Tag Archives: ssl

Webmin/VirtualMin with Let’s Encrypt

Virtualmin team said the next version of Virtualmin/Webmin will automate most of the letsencrypt setup. Meanwhile there’s an ongoing conversation about it in the forums

My setup:
./letsencrypt-auto certonly --webroot --webroot-path /usr/share/nginx/html -d my.vmin.server

Then in Webmin > Webmin Configuration > SSL Encryption set:

  • Private key file to /etc/letsencrypt/live/my.vmin.server/privkey.pem
  • Certificate file to /etc/letsencrypt/live/my.vmin.server/fullchain.pem

Add a monthly crontab job to renew the certificate:
/usr/local/letsencrypt/letsencrypt-auto certonly \
--webroot --webroot-path /usr/share/nginx/html -d my.vmin.server \
--renew-by-default \
--agree-tos

Similar Posts:

Tagged , , , , ,

Just click anywhere in the page and type…

Just click anywhere in the page and type “danger” to skip the SSL warning screen in Google Chrome. You won’t see the letters as you type them.

Similar Posts:

Tagged , ,

Match SSL Certificate to Key and CSR

Renewing an SSL certificate is usually straight forward. But sometimes you’re not sure which CSR to use. Or if you need to generate a new CSR, which SSL key. Here are the commands I use to verify the certificate related files:

openssl x509 -noout -modulus -in mydomain.crt | openssl md5
openssl rsa -noout -modulus -in mydomain.key | openssl md5
openssl req -noout -modulus -in mydomain.csr | openssl md5

The MD5 hash should match.
You could use a bash script to search a directory for a specific MD5 hash. For example:

for f in $(ls $SOMEDIR); do echo $f; openssl x509 -noout -modulus -in $SOMEDIR$f | openssl md5 | grep "MYMD5HASH"; done

I guess the above could use some work 🙂

for the CLI-phobics check out this certificate key matcher

Similar Posts:

Tagged , , , ,