Virtualmin "looses LE certificate"

The virt weirdness continues. I had a potential client report(and subsequently not use my service) because my site etc-md.com would come up with /forbidden. Then when he tried again the certificate was not valid. I went and regenerated the certificate and it worked..for a few hours. Now virt says my login to virt is wrong(it works ok at the shell) and it locked me out due to too many authentication failures(2). i have not changed anything...it looks like the virtualmin internal deterioration has struck this machine as well....

Status: 
Closed (cannot reproduce)

Comments

Howdy -- thanks for contacting us!

I seem to be able to access https://etc-md.com now. Also note that we haven't been receiving any similar reports to what you're describing.

Are you still having trouble access https on your website now though, or is that working properly?

it is working fine after multiple apache restarts....i'll be reloading this machine as well...it seems to be the best way to fix virt issues.

virt has now locked me out of the web interface(restarting webmin does nothing) AND i am getting forbidden to my own site at etc-md.com. Of course this start with it telling my login was wrong(which i can login via ssh with no problems)...

shutting down webmin entirely gave me access to my website again..how can webmin block port 80/443..is this due to the security flaw i mentioned a couple of years back with whmcs being able to traverse directories if run on the same machine as webmin only with webmin stomping on apache?

It sounds like something very unusual is going on... Webmin doesn't do anything with ports 80 and 443, and restarting it should have no impact on Apache.

I see that "etc-md.com" still shows a "Forbidden" message.

Can you verify these two things --

  1. Can you double-check that in $HOME/public_html for the etc-md.com domain, that you see an index file there (such as index.html or index.php)? That is, do the web files appear to be present?

  2. Can you check that in $HOME/logs/access_log for the etc-md.com domain, that you are seeing an access attempt when that Forbidden message is coming up? I'm curious if the wrong domain is receiving requests destined for etc-md.com.

the etc-md.com domain is working now after multiple restarts of webmin and apache. it only affected etc-md.com...i use etc-md.com for my website and etc-md.com:10000 for virt. recently after 6.05 was installed is when this issue started. There's nothing in the logs as to why this is going on....

my main domain etc-md.com comes up forbidden now and webmin says i am using the wrong password..when i am not.

i had to kill webmin..kill apache...reset my password for webmin via the command line...restart webmin..restart apache. This is getting old

Can you verify these two things --

Can you double-check that in $HOME/public_html for the etc-md.com domain, that you see an index file there (such as index.html or index.php)? That is, do the web files appear to be present?

yeppers everything is there.

Can you check that in $HOME/logs/access_log for the etc-md.com domain, that you are seeing an access attempt when that Forbidden message is coming up? I'm curious if the wrong domain is receiving requests destined for etc-md.com.

There's no errors in the logs i can detect that are server side. There's some sni errors but those are usually a client side issue. HOwever the ip address throwing the sni errors are not from my ip addies.

Moreso than errors in the logs, I'm curious if you even see an access attempt at all in the access_log.

Especially since you're seeing the website files in place,I'm wondering whether the wrong site is answering requests for this particular domain.

Actually, this might help with that too, what is the output of this command:

grep -i '<virtualhost' /etc/httpd/conf/httpd.conf

grep -i 'etc-md.com' /etc/httpd/conf/httpd.conf ServerName etc-md.com ServerAlias www.etc-md.com ServerAlias webmail.etc-md.com ServerAlias admin.etc-md.com ErrorLog /var/log/virtualmin/etc-md.com_error_log CustomLog /var/log/virtualmin/etc-md.com_access_log combined RewriteCond %{HTTP_HOST} =webmail.etc-md.com RewriteRule ^(.) https://etc-md.com:20000/ [R] RewriteCond %{HTTP_HOST} =admin.etc-md.com RewriteRule ^(.) https://etc-md.com:10000/ [R] AuthName "etc-md.com statistics" ServerName etc-md.com ServerAlias www.etc-md.com ServerAlias webmail.etc-md.com ServerAlias admin.etc-md.com ErrorLog /var/log/virtualmin/etc-md.com_error_log CustomLog /var/log/virtualmin/etc-md.com_access_log combined RewriteCond %{HTTP_HOST} =webmail.etc-md.com RewriteRule ^(.) https://etc-md.com:20000/ [R] RewriteCond %{HTTP_HOST} =admin.etc-md.com RewriteRule ^(.) https://etc-md.com:10000/ [R] AuthName "etc-md.com statistics"

from inside virtualmin: 2604:4100:2:7:: (Default IP) 2 virtual servers however when i click thae link virt throws there are no virtual servers using this ip.

grep -i '<virtualhost' /etc/httpd/conf/httpd.conf

ports, instead of the default. See also the definition. These values also provide defaults for any containers you may define later in the file. All of these directives may appear inside containers, If you do not specify an ErrorLog directive within a logged here. If you do define an error logfile for a # If you do not define any access logfiles within a <VirtualHost> # define per-<VirtualHost> access logfiles, transactions will be

[Mon Feb 11 04:21:27.290120 2019] [ssl:error] [pid 9083:tid 140234070259456] AH02032: Hostname www.etc-md.com provided via SNI and hostname etc-md.com provided via HTTP are different [Mon Feb 11 04:51:47.684493 2019] [ssl:error] [pid 16079:tid 140233869833984] AH02032: Hostname www.etc-md.com provided via SNI and hostname etc-md.com provided via HTTP are different [Mon Feb 11 10:43:35.480365 2019] [authz_core:error] [pid 6925:tid 140233886619392] [client 2604:4100:2:7::2:33308] AH01630: client denied by server configuration: /home/etcmaryland/public_html/.user.ini, referer: https://etc-md.com/.user.ini [Mon Feb 11 14:49:39.064738 2019] [ssl:warn] [pid 17424:tid 139739220973696] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Mon Feb 11 14:49:39.064763 2019] [ssl:warn] [pid 17424:tid 139739220973696] AH01909: RSA certificate configured for etc-md.com:443 does NOT include an ID which matches the server name [Mon Feb 11 14:49:39.157303 2019] [ssl:warn] [pid 17424:tid 139739220973696] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Mon Feb 11 14:49:39.157322 2019] [ssl:warn] [pid 17424:tid 139739220973696] AH01909: RSA certificate configured for etc-md.com:443 does NOT include an ID which matches the server name [Mon Feb 11 14:54:28.828809 2019] [ssl:warn] [pid 19187:tid 140002213881984] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Mon Feb 11 14:54:28.916233 2019] [ssl:warn] [pid 19187:tid 140002213881984] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Mon Feb 11 20:19:34.186881 2019] [ssl:error] [pid 12589:tid 139668024678144] AH02032: Hostname www.etc-md.com provided via SNI and hostname etc-md.com provided via HTTP are different

I have had enough. I am having this machine paved and i am reloading it with ubuntu 18.04. I am also going to set web.virt to NOT use any other cert except the self-signed one for itself. I think web/virt has got it's config with apache screwed up and apache and web.virt wind up stomping on each other. FF and chrome when this happen etc-md comes up forbidden and virt refuses to log me in saying the login is incorrect. if i shutdown web.virt at least in edge..yes edge..then etc-md comes up with it's valid cert but..get this...port 10k still come sup with an invalid cert. Only if i shutdown both apache and web/virt..then bring up apache then bring up virt do things work correctly in edge..for ff and chrome it's a crapshoot.

Yeah I'm not seeing anything in your output you shared on Friday that would explain the issue.

Restarting Apache shouldn't ever affect how Webmin works, and vice versa. There's no configuration that's shared between them like that.

If you like, one of us can log in and take a look next time the issue is occurring.

I don't currently have any explanation for the behavior you're describing, but maybe we can sort something out if we see it first hand.

I see "etc-md.com" shows Forbidden now, so I can log in tonight (or tomorrow based on when you're able to respond), and take a closer look at why that's occurring if you like.

To do that, I'd need a root SSH and Webmin login that I can use for your server.

what i do is reset the root password for webmin..then shutdown webmin. let it sit for a bit...thens tart it up. Sometimes when that fails i shut down webmin again...restart apache..then bring up webmin. The server is being backedup for the final time tomorrow evening and getting nuked and reloaded to ubuntu 18.04 lts. Having to modify the system to run newer php versions i think is why things have gone so badl...this system has been having various corruptions and weirdness for a while and it is the oldest of my servers....will report on the nukage and rebuilding monday morning.

Status: Active ยป Closed (cannot reproduce)

reloading the machine with ubuntu 18.04LTS has solved the issues i was experiencing with this particular server.