Open anrikun opened 3 weeks ago
Hello,
Are you running validation using the Virtualmin UI or CLI? Can you share a screenshot of an actual error?
I've symlinked SSL certificates in the Apache config, and Virtualmin validation doesn’t complain at all.
Hello,
I run validation from UI: Limits and Validation > Validate Virtual Servers > Validate Now (default options) Virtualmin version 7.20.2 on Ubuntu 24.04
Here's a screenshot as requested.
My Apache2 virtual server configuration for SSL contains:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/SERVER_NAME/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/SERVER_NAME/privkey.pem
SSLProtocol +TLSv1.2 +TLSv1.3
What’s the output of this command then?
ls -lsa /etc/letsencrypt/live/SERVER_NAME/fullchain.pem
Here's the ouput:
0 lrwxrwxrwx 1 root root 40 Aug 19 15:20 /etc/letsencrypt/live/SERVER_NAME/fullchain.pem -> ../../archive/SERVER_NAME/fullchain1.pem
Does it work if you set the file directly without using a symlink? Also, do you have SELinux or AppArmor running? If so, check their logs.
I'm asking because I can't reproduce this issue.
Actually the site itself works as expected. It's just Virtualmin Server Validation that complains about the symlink.
When I change the configuration to direct paths, I get a different error on validation:
Apache SSL website : SSL certificate file /etc/letsencrypt/archive/SERVER_NAME/fullchain1.pem could not be parsed
AppArmor is running but I can't find anything in the logs, and even when stopped, the validation error still shows up. SELinux is not present.
EDIT By the way, I've also tried to put the files directly in the virtual server's home directory and the same error as above was returned.
Virtualmin doesn't allow SSL certs referenced in the Apache config to be symlinks, as there's a danger of this causing config breakage if the link destination is removed by a domain owner.
Generally we recommend letting Virtualmin manage the SSL cert and key files, rather than using the paths generated by Let's Encrypt.
My virtual server's SSL files are generated is a custom way using Certbot. SSL files are managed by Certbot and made available in /etc/letsencrypt/live/SERVER_NAME as symlinks.
When running Virtual Servers Validation, it complains about:
What's the problem with files being symlinks? Why not remove this error?