BUGs with SSL certificate for webmin

27 posts / 0 new
Last post
#1 Fri, 12/02/2016 - 08:19
quacky

BUGs with SSL certificate for webmin

Hi,

I did used virtualmin before and i could request letsencrypt ssl certificate for a domain, and can also click on the "Copy to Webmin" button to use that certificate for logging in webmin.

However, 2-3 days ago i did a clean install of the newest virtualmin, on ubuntu 14.04. I was able to request lets encrypt ssl for a domain, but cannot "Copy to webmin". It doesn't say any error, but the certificate was not used, i still have to make an exception in browsers. I tried firefox, chrome, IE, all of them have problem, even after i clear all caches and cookies.

I tried "Copy to usermin" and see it works . i can open mydomain.com:20000 normally in all browsers with lets encrypt simbol in the address bar.

So i guess there is a bug in the new virtualmin version. I tried installed in another VPS provider and see the same problem.

Could anyone try and confirm?

Fri, 12/02/2016 - 08:25
Freddy63
Freddy63's picture

I too hard this problem today. Same OS, SSL certificate doesn't copy to Webmin.

Fri, 12/02/2016 - 08:25
quacky

The OS i am using is ubuntu 14.04, 32 bit

Fri, 12/02/2016 - 08:31
quacky

Thanks Freddy63, any virtualmin staff can help fix the bug? Thank you :)

Sat, 12/03/2016 - 17:06
webwzrd

I just updated a cert and pressed the copy buttons for webmin, usermin, dovcot and postfix. All seemed to work except unlike the other buttons the copy to Webmin didn't disappear even after several clicks. I checked the directory /etc/webmin and still had the old cert files, so I manually copied the new ones from /etc/usermin to /etc/webmin and we're good.

Sat, 12/03/2016 - 20:22
quacky

The tip doesn't work for me. In my case, i request for a certificate for a new domain sub.domain.com. I tried manually copy the the files sub.domain.com.cert and sub.domain.com.key from /etc/usermin to /etc/webmin, but it doesn't work.

Sat, 12/03/2016 - 23:03
webwzrd

Maybe you did this already, however I believe you need to restart Webmin.

Sun, 12/11/2016 - 11:51
7stars

I can confirm this issue on CentOS 7, also reported on irc channel

there are two issues at the moment:

1) Let's encrypt: if the old cert was in other directory before, eg. another directory under the user directory... it tries to read files from that directory BUT into the user directory first tree...obviously that directory there doesn't exist, so it fails...

eg. SSLCertificateKeyFile /home/myuser/public_html/thisfolder/mydomain.com.key ... and it tries to read from /home/myuser/thisfolder/ that doesn't exist because previously was on public_html/thisfolder

I had a paid cert before and used a custom directory, so in this case the let's encrypt request doesn't work

2) "Copy to Webmin" doesn't work... when I did that it returned even a message about /etc/usermin

practically it copied into usermin instead of webmin, so I had to manually copy the cert/key from usermin

there must be some oversight in the code...

thanks

Sun, 12/18/2016 - 12:56
janderk

I had same problem. Virtualmin 1.821 copies the certificate to the wrong folder. Manually copying and restarting webmin fixed it. Looks like a recent bug to me.

Mon, 01/02/2017 - 14:36
Jay Lee

In my case, copying & pasting doesn't work because I'm trying to move from an old domain to a new one to use as default with Virtualmin. I noticed the certificate files for the old domain in the /etc/webmin folder, but it didn't work even after copying & pasting the files for the new domain, renaming the old files to try to force it to use the new files & restarting the server. I might have to just patiently wait until the bug gets squashed in the next version. I'm currently using Virtualmin 5.05 & Webmin 1.830.

But to those for whom copying & pasting worked, why would you have to do this in the first place? In my second server, I have it so that the files automatically renew every month, and it still says "This SSL certificate is already being used by : Postfix, Usermin, Webmin, Dovecot, ProFTPD" after a couple of renewals. Am I missing something?

Mon, 01/02/2017 - 17:41
Jay Lee

I think I found answers to my own questions:

1) After I edited the miniserv.conf file in the /etc/webmin folder and restarted the server, everything works now. But I believe this very specific bug should be fixed with the next version of Virtualmin.

2) I started using Let's Encrypt just less than three months ago, so I might actually encounter this problem sometime this month. Or Virtualmin 5.05 might've already solved it. Fingers crossed...

Thu, 01/12/2017 - 12:23 (Reply to #11)
hostile

what did u edit in miniserv.conf ?

Thu, 01/12/2017 - 22:57 (Reply to #12)
Jay Lee

Try what @zamek said in #15. It should become apparent once you open the file and look through the code.

Tue, 01/10/2017 - 10:01
zamek

Same problem here trying to copy key in Webmin Configuration / SSL Certificate / Let's Encrypt

Operating system CentOS Linux 6.8 Webmin version 1.830 Virtualmin version 5.05

Copying cert and key from etc/usermin to etc/webmin and restarting webmin worked.

Thu, 01/12/2017 - 11:38
hostile

new install ubuntu 14.04

coping and restart it dont works

5.05 1.831

this is serious issue, basicaly no ssl

Thu, 01/12/2017 - 13:00
zamek

I had to change keyfile= and certfile= in miniserv.conf to point to my copied key file and cert file. Sorry I did not include this in my previous post.

Fri, 01/13/2017 - 07:07
hostile

mine shows correct like

certfile=/etc/usermin/domain.com.cert keyfile=/etc/usermin/domain.com.key

thats what should be ?

Fri, 01/13/2017 - 07:25
hostile

we need proper fix

Fri, 01/13/2017 - 07:56
zamek

@hostile you should copy the cert and key from /etc/usermin to /etc/webmin.

certfile should equal /etc/webmin/ and the name of your cert file

keyfile should equal /etc/webmin/ and the name of your key file

Then restart webmin. I agree we need a proper fix. Hope this helps.

Sat, 01/14/2017 - 21:51 (Reply to #19)
hostile

it copies itself from usermin to webmin, certs are there but button never dissapears

Fri, 01/13/2017 - 10:56
markspoiss

same problem here... i updated it under the webmin-webmin configuration-ssl settings and here i upload cert and key and it works :)

Fri, 01/13/2017 - 12:00
zamek

It looks like the problem is in the file /usr/libexec/webmin/virtual-server/copy_cert.cgi starting at line 13.

if ($in{'usermin'}) {
&copy_usermin_ssl_service($d);
}
else {
&copy_usermin_ssl_service($d);
}


The program executes the same "&copy_usermin_ssl_service($d);" function whether "usermin" is passed to it or "webmin" is passed to it. Please fix this.

Fri, 01/13/2017 - 13:40
zamek

I believe it should read:

if ($in{'usermin'}) {
&copy_usermin_ssl_service($d);
}
else {
&copy_webmin_ssl_service($d);
}


I made the change on my server and it looks like to worked.

Sat, 01/14/2017 - 21:52 (Reply to #23)
hostile

if it works can you share modified file please

Fri, 01/13/2017 - 17:02
zamek

Bug has been reported here: Copy to Webmin button is broken

Their work-around is to SSH in as root and run :

virtualmin install-service-cert --domain yourdomain.com --service webmin

The issue status is "Fixed" so it should hopefully be in the next release.

Sat, 01/14/2017 - 21:53 (Reply to #25)
hostile

anyone tried that ?

Mon, 01/23/2017 - 14:43
bizna

Thank you, @zamek.

I tried the 'virtualmin install-service-cert' option, and it did work in the sense that my Webmin on port 10000 now works properly with SSL.

But it didn't make the 'Add to Webmin' button go away. Even after restarting Webmin and Apache services.