bg-tutorials

How to Install an SSL Certificate on Virtualmin

This guide explains how to install an SSL certificate on Virtualmin, the hosting control panel that runs on top of Webmin. You will paste your signed certificate, private key, and CA bundle, apply the certificate to your other services, and verify the result.

We also recorded a video that walks you through the entire process. You can watch the video, read the instructions, or do both. You can watch the video below.

Generate a CSR code on Virtualmin

If you have already generated the CSR and received your certificate files, skip part one and go straight to the installation steps.

To get an SSL certificate signed by a trusted Certificate Authority (CA), you first create a Certificate Signing Request (CSR) and submit it to the CA for validation. The CSR is a block of encoded text that holds your contact data, such as domain and company details. You have two options:

Generating the CSR inside Virtualmin (under Server Configuration and Manage SSL Certificate, on the Create Signing Request tab) has one advantage: the matching private key stays on the server, so you do not have to upload it later. Submit the CSR to your SSL vendor when you place the order.

Install an SSL certificate on Virtualmin

After the CA validates your request, it emails you the certificate files. Download the ZIP archive and extract it on your device. For a complete installation you need your signed SSL certificate, the matching private key, and the CA bundle (the intermediate certificates that build the chain of trust for browser compatibility).

Step 1: Open Manage SSL Certificate for your domain

  • Log in to your Virtualmin dashboard.
  • From the drop-down at the top left, select the domain (virtual server) you want to secure.
  • Go to Server Configuration and then Manage SSL Certificate. You can also reach the same page from Manage Virtual Server and then Setup SSL Certificate.

Step 2: Paste the certificate and private key

Open the Update Certificate and Key tab. This is where you install a certificate that was signed by a commercial CA.

  • In the Signed SSL Certificate field, select the Uploaded file option and choose your certificate, or select Pasted text and paste the full contents of your certificate file (everything from BEGIN CERTIFICATE to END CERTIFICATE).
  • For the Matching private key, if you generated the CSR on Virtualmin, leave it set to the existing key. If you generated the CSR elsewhere, paste or upload your private key file here.
  • Click Install Now.

Step 3: Add the CA bundle (intermediate certificates)

A certificate installed without its intermediates will trigger chain errors in some browsers and on mobile devices. To avoid this, open the CA Certificate tab, then paste or upload the contents of your CA bundle file (often named with a .ca-bundle extension), and save. Virtualmin links the bundle to your certificate so the full chain is served.

Step 4: Copy the certificate to your other services

By default the certificate secures only the website. Virtualmin can apply the same certificate to the panel and mail services so they all present a trusted certificate. On the Manage SSL Certificate page, look for the Copy to … buttons (or the list of services this certificate can be used by) and apply it to the ones you run:

  • Webmin and Usermin, the control panel interfaces.
  • Postfix, for outgoing mail (SMTP).
  • Dovecot, for incoming mail (IMAP and POP3).
  • ProFTPd, for FTP over TLS, if you offer FTP.

A button disappears once the certificate has already been copied to that service. After copying, Virtualmin restarts the affected services so the change takes effect. If you ever replace the certificate, repeat this step, because copying is a one-time action and is not automatic for a manually installed certificate.

Your certificate is now installed. You can connect to your site over HTTPS and should see the padlock next to the URL. To force every visitor onto the secure version, turn on the HTTPS redirect under Web Configuration and then Website Options (the Force HTTPS setting), or follow our guide on how to switch from HTTP to HTTPS.

Optional: install from the command line

If you have root shell access and prefer the terminal, Virtualmin ships an install-cert API command that does the same job as the three tabs above. Point it at your domain and your extracted files:

virtualmin install-cert --domain yourdomain.com \
  --cert /root/ssl/yourdomain.crt \
  --key /root/ssl/yourdomain.key \
  --ca /root/ssl/yourdomain.ca-bundle

If you generated the CSR on Virtualmin and did not download a separate key, drop the –key flag and add –use-newkey so the command reuses the key already on the server.

Free option: Let’s Encrypt in Virtualmin

Virtualmin includes free, automatically renewing certificates from Let’s Encrypt, so you do not have to buy one for basic Domain Validation. On the same Manage SSL Certificate page, open the SSL Providers tab (older builds label it Let’s Encrypt):

  • Under Request certificate for, choose the domains to cover. Add extra names in the Domain names listed here box, or tick Also request wildcard certificate for all subdomains on the same base name.
  • Leave Automatically renew certificate enabled. Let’s Encrypt certificates last 90 days, and auto-renewal keeps them valid without manual work.
  • Choose a Certificate Hash Type: RSA for the widest compatibility, or EC for a smaller, modern key.
  • Keep Check connectivity first on so Virtualmin confirms the domain resolves to your server before requesting, which avoids hitting rate limits.
  • Click Request Certificate. Issuance usually takes a few minutes, after which the certificate is installed automatically.

Let’s Encrypt issues Domain Validation certificates only. If you need Organization Validation, Extended Validation, or a longer warranty and dedicated support, install a commercial certificate using the steps above instead.

Test your SSL installation

After installing the certificate on Virtualmin, run a quick test to confirm the chain is complete and there are no errors or weak settings. Use our SSL Checker to scan your domain and get an instant status report on the certificate, the intermediate chain, and the protocols your server accepts.

While you are in Virtualmin’s SSL settings, confirm that only modern protocols are enabled. Disable TLS 1.0 and TLS 1.1 and keep only TLS 1.2 and TLS 1.3, which are the current secure baseline. If the website still reports a missing or incomplete chain, recheck the CA Certificate tab and make sure the full CA bundle was saved.

Frequently Asked Questions

Where do I install an SSL certificate in Virtualmin?

Select your domain from the drop-down, then go to Server Configuration and Manage SSL Certificate. Paste your certificate and key on the Update Certificate and Key tab, and add your CA bundle on the CA Certificate tab. The same page is also reachable through Manage Virtual Server and Setup SSL Certificate.

Does Virtualmin support free Let’s Encrypt certificates?

Yes. Open Manage SSL Certificate, go to the SSL Providers tab (labeled Let’s Encrypt in older versions), pick your domains, keep automatic renewal on, and click Request Certificate. Virtualmin issues and installs a free Domain Validation certificate and renews it before it expires.

How do I apply the certificate to mail and the Webmin panel?

On the Manage SSL Certificate page, use the Copy to … buttons to apply the certificate to Webmin, Usermin, Postfix, Dovecot, and ProFTPd. A button disappears after the certificate has been copied to that service. Repeat this step whenever you install a new certificate, since copying is not automatic for manually installed certificates.

Do I need to add the CA bundle separately?

Yes, for a commercial certificate. Without the intermediate certificates, some browsers and mobile devices report an incomplete chain. Paste or upload your CA bundle on the CA Certificate tab so Virtualmin serves the full chain. Let’s Encrypt certificates include their chain automatically, so no separate bundle is needed.

How do I check that the certificate is installed correctly?

Open your site over HTTPS and check for the padlock, then run a scan with our SSL Checker. The scan confirms the certificate is trusted, the intermediate chain is complete, and only TLS 1.2 and TLS 1.3 are enabled.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

A detailed image of a dragon in flight
Written by

I've been writing for SSL Dragon for over 10 years, focusing entirely on SSL certificates and digital security. My job is to take complex cybersecurity topics and strip away the jargon, making sure you get the clear, practical information you need to keep your website safe.