Setting up a valid SSL/TLS certificate for Webmin using Let’s Encrypt
Introduction: Webmin is a web-based interface for system administration on Unix-like systems. By default, Webmin uses a self-signed certificate, which is not trusted by web browsers. This document provides step-by-step instructions on how to replace the self-signed certificate with a valid SSL/TLS certificate from Let’s Encrypt.
Prerequisites: Before proceeding with the installation of a valid SSL/TLS certificate, you must have the following:
- One Ubuntu server with Webmin installed and configured. Follow the instructions provided in our previous documentation to install Webmin on Ubuntu 20.04.
- A Fully-Qualified Domain Name (FQDN), with a DNS A record pointing to the IP address of your server.
Step-by-step instructions:
- Navigate to https://your_domain:10000 in your web browser, replacing your_domain with the domain name pointing to your server’s IP address.
Note: When logging in for the first time, you will see an “Invalid SSL” warning. This warning may say something different depending on your browser, but the reason for it is that the server has generated a self-signed certificate. Allow the exception and proceed to your domain so you can replace the self-signed certificate with one from Let’s Encrypt.
- Sign in with the non-root user you created while fulfilling the prerequisites for this tutorial.
- Once you log in, the first screen you will see is the Webmin dashboard. Before you can apply a valid certificate, you have to set the server’s hostname. Look for the System hostname field and click on the link to the right.
- This will take you to the Hostname and DNS Client page. Locate the Hostname field, and enter your Fully-Qualified Domain Name into the field. Then click the Save button at the bottom of the page to apply the setting.
- After you’ve set your hostname, click on the Webmin dropdown menu in the left-hand navigation bar, and then click on Webmin Configuration.
- From the Webmin Configuration page, select SSL Encryption from the list of icons, and then click on the Let’s Encrypt tab.
- On this page, you’ll tell Webmin how to obtain and renew your certificate. Follow these steps to set up your certificate:
- Fill in Hostnames for certificate with your FQDN.
- For Website root directory for validation file, select the Other Directory button and enter your website’s document root. Assuming you followed the prerequisite Apache tutorial, this will be /var/www/your_domain.
- For Months between automatic renewal section, deselect the Only renew manually option by typing 1 into the input box, and select the radio button to the left of the input box.
- Click the Request Certificate button. After a few seconds, you will see a confirmation screen.
- To use the new certificate, click the Return to Webmin configuration button on the confirmation screen. From that page, scroll down and click the Restart Webmin button. Wait around 30 seconds, and then reload the page and log in again. Your browser should now indicate that the certificate is valid.
Conclusion: You have successfully set up a valid SSL/TLS certificate for Webmin using Let’s Encrypt. You can now access Webmin securely by navigating to https://your_domain:10000 in your web browser without encountering an “Invalid SSL” warning.