Skip to content

How to use Let’s encrypt to issue a certificate for webmin.

This article is deprecated for two reasons. Webmin changed the way that it handles reading certificate files from linked folders as pointed out by a kind reader. Additionally, webmin now natively supports Letsencrypt.

Today I am going to explain how to use Let’s encrypt to issue a free SSL certificate for Webmin.

Webmin already has a built in SSL certificate, but it is self-signed and throws up security warnings to any browser worth its salt.

Let’s start with the basics:

Let’s encrypt is a free certificate authority backed by some major players such as Akamai, Cisco, the Electronic Frontier Foundation, and even Facebook. I am not going to go into technical details as they have been covered extensively elsewhere, but I will give you a link to the project’s documentation.

Webmin is a server control panel for linux distributions. It is great if you aren’t as comfortable with the command line and want a GUI for general server administration.

If you aren’t familiar with either of these, I’m not sure this post is particularly relevant to you.

These instructions are for Ubuntu 14.04 but should work similarly for any Debian-based distro.

What you need:

Web-facing Linux server with Webmin installed and root or sudo access.
Authoritative control over a second level domain (the x portion of xxxxx.yyyy)

Step 1: Point the domain that you want for your Webmin URL at your Webmin server.

Step 2: Install Let’s Encrypt according to the documentation.

Step 3: Here is the beef of the project.

First, you are going to have to temporarily disable your web server on port 80 if you have it running.

For apache you will enter the following command:

sudo service apache2 stop

For nginx you will enter the following command:

sudo service nginx stop

Next up you will use Let’s encrypt to issue the certificate:

cd ~/letsencrypt
./letsencrypt-auto certonly
Follow the onscreen instructions for Let’s Encrypt.

After completion, you will have a message that contains the following:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/webmin.yourdomain.com/fullchain.pem

Your next step is to copy the associated files to a folder where Webmin can access them:

sudo cp /etc/letsencrypt/live/webmin.yourdomain.com/privkey.pem /etc/webmin/privkey.pem
sudo cp /etc/letsencrypt/live/webmin.yourdomain.com/cert.pem /etc/webmin/cert.pem
sudo cp /etc/letsencrypt/live/webmin.yourdomain.com/chain.pem /etc/webmin/chain.pem

Next you will configure the certificates to work with Webmin:

Log in to Webmin:

Click Webmin>Webmin Configuration>SSL Encryption

Change the following settings as marked:

webmin_ssl_config_2

Apply the configuration and verify!

Don’t forget to restart your webserver!

For apache you will enter the following command:

sudo service apache2 start

For nginx you will enter the following command:

sudo service nginx start

11 Comments

  1. Hermann Hermann

    Thank you very much! Worked instantly!
    Shouldn’t you use links instead of copying as the keys will be renewed sometimes? I did

    ln -s /etc/letsencrypt/live/webmin.yourdomain.com/privkey.pem /etc/webminprivkey.pem

    etc. which worked.

    • mike mike

      Good point, I am thinking this is the route I will take.

  2. Jan Espen Pedersen Jan Espen Pedersen

    It works, thanks 🙂

  3. Yeah that will work for three months until your certificates expire. Rethink this.

    • mike mike

      You can regenerate and copy as needed. I may upload a bash script that will automatically do this for the user soon.

  4. Hello

    I generate the L.E. certificate when I configure the Apache2 default-ssl.conf virtual server.
    But I need to say to webmin to use this certificate.

    Copy the certificates to /etc/webmin is NOT a good idea, because they will expire in 3 months !
    When Let’s Encrypt will renew the certificates for all your sites, included the Webmin site, new certificates will go in /etc/letsencrypt/live/mywebmin.com
    and NOT in /etc/webmin !

    Better you don’t copy the certificate.
    Simply go in the Webmin>Webmin Configuration>SSL Encryption page
    and put the path and files names for the private key and the certificate, directly point to the /etc/letsencrypt/live/mywebmin.com/privkey.pem and cert.pem.

    • mike mike

      This is a valid point, I will be uploading a solution to this problem soon.

  5. Thanks a lot! It worked as a charm! 🙂

  6. Mike Mike

    A problem is that even when the certificate is correcly linked, webmin never re-reads the certificate file, so unless the sever or webmin is restarted, you get locked out of sebmin when the old certificate has expried, until you restart webmin and it reads the new certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *