This repository contains a collection of scripts and utilities that can be used to manage Virtualmin LAMP servers.
TL;DR; : run virtualmin-ssl-renewal.sh as root to renew SSL certificates on all Virtualmin servers.
Virtualmin has a built-in feature to renew SSL certificates via Let's Encrypt. However, it is not always reliable. For example, here are some problems Users have reported:
- Mismatched DocumentRoot Users report renewal failures when HTTP and HTTPS DocumentRoot differ — Let's Encrypt validation fails as .well-known cannot be resolved.
- Failure When Adding
www.Alias Virtualmin sometimes misseswww.domain.comin SANs if DNS or Apache aliasing isn't correct, even when requested. - Broken Configs After Failed Renewals Failed cert renewals leave outdated or missing cert file references, causing Apache to fail on restart.
- Old SSL Directives Not Cleaned Up Conflicting or duplicated SSLCertificateFile entries introduced by repeated Virtualmin renewals without cleanup.
- No Isolated Backups or Recovery Users note Virtualmin doesn’t back up domain or Apache configs before applying LE updates, risking permanent breakage.
To address these issues, we have created a script that can be used to renew SSL certificates on Virtualmin servers.
This script addresses several recurring issues with Virtualmin’s Let's Encrypt integration:
- Consistent Renewal Process: Virtualmin’s built‑in routines may struggle with inconsistent DocumentRoot settings or fail when domains have multiple configurations. This script verifies that both HTTP and HTTPS DocumentRoots match before attempting renewal, avoiding misissuance.
- Robust Validation: It performs thorough checks on certificate files post-renewal, ensuring that all required files (cert, chain, fullchain, and key) are present. This guards against partial or failed renewals that can leave sites insecure.
- Dynamic Apache Config Update: Instead of relying on Virtualmin’s sometimes brittle updates, the script programmatically removes outdated SSL directives and injects a consistent set of directives into the Apache config. This ensures that the web server is always correctly pointed to the renewed certificates.
- Safe Backup & Rollback: Recognizing that configuration changes can be risky, the script creates timestamped backups in dedicated subdirectories. This approach keeps the main directories clean and makes it easier to recover from errors.
- Automated Service Reloads: After validating the new configuration with Apache’s config test, it reloads Apache and Webmin services automatically. This minimizes downtime and manual intervention, making certificate management more reliable.
Modify the root user's crontab by:
- removing any reference to
renew_letsencrypt_cert - add the following line to the crontab:
57 14 11 1,4,7,10 * /path/of/virtualmin-ssl-renewal.sh > /path/of/virtualmin-ssl-renewal.logTo renew SSL certificates for a single domain, run the script with the domain name as an argument:
./virtualmin-ssl-renewal.sh -d example.comTL;DR; : run mysql-convert-encoding.sh -u [user] -d [db_name] to create an sql file that can be used to convert the database to utf8mb4 encoding, using InnoDB engine.
Say you've migrated a lot of eterogeneous databases to a single server, tied to legacy applications. You may have databases with different collations, encodings, and engines. This script can be used to convert all databases to a consistent encoding, collation, and engine.
./mysql-convert-encoding.sh -u [user] -d [db_name] -o [output_file]Then, review the generated SQL file and run it on the database: mysql -u [user] -p [db_name] < [output_file]