Closed bobbyschultz closed 1 year ago
More info: It appears that when a virtual server is cloned, the reference to the original site's SSL certs remains in Services > Configure Nginx Website > SSL Configuration
. Replacing the original virtual server ID with the new ID doesn't seem to work as the change doesn't get reflected on Server Configuration > SSL Certificate > Current SSL Certificate Details
.
When a new LetsEncrypt cert is generated for the new site, it overwrites the cert for the original site. Likewise, if the new virtual sever is deleted, it also deletes the original site's cert.
The temporary solution is to manually edit /etc/webmin/virtual-server/domains/xxxxxxxx
replacing the original virtual server ID with the new virtual server ID in the ssl_everything
ssl_combined
ssl_cert
and ssl_key
directives. Then generate/install a new cert.
This may not even be an Nginx module issue, but I've never noticed it happening on any of my Virtualmin instances running Apache.
Hello,
I will run extra tests again, although I'm pretty sure that we have already fixed these issues in the recent code changes.
@bobbyschultz was the clone a sub-domain of the original virtual server? Or was the SSL cert valid for both the original and clone domains?
No, they are not sub domains. The domains are not related to each other. Completely different domains and the original cert was not valid for the clone. I just did another test with different domains and got the same result.
Ah ok, I know the bug that causes this now. It will be fixed in the next Virtualmin release..
Ah ok, I know the bug that causes this now. It will be fixed in the next Virtualmin release..
Where is the patch, Jamie?
Webmin version 2.021 Usermin version 1.861 Virtualmin version 7.7 Nginx version: 1.18.0 PHP version: 8.1
If a virtual server is cloned, and subsequently deleted before new SSL certs are installed (in my case using LetsEncrypt), the delete process actually deletes the certificates from the original virtual server. This results in the following error that prevents Nginx from (re)starting:
configuration is invalid : nginx: [emerg] cannot load certificate "/etc/ssl/virtualmin/xxxxxxxxxxxxxx/ssl.cert": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/ssl/virtualmin/xxxxxxxxxxxxxx/ssl.cert, r) error:10000080:BIO routines::no such file) nginx: configuration file /etc/nginx/nginx.conf test failed
Confirmed the cert files are gone from
/etc/ssl/virtualmin/xxxxxxxxxx/
. xxxxxxx = the virtual server ID of the original site before it was cloned.Generating a new cert with LetsEncrypt fixes the issue, but I don't think deleting the certs of a different virtual server is the intended behavior of the Delete Virtual Server process.