I have a custom nginx installation functioning as reverse proxy in front of Apache.
The standard Virtualmin Letsencrypt auto-renewal doesn't work with the reverse proxy setup, so until now I have been renewing them manually by shutting down nginx and reconfiguring Apache to listen on port 80 and 443 and then requesting the certificates via the Virtualmin UI.
I would like to automate the renewal of certificates, and so far I have scripted the process of shutting down nginx, reconfiguring the ports and copying the certs to nginx. But I still need to automate the Letsencrypt certificate renewals.
What would be the recommended way of doing this in my case? Should I install Letsencrypt manually and use the certbot-auto command or can I somehow use the Letsencrypt implementation already present with Virtualmin?
Virtualmin Pro v. 6.00, Webmin v 1.851.
Comments
Submitted by andreychek on Wed, 08/30/2017 - 10:32 Comment #1
Howdy -- what happens if you try to obtain an SSL cert using Virtualmin with your particular setup there?
If it throws an error, what error do you receive?
And just to clarify, is Virtualmin managing the Apache setup on the back end?
Submitted by benjamin_dk on Wed, 08/30/2017 - 16:33 Comment #2
Well this is kind of embarrasing - just tried and it is actually possible to renew the certificates via the Virtualmin UI (and yes, Virtualmin is managing Apache).
But I swear I got error messages last time I tried it this way - it has been some time though, so maybe some improvement to the Virtualmin codebase has fixed the issue.
But actually my question still stands - what would be the recommended way to make the certificate renewal part of a custom script?
Submitted by JamieCameron on Wed, 08/30/2017 - 22:12 Comment #3
You can use the API command
virtualmin generate-letsencrypt-cert
Submitted by benjamin_dk on Thu, 08/31/2017 - 02:30 Comment #4
Awesome! Thanks a lot for your help, this is what I need.
I believe this command still needs to be added to the Virtualmin documentation, I have been looking around and have not been able to find it.
Submitted by benjamin_dk on Fri, 09/01/2017 - 03:39 Comment #5