Can't connect to webmin/virtualmin after "Set as Default Services Certificate"

SYSTEM INFORMATION
OS type and version AlmaLinux 10
Virtualmin version 8.1.3

Hi all, I’m a virtualmin newbie with a very fresh install on a personal server.

In the process of trying to get mail working, I became concerned that the problem was that SSL certs somehow weren’t getting used by dovecot/postfix, and after a bit of searching around I found and clicked on “Set as Default Services Certificate” in the SSL area of virtualmin. I guess that was the wrong answer: the website itself is still up, but I can no longer connect to ports 10000 or 20000 (though webmin appears to be running). In my browser I get ERR_SSL_PROTOCOL_ERROR (“This site can’t provide a secure connection”).

So, putting aside the mail issues for the time being, can someone help me regain web-based access to virtualmin? Happy to provide whatever extra information might be needed. Thanks in advance.

Have you tried with https://IP:10000?
Not sure if that will work but worth a try.

Yeah, unfortunately that behaves the same. I don’t think it can be a name issue, based on the browser error—in this case, “<IP> sent an invalid response.”. That suggests that the browser is able to find the server, but the server is somehow sending back garbage.

Can you ssh in?
You could set the cert path back
Not at a machine right now to check where the paths to set are
@Ilia where can OP set cert back?

@isohedral
if you can SSH in, on my system Rocky Linux in /etc/webmin look into the webmin.conf file and find keyfile=“use this path/here” see what the path is, mine is default from install and has
keyfile=/etc/webmin/miniserv.pem

So you requested a Certificate from Lets Encrypt?

If not you may need to use the browser in incognito mode.

The domain you set to default, is that different from the domain your using port 10000 login?

image

Thanks for the suggestion, this unlocked the solution (after fiddling around a bit more).

Details: I assume you meant /etc/webmin/miniserv.conf. In that file, there are two entries that reference my SSL info: keyfile=/etc/webmin/[domain.com].key and certfile=/etc/webmin/[domain.com].cert. I modified them both to reference the presumably original values, which look more like keyfile=/etc/webmin/vps.[domain.com].key and certfile=/etc/webmin/vps.[domain.com].cert. I restarted the server (service webmin restart) and virtualmin is responsive again! I had to make the same change to /etc/usermin/miniserv.conf.

Weirdly, it looks like the “Set as Default Services Certificate” operation set the file /etc/webmin/[domain.com].key to the broken symlink ../../archive/[domain.com]/privkey1.pem (and similarly for the .cert file, and for usermin). Surely that should be, e.g., ../letsencrypt/archive/[domain.com]/privkey1.pem? Don’t know if that’s a bug.

Now it’s back to trying to figure out why email doesn’t work (don’t worry, I’ll create a separate thread if I can’t crack it). Thanks again.

Glad you sorted it out. yes sorry I was on my phone and trying to go by memory :grin: