because free ssl is part of the package. My cost driven clients do not get that among a few other perks. Beforehand free ssl was a PITA now it is simply a checkbox..:)
When using virtualmin and webmin with nginx the following error occurs when trying to install Let's Encrypt certificate for webmin administration interface via
"Webmin -> Webmin -> Webmin Configuration -> SSL Encryption" menu -> "Let's Encrypt". Although adding Let's Encrypt for virtualmin nginx virtual host works at a glance.Failed to request certificate : No virtual host matching apraft.com was foundThank you so much for making this task a breeze!!
Maybe i can contribute to a bach script crongen i made to output the line for crontab
just cd /root touch crongen.sh chmod +x crongen paste below contents and update the vars ./crongen.sh
remove the dash (added beacuse of MD data)
-#!/bin/sh
EMAIL="your@email.com"
HOMEFOLDER="xxx" # where xxx is your /home/xxx/public_html
DOMAIN="iot.fastcrud.com" #domain to register
echo "01 3 1 * * cd /root/letsencrypt/ && ./letsencrypt-auto certonly --email $EMAIL --agree-tos --webroot --renew-by-default -w /home/$HOMEFOLDER/public_html/ -d $DOMAIN --authenticator webroot && cp /etc/letsencrypt/live/$DOMAIN/cert.pem /home/$HOMEFOLDER/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/$DOMAIN/chain.pem /home/$HOMEFOLDER/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/$DOMAIN/fullchain.pem /home/$HOMEFOLDER/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/$DOMAIN/privkey.pem /home/$HOMEFOLDER/ssl_certificates/privkey.pem"
I get the following error when running this on debian 8 An unexpected error occurred: Bug in pythondialog: expected an empty output from u'infobox', but got: u'Error opening terminal: unknown.\n'Please see the logfile 'certbot.log' for more details.
There is a bug in letsencrypt 0.9.x with python's dialog module. Simple fix just add -n before the first -d in your chrontab command and it will not need to run interactively and not use dialog.........
Owner of Linux Nuts Professional Services
But what about mail?
Owner of Linux Nuts Professional Services
My little version done by root, I had a general install for all the devices, and find and replace works better.
Also was asking to replace the files, y used the escape character
\cp -fTip: Start the find and replace with MYUSERNAMEFORDOMAIN
cd /root/ && git clone https://github.com/letsencrypt/letsencrypt
mkdir /home/MYUSERNAMEFORDOMAIN/ssl_certificates
01 3 1 * * cd /root/letsencrypt/ && ./letsencrypt-auto certonly --text --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYUSERNAMEFORDOMAIN/public_html/ -d www.MYDOMAIN -d MYDOMAIN --authenticator webroot && \cp /etc/letsencrypt/live/www.MYDOMAIN/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && \cp -f /etc/letsencrypt/live/www.MYDOMAIN/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && \cp -f /etc/letsencrypt/live/www.MYDOMAIN/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && \cp -f /etc/letsencrypt/live/www.MYDOMAIN/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem && chown -R MYUSERNAMEFORDOMAIN:MYUSERNAMEFORDOMAIN /home/MYUSERNAMEFORDOMAIN/ssl_certificates
Regards.
OP,
Please write in your original post that Virtualmin now does this all automatically!
Just go to your virtual server: Server Configuration -> Manage SSL Certificates -> Let's Encrypt.
Pages