Today I am moving away from Cloudflare to see if it can reduce HTTP request wait times, I suspect although they provide a little caching and security for free given I have implemented Fail2Ban and the right caching plugins that an extra link in the HTTPS chain is no longer necessary.
So here is my working process for enabling LetsEncrypt on Linux CentOS 6 with VirtualMin and SSH. Remember to replace DOMAINUSERNAME with the account of your virtualhost and YOURDOMAIN with your equivalent of bradmcallister.com the script handles the www version simultaneously.
cd /home/DOMAINUSERNAME/ && git clone https://github.com/letsencrypt/letsencrypt
mkdir /home/DOMAINUSERNAME/ssl_certificates
Setup 1st of the month cron job in virtualmin for this command
cd /home/DOMAINUSERNAME/letsencrypt/ && ./letsencrypt-auto certonly --email info@YOURDOMAIN --agree-tos --webroot --renew-by-default -w /home/DOMAINUSERNAME/public_html/ -d www.YOURDOMAIN -d YOURDOMAIN --authenticator webroot && cp -f /etc/letsencrypt/live/www.YOURDOMAIN/cert.pem /home/DOMAINUSERNAME/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.YOURDOMAIN/chain.pem /home/DOMAINUSERNAME/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.YOURDOMAIN/fullchain.pem /home/DOMAINUSERNAME/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.YOURDOMAIN/privkey.pem /home/DOMAINUSERNAME/ssl_certificates/privkey.pem
In Virtualmin, select you domain and go to “Edit virtual server”, make sure that SSL is enabled under “Enabled features”.
Under “Server configuration” go to “Manage SSL Certificate”. Select the tab “Update Certificate and Key” and under “Signed SSL certificate” select the option “File on server”, fill in the location of the certificate: “/home/DOMAINUSERNAME/ssl_certificates/cert.pem”
Do the same for section “Matching private key”. Select: “/home/DOMAINUSERNAME/ssl_certificates/privkey.pem”
Click on “Install Now”.
Switch to tab “CA Certificate”, select “In file on server ” and fill in: “/home/DOMAINUSERNAME/ssl_certificates/fullchain.pem”
Click on “Save Certificate”.