Custom NGINX reverse proxy setup: how to automate Letsencrypt cert. renewals?

I have a custom nginx installation functioning as reverse proxy in front of Apache.

The standard Virtualmin Letsencrypt auto-renewal doesn't work with the reverse proxy setup, so until now I have been renewing them manually by shutting down nginx and reconfiguring Apache to listen on port 80 and 443 and then requesting the certificates via the Virtualmin UI.

I would like to automate the renewal of certificates, and so far I have scripted the process of shutting down nginx, reconfiguring the ports and copying the certs to nginx. But I still need to automate the Letsencrypt certificate renewals.

What would be the recommended way of doing this in my case? Should I install Letsencrypt manually and use the certbot-auto command or can I somehow use the Letsencrypt implementation already present with Virtualmin?

Virtualmin Pro v. 6.00, Webmin v 1.851.

Status: 
Closed (fixed)

Comments

Howdy -- what happens if you try to obtain an SSL cert using Virtualmin with your particular setup there?

If it throws an error, what error do you receive?

And just to clarify, is Virtualmin managing the Apache setup on the back end?

Well this is kind of embarrasing - just tried and it is actually possible to renew the certificates via the Virtualmin UI (and yes, Virtualmin is managing Apache).

But I swear I got error messages last time I tried it this way - it has been some time though, so maybe some improvement to the Virtualmin codebase has fixed the issue.

But actually my question still stands - what would be the recommended way to make the certificate renewal part of a custom script?

You can use the API command virtualmin generate-letsencrypt-cert

Awesome! Thanks a lot for your help, this is what I need.

I believe this command still needs to be added to the Virtualmin documentation, I have been looking around and have not been able to find it.

Status: Active ยป Closed (fixed)