Let’s Encrypt
Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. The certificate is valid for 90 days, during which renewal can take place at any time. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites.
Virtualmin Command Line API
Virtualmin includes a script named virtualmin that can be run from the Unix shell to perform actions that are usually done from the web interface. In fact, almost all actions that can be done in a browser can also be done from the command line, or from shell scripts. This allows virtual server, user and alias creation and management to be done in a more automated function, such as from programs or scripts of your own creation.
Virtualmin – Let’s Encrypt
Virtualmin – Let’s Encrypt Command Line API can be used to generating Let’s Encrypt SSL Certificate. To learn about command command options execute command without any parameters. virtualmin command must be run as root.
root@nishantvaity:~# virtualmin generate-letsencrypt-cert Requests and installs a Let's Encrypt cert for a virtual server. virtualmin generate-letsencrypt-cert --domain name [--host hostname]* [--default-hosts] [--renew months] [--size bits] [--staging] [--check-first | --validate-first] [--web | --dns]
Following command will generate & install SSL Certificate for provided domain name ‘yourdomain.com’ with hostname ‘yourdomain.com’ and ‘www.yourdomain.com’
root@nishantvaity:~# virtualmin generate-letsencrypt-cert --domain yourdomain.com
Automation of Let’s Encrypt with Virtualmin
To generate SSL certificate for all domains & subdomains following steps are used:
Step 1: Get list of all domains
Step 2: Loop all domains with shell script
Step 3: At each loop iteration for specific domain or subdomain generate SSL certificate
Following shell script is used for generating SSL certificate for all domains & subdomains:
#!/bin/bash DOMAINS=$(virtualmin list-domains --name-only) for DOMAIN in $DOMAINS do virtualmin generate-letsencrypt-cert --domain $DOMAIN virtualmin install-service-cert --domain $DOMAIN --service usermin virtualmin install-service-cert --domain $DOMAIN --service dovecot virtualmin install-service-cert --domain $DOMAIN --service postfix done
Save script file as ‘letsencrypt.sh’, If saved at ‘/var/www/html/’ directory file path will be ‘/var/www/html/letsencrypt.sh’
Setup Cron
Issued Let’s Encrypt certificate expires after 90 days. Monthly cron execution will generate new SSL for all domains / subdomains each month with new expiry date from generation date.
To view existing cronjobs execute following command
root@nishantvaity:~# crontab -l
To set up new cronjobs execute following command and select your favourite command line editor.
root@nishantvaity:~# crontab -e
Enter following line at cron scheduler
@monthly /var/www/html/letsencrypt.sh
Save crontab and close, this will install monthly cron.