Knowledgebase

  1. Portal Home
  2. Knowledgebase
  3. Virtualmin Documentation
  4. SSL & Security
  5. generate-letsencrypt-cert

generate-letsencrypt-cert

Requests and installs a Let’s Encrypt cert for a virtual server The server must be specified with the --domain flag, followed by a domain name. By default the certificate will be the for either previously used hostnames for Let’s Encrypt, or the default SSL hostnames for the domain. However, you can specify an alternate list of hostnames with the --host flag, which can be given multiple times. Or you can force use of the default SSL hostname list with --default-hosts.

Requests and installs a Let’s Encrypt cert for a virtual server#

The server must be specified with the --domain flag, followed by a domain name. By default the certificate will be the for either previously used hostnames for Let’s Encrypt, or the default SSL hostnames for the domain. However, you can specify an alternate list of hostnames with the --host flag, which can be given multiple times. Or you can force use of the default SSL hostname list with --default-hosts.

If the optional --renew flag is given, automatic renewal will be configured to occur when the certificate is close to expiry.

To have Virtualmin attempt to verify external Internet connectivity to your domain before requesting the certificate, use the --check-first flag. This will detect common errors before your Let’s Encrypt service quota is consumed.

To have Virtualmin perform a local validation check of the domain, use the --validate-first flag. This is automatically enabled when --check-first is set.

By default, the standard Let’s Encrypt service will be used. However, you can use a different ACME-compatible provider with the --server flag followed by the provider’s API URL. The --server-key and --server-hmac flags can be used to specify a login to the provider.

By default Virtualmin will attempt to perform an external DNS lookup of all domain names that the certificate is requested for, to make sure they can be resolved by the Let’s Encrypt service. To disable this check, use the --skip-dns-check flag. Or to forcible enable it because it was disabled for the domain in the UI, use the --dns-check flag.

By default both web and DNS validation will be attempted by Let’s Encrypt for domain ownership, but you can select just one with either the --web or --dns flags.

Command line help#

virtualmin generate-letsencrypt-cert --domain name
 [--host hostname]*
 [--default-hosts]
 [--renew]
 [--size bits]
 [--staging]
 [--check-first | --validate-first]
 [--web | --dns]
 [--rsa | --ec]
 [--server url]
 [--server-key id]
 [--server-hmac string]

Source: https://www.virtualmin.com/docs/development/api-programs/generate-letsencrypt-cert/

  • virtualmin, domain, dns, ssl, certificate, letsencrypt, quota, log, install, api, command line, error, resolve, generate, cert
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Pre and Post Domain Modification Scripts

Virtualmin allows the use of custom scripts (Shell, Perl, Python and etc.) to automate tasks...

OS Support

Virtualmin runs on top of Webmin. Webmin works on almost every UNIX-like OS, so with some manual...

Professional Features

Virtualmin GPL is already an extremely powerful and flexible virtual hosting control panel, so...

How to Configure Secondary DNS

This guide provides administrators with a quick overview of setting up automatic DNS secondary...

How to Configure Cloudflare DNS

For users looking to integrate Cloudflare with Virtualmin Pro, the process is straightforward and...

  Tag Cloud

a record access account address addresses admin admins alias aliases almalinux apache api authentication auto automated automatic automation available backup backups bandwidth bind bucket buckets catch centos cert certificate certs cgi change check clamav cli clone cloud cloudflare cloudmin cname command command line commands compliance config configure configuring connectivity container containers contributing copy create creation cron cron job custom data database databases debian debug default delete dependent directories directory disable disconnect dkim dmarc dns domain domainkeys domains dovecot downgrade download dropbox drupal editing email emails enable error execution expiry exploring fail2ban fastcgi feature features fedora file file manager files firewall fix forward forwarding found ftp generate global group guides hold hosting hosts https identified imap import info install installation jobs joomla keys ldap letsencrypt license limit limits line link list log log files login logs mail mailbox maillogs manage manager managing manual mariadb memory migrate migration modes modification modify module move multiple mx record mysql nameserver navigate navigation nginx notify opensuse outgoing owner page pass password permissions php php-fpm phpmyadmin plan plans podman pop3 ports post postfix postgresql professional protect protected providers proxies proxy ptr record quota redirect redirects registration remote remote api rename replication repos repositories reseller resellers resend reset resolve resources responder restart restore revision revisions rhel rocky roundcube running scanning schedule scheduled script scripts search secondary security sender server servers service setting setup sftp shared shell shells simple smtp spam spamassassin spf squirrelmail ssh ssl start statistics statuses stop storage structure subdomain support switch syncmx system template templates test theme tls transfer translations troubleshoot troubleshooting types ubuntu unalias understanding uninstalling unsub update upgrade upload uploading user usermin users validate variables versions view virtual virtual-server virtualmin virus webalizer webmail webmin webserver website websites wordpress workbench writelogs zone

  Support

My Support Tickets Announcements Knowledgebase Downloads Network Status Open Ticket