BUG - Cloning vserver with ssl enabled

OS type and version Ubuntu Linux 22.04.3
Webmin version 2.101
Virtualmin version 7.7

Hi, after a vserver clone (with enabled ssl) the settings in /etc/webmin/virtual-server/domains/${newID} have ID values from the old vserver ID in ssl paths. So, if not updated, the ssl paths for the newID, are same with oldID and when apply a certificate at one of them, it applies on both vservers.

Suggestion: because there will be an apache2 conf error if the new vserver will have the updated ssl paths (ssl files would not found for new vserver), I think that in the cloning process, the cloned vserver should have disabled ssl settings.

Thank you!

I have this issue now. Where can I change the wrong paths that have been saved in Server Configuration->SSL Certificate:
Wrong path to origin server:
|SSL certificate file|/etc/ssl/virtualmin/16866675635258/ssl.cert|
|SSL private key file|/etc/ssl/virtualmin/16866675635258/ssl.key|
CA certificate has correct path:

Where are these wrong paths saved ?

Temporarily I can change the paths at Services->Configure SSL website->SSL Options but these are overwritten by the wrong paths when certificate auto renews.

Thanks, Tim

Hi, you need to edit /etc/webmin/virtual-server/domains/${newID} and replace all old ids in it with the new one id, except the clone_id. After that, you can manage the ssl for the new (cloned) domain.

A permanent solution would be to clone a virtual server with the ssl off and properly defined ids in /etc/webmin/virtual-server/domains/${newID}. Moderators may check here…

1 Like

That looks like a lot to do, why not just request a new certificate from LE rather than editing files ?

Because of the bug, if you request a new certificate (no matter what vserver - old or cloned), it will applied to both of the virtual server and always one of them would have ssl errors. So, in order to unhook the cloned vserver ssl conf from the old vserver, you should edit the /etc/webmin/virtual-server/domains/${newID} and update the oldIDs with the newID.
If someone find this solution not necessary then a try will convince him (according to the virtualmin & webmin versions above and ssl enabled)

1 Like

didn’t for me worked fine … I’ll try it again on gpl rather than pro
edit just tried it on gpl and it worked fine
after clone goto

vmin :arrow_right: cloned servername :arrow_right: server configuration :arrow_right: ssl certificate

you will see an error like this

click on Lets Encrypt you will see something like this

change the red arrowed radio button to the green arrowed radio button and click request certificate.
That’s how I do it

After the request of lets encrypt at the cloned vserver, does the source vserver ssl works fine? For me, the source vserver had the ssl from the cloned after that request. What a mess…! The replacement of the file IDs was the solution for me.

not a problem for me worked fine

Webmin 20.21 / Ubuntu 22.04.2 running Nginx

I’ve been getting the same error. It makes a mess of configuration and have to manually correct everything.

My workaround is to jump into /etc/ and run “ack” for the old original Domain ID and then update the various files that contain references to the Domain ID but are against configuration for the new Domain ID, and also repair the nginx configuration that it messes up too.

You also need to populate the domains SSL files in the domain folder by copying them from the original Domain ID to the new one as the new domain folder didn’t contain any SSL files.

Places to fix:-
/etc/webmin/virtual-server/domains/[Domain ID]
/etc/ssl/virtualmin/[Domain ID]

My solution from now on is NOT cloning any vserver…!

I’m sorry, you’re right! This is a known bug! It is going to be fixed in upcoming Virtualmin 7.8 release.

1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.