Moving SSL certificate with Nginx

virtualmin / virtualmin-gpl

Virtualmin web hosting control panel for Webmin

https://www.virtualmin.com

GNU General Public License v3.0

320 stars 101 forks source link

Moving SSL certificate with Nginx #866

Open iliajie opened 3 months ago

iliajie commented 3 months ago

Hey Jamie!

Moving SSL certificate to the new location seems to work just fine with Apache. To be clear I mean this page:

However, when used with Nginx things are getting really broken:

It gets broken to the level that Webmin stops working, e.g.:

miniserv.conf in this case gets new records, like:

-certfile=/etc/webmin/host.ubuntu24-gpl.virtualmin.dev.cert
+certfile=/etc/webmin/ubuntu24-gpl.virtualmin.dev.cert
-keyfile=/etc/webmin/host.ubuntu24-gpl.virtualmin.dev.key
+keyfile=/etc/webmin/ubuntu24-gpl.virtualmin.dev.key

.. but those new files simply don't exist!

root@ubuntu24-gpl:/etc# ls -lsa /etc/webmin/ubuntu24-gpl.virtualmin.dev.key
ls: cannot access '/etc/webmin/ubuntu24-gpl.virtualmin.dev.key': No such file or directory
root@ubuntu24-gpl:/etc# ls -lsa /etc/webmin/ubuntu24-gpl.virtualmin.dev.cert
ls: cannot access '/etc/webmin/ubuntu24-gpl.virtualmin.dev.cert': No such file or directory

jcameron commented 3 months ago

Yikes! That's clearly a bug ... I will look into it

iliajie commented 3 months ago

Thanks!

jcameron commented 3 months ago

What about the SSL cert files in the domain's home directory - did those get renamed?

iliajie commented 3 months ago

If I remember correctly it did rename those!

Even though fixing the source of the bug is priority, yet I think we should probably eval that code, so it breaks for particular step in particular rather than causing the general issue.

jcameron commented 3 months ago

Ok, the patch I just attached to this ticket should fix it..

iliajie commented 3 months ago

I will test it and let you know if it works!

iliajie commented 3 months ago

I have tested it but sadly it doesn't fix the original issue:

jcameron commented 3 months ago

If you check the domain's config file under /etc/webmin/virtual-server/domains, are the ssl_cert and ssl_key lines correct?

iliajie commented 3 months ago

If you check the domain's config file under /etc/webmin/virtual-server/domains, are the ssl_cert and ssl_key lines correct?

No, domain config file not even touched.

jcameron commented 3 months ago

I'm so sorry .. try the further patch I just attached to this ticket.

iliajie commented 3 months ago

Thanks! That seems to be finished up properly now!

However, there is still a problem because the paths for shared SSL certificates weren't updated. Please look at this screenshot:

To be clear, I was moving a domain's SSL certificates to /home/domain. While all the domain's records were updated correctly, the shared SSL certificates weren't:

jcameron commented 3 months ago

Ah yes .... looking into the cause of that now.