virtualmin letsencrypt overide domain issue

Hi,

When you use domain specific ssl certs for services like dovecot for a domain and if this one use domain override for letsencryp ( not using all the domains of the vhost but only some ) the configuration in dovecot/webmin etc... is the main domain and not the domains of the letsencrypt overrides.

For exemple i have a dummy domain 000-site-par-defaut.fr for the default domain with an alias that is the fqdn.

The letsencrypt domain list is overriden to the fqdn and not 000-site-par-defaut.fr+fqdn by default. But when i ask for the domain certificate in dovecot and others the configuration is

local_name 000-site-par-defaut.fr {
  ssl_cert = </home/zero00-site-par-defaut/ssl.combined
  ssl_key = </home/zero00-site-par-defaut/ssl.key
}

and not

local_name fqdn {
  ssl_cert = </home/zero00-site-par-defaut/ssl.combined
  ssl_key = </home/zero00-site-par-defaut/ssl.key
}

in webmin it is

ipkey_000-site-par-defaut.fr,*.000-site-par-defaut.fr=/home/zero00-site-par-defaut/ssl.key
ipcert_000-site-par-defaut.fr,*.000-site-par-defaut.fr=/home/zero00-site-par-defaut/ssl.cert
ipextracas_000-site-par-defaut.fr,*.000-site-par-defaut.fr=/home/zero00-site-par-defaut/ssl.ca

and not

ipkey_fqdn=/home/zero00-site-par-defaut/ssl.key
ipcert_fqdn=/home/zero00-site-par-defaut/ssl.cert
ipextracas_fqdn=/home/zero00-site-par-defaut/ssl.ca

therefor the domain will never have the good certificate.

the issue here is that virtualmin ignore the domain override AND the aliases when configuring domain certificate in webmin/dovecot etc...

I think it should use the domain override list for the configuration and not only the servername.

best regards, Ghislain AQUEOS.

Status: 
Fixed (pending)
Virtualmin version: 
6.14
Webmin version: 
1.962

Comments

Body: View changes

When you use domain specific ssl certs for services like dovecot for a domain and if this one use domain override for letsencryp ( not using all the domains of the vhost but only some ) the configuration in dovecot/webmin etc... is the main domain and not the domains of the letsencrypt overrides.

Do you have an actual alias domains setup in Virtualmin for fqdn, or was it just the hostname the Lets Encrypt cert was issued for?

i have a dummy domain setup as a normal virtualserver, to that i add a simple alias that is the real fqdn (of course not the "fqdn" string ;p ), letsencrypt is setup to be limited to the fqdn only but the daemon configuration is only put for the main domain, not any alias and certainly not the one in the letsencrypt domain list :)

therefor it will never be matched.

regards, Ghislain

Main dummy one: 000-site-par-defaut.fr
Détails du serveur virtuel
Nom de domaine 000-site-par-defaut.fr
Créé le 06/11/2017 par root
Nom d'administrateur Unix zero00-site-par-defaut Groupe Unix 000-site-par-defaut
Quota total pour ce serveur 19.99 Gio Quota pour l'utilisateur Unix 20 Gio
Adresse IP 127.0.0.1 (Partagé par tous les serveurs)
Plan de compte Plan de base Adresse mail de contact zero00-site-par-defaut@000-site-par-defaut.fr
Répertoire utilisateur /home/zero00-site-par-defaut
Description site par defaut ne pas toucher
ID de domaine 150998780827309

and the real on for the fqdn:

Détails du serveur virtuel
Nom de domaine ****fqdn****
Créé le 13/06/2018 par root
Nom d'administrateur Unix zero00-site-par-defaut Plan de compte Plan de base
Alias du serveur 000-site-par-defaut.fr
Description **fqdn***
ID de domaine 152891059721869

in letsencrypt i have:

use only for this domain : fqdn

in service certificate: "yes" for 3 services.

regards, ghislain.

ps: sry for the little difference in the text the virtualmin is in french...

Ok I see what you mean now - I'll look into what's causing this, and update this ticket once it's fixed.

Ok, this will be fixed in the next Virtualmin release, by including all alias domains in the Dovecot config as well.

thanks a lot for looking at it so quickly. Have a great day !

Ghislain.