Automation of Let’s Encrypt SSL Certificate Generation with Virtualmin

Let’s Encrypt

Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. The certificate is valid for 90 days, during which renewal can take place at any time. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites.

Virtualmin Command Line API

Virtualmin includes a script named virtualmin that can be run from the Unix shell to perform actions that are usually done from the web interface. In fact, almost all actions that can be done in a browser can also be done from the command line, or from shell scripts. This allows virtual server, user and alias creation and management to be done in a more automated function, such as from programs or scripts of your own creation.

Virtualmin – Let’s Encrypt

Virtualmin – Let’s Encrypt Command Line API can be used to generating Let’s Encrypt SSL Certificate. To learn about command command options execute command without any parameters. virtualmin command must be run as root.

root@nishantvaity:~#  virtualmin generate-letsencrypt-cert
Requests and installs a Let's Encrypt cert for a virtual server.
virtualmin generate-letsencrypt-cert --domain name
                                    [--host hostname]*
                                    [--default-hosts]
                                    [--renew months]
                                    [--size bits]
                                    [--staging]
                                    [--check-first | --validate-first]
                                    [--web | --dns]

Following command will generate & install SSL Certificate for provided domain name ‘yourdomain.com’ with hostname ‘yourdomain.com’ and ‘www.yourdomain.com’

root@nishantvaity:~#  virtualmin generate-letsencrypt-cert --domain yourdomain.com

Automation of Let’s Encrypt with Virtualmin

To generate SSL certificate for all domains & subdomains following steps are used:
Step 1: Get list of all domains
Step 2: Loop all domains with shell script
Step 3: At each loop iteration for specific domain or subdomain generate SSL certificate

Following shell script is used for generating SSL certificate for all domains & subdomains:

#!/bin/bash
DOMAINS=$(virtualmin list-domains  --name-only)
for DOMAIN in $DOMAINS
do
  virtualmin generate-letsencrypt-cert --domain $DOMAIN
  virtualmin install-service-cert --domain $DOMAIN --service usermin
  virtualmin install-service-cert --domain $DOMAIN --service dovecot
  virtualmin install-service-cert --domain $DOMAIN --service postfix
done

Save script file as ‘letsencrypt.sh’, If saved at ‘/var/www/html/’ directory file path will be ‘/var/www/html/letsencrypt.sh’

Setup Cron
Issued Let’s Encrypt certificate expires after 90 days. Monthly cron execution will generate new SSL for all domains / subdomains each month with new expiry date from generation date.

To view existing cronjobs execute following command

root@nishantvaity:~#  crontab -l

To set up new cronjobs execute following command and select your favourite command line editor.

root@nishantvaity:~#  crontab -e

Enter following line at cron scheduler

@monthly /var/www/html/letsencrypt.sh

Save crontab and close, this will install monthly cron.

Nishant Vaity

Knowledgeable and skilled Technology Lead with an ability of software development and supervision. Possess a Bachelor of Science (BS) in Information Technology along with 11+ years of experience with hands-on coding and team management. By profession, I am a Software Engineer, Technology Mentor & Entrepreneur. Passionate about the technologies I use and always eager to share & learn more from that passion.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.