Deleteing Recently Cloned Virtual Server Also Deletes Original Virtual Server's SSL Certs

[bobbyschultz]

Webmin version 2.021 Usermin version 1.861 Virtualmin version 7.7 Nginx version: 1.18.0 PHP version: 8.1

If a virtual server is cloned, and subsequently deleted before new SSL certs are installed (in my case using LetsEncrypt), the delete process actually deletes the certificates from the original virtual server. This results in the following error that prevents Nginx from (re)starting: configuration is invalid : nginx: [emerg] cannot load certificate "/etc/ssl/virtualmin/xxxxxxxxxxxxxx/ssl.cert": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/ssl/virtualmin/xxxxxxxxxxxxxx/ssl.cert, r) error:10000080:BIO routines::no such file) nginx: configuration file /etc/nginx/nginx.conf test failed

Confirmed the cert files are gone from /etc/ssl/virtualmin/xxxxxxxxxx/. xxxxxxx = the virtual server ID of the original site before it was cloned.

Generating a new cert with LetsEncrypt fixes the issue, but I don't think deleting the certs of a different virtual server is the intended behavior of the Delete Virtual Server process.

[bobbyschultz]

More info: It appears that when a virtual server is cloned, the reference to the original site's SSL certs remains in Services > Configure Nginx Website > SSL Configuration. Replacing the original virtual server ID with the new ID doesn't seem to work as the change doesn't get reflected on Server Configuration > SSL Certificate > Current SSL Certificate Details.

When a new LetsEncrypt cert is generated for the new site, it overwrites the cert for the original site. Likewise, if the new virtual sever is deleted, it also deletes the original site's cert.

[bobbyschultz]

The temporary solution is to manually edit /etc/webmin/virtual-server/domains/xxxxxxxx replacing the original virtual server ID with the new virtual server ID in the ssl_everything ssl_combined ssl_cert and ssl_key directives. Then generate/install a new cert.

This may not even be an Nginx module issue, but I've never noticed it happening on any of my Virtualmin instances running Apache.

[iliajie]

Hello,

I will run extra tests again, although I'm pretty sure that we have already fixed these issues in the recent code changes.

[jcameron]

@bobbyschultz was the clone a sub-domain of the original virtual server? Or was the SSL cert valid for both the original and clone domains?

[bobbyschultz]

No, they are not sub domains. The domains are not related to each other. Completely different domains and the original cert was not valid for the clone. I just did another test with different domains and got the same result.

[jcameron]

Ah ok, I know the bug that causes this now. It will be fixed in the next Virtualmin release..

[iliajie]

Ah ok, I know the bug that causes this now. It will be fixed in the next Virtualmin release..

Where is the patch, Jamie?

[jcameron]

This one : https://github.com/virtualmin/virtualmin-gpl/commit/230c008f7299bbf2948a1bea7ce4fcb6cc3ce6b9