Lets Encrypt certificates are broken

Virtualmin adds X3 CA certificate to Lets Encrypt certificates that are issued with R3 CA.

I noticed this bug on several virtualmin servers of mine.

Status: 
Closed (fixed)
Virtualmin version: 
6.14
Webmin version: 
1.962

Comments

I too had this on CentOS 7. I found I need to do 'yum install certbot' and it was fixed (after reinstalling the bad certificates)

Ilia's picture
Submitted by Ilia on Tue, 12/08/2020 - 04:10

Yes, correct. We will consider dropping acme_tiny.py script eventually. certbot is the right choice for doing a job!

Status: Active » Fixed (pending)

Hi,

i installed certbot but i still have some issues. When i check ssl i receive

Chain issues Incomplete

Sorry for double post please delete

Hi,

i installed certbot but i still have some issues. When i check ssl i receive

Chain issues Incomplete

Note that if you have installed certbot, you will need to refresh the cert to get the new CA.

This fix was put into webmin 1.970 which was released on January 6th, but there's still no update on the virtualmin-universal repo for this. Is there a new repo we should be using or is this getting pushed soon?

Ilia's picture
Submitted by Ilia on Wed, 02/24/2021 - 12:19

Assigned: Unassigned »

Is there a new repo we should be using or is this getting pushed soon?

We are about to release new Webmin 1.972, which will address those and other issues as well. Jamie is about to do it, as far as I am aware.

We will try to do it as soon as possible.

Sorry for inconvenience.

Ilia's picture
Submitted by Ilia on Thu, 02/25/2021 - 05:43

There will be no reason for doing this with upcoming Webmin 1.972+.

@Ilia Roger that! :) It's a temporary solution till your upcoming release for those who have production systems failing TLS handshakes that can't fail another minute.

I'm currently on Webmin 1.973 and I'm having this issue as well. SSL checkers like sslshopper, digicert and geocerts all returned errors regarding the CA certificate.

Server Configuration > SSL Certificate > CA Certificate shows the correct path to the generated ssl.ca file (/home/example/ssl.ca) and when I check the folder, the file is there with the same content as https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem but I don't understand why these SSL checkers can't seem to locate the ssl.ca file.

Kindly ignore (and delete if required) my previous comment. It was most probably a cache issue or something. It's working fine after restarting webmin and rebooting the server.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.