Let's Encrypt

From Webmin Documentation
Jump to: navigation, search

It is possible to use webmin to get and maintain CA-signed Let's Encrypt (or certbot ) certificates.

Let's Encrypt in Webmin Configuration

To use Let's Encrypt certificates, configure SSL_Encryption in Webmin Configuration.

Request Limits

The Let's Encrypt server limits the requests for certificates to 20 per week per domain. So when (re)configuring certificate usage it is advised to use the Staging server for certificates first (which does not limit requests).

Automation

Let's encrypt use automation in enabling SSL-encryption; any Let's Encrypt provided certificate is valid for at most 90 days. Luckily Let's Encrypt provides an API to update your certificates and Webmin provides scripting to perform the updates.

  • Months between automatic renewal should be set to 2.

Authentication

To make sure that a site's certificate really belongs to the website that is using the it, Let's Encrypt needs access to the web-directories while installing/updating a certificate for that site, a process that is called Automatic Certificate Management Environment or ACME and uses a (hidden) folder ./.well-known/acme-challenge/ as the location for HTTP Identifier Validation.

Configuration

/etc/letsencrypt

Certbot

certbot is a commandline interface to Let's Encrypt. If for some reason Webmins built-in interface does not lead to the needed certificates, certbot may come to the rescue.