Can't create letsencrypt cert with webmin 2.650

Webmin
1
SYSTEM INFORMATION
OS type and version Debian Linux 12
Webmin version 2.641
Virtualmin version 8.1.0 Professional
Webserver version Apache 2.4.67
Related packages N/A

I updated to webmin 2.650 when I saw it listed in my available updates. After doing that I was unable to create a letsencrypt cert. I believe the domain was created before the upgrade, and I did not test upgrading first, then creating the domain and cert. I have since reverted to the previous webmin package and was able to successfully create a cert.

The errors I received were:

Initial Request:

Web-based validation failed : Expected full certificate file /etc/letsencrypt/live/seafile.myDomain.me/fullchain.pemKeyissavedat:/etc/letsencrypt/live/seafile.myDomain.me/privkey.pem was not found   DNS-based validation failed : Expected full certificate file /etc/letsencrypt/live/seafile.myDomain.me/fullchain.pemKeyissavedat:/etc/letsencrypt/live/seafile.myDomain.me/privkey.pem was not found

Subsequent tries gave me the following:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for seafile.myDomain.me and www.seafile.myDomain.me
An unexpected error occurred:
AttributeError: can't set attribute
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Errors from the letsencrypt.log are here:

Count of Errors. Only concerned with 2026-06-27

Line 79: 2026-06-21 13:13:44,458:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 517
Line 821: 2026-06-21 15:50:13,579:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 689
Line 1767: 2026-06-23 15:45:14,084:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 513
Line 2506: 2026-06-24 10:20:13,272:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 796
Line 3500: 2026-06-27 09:41:52,549:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 503
Line 4241: 2026-06-27 09:42:01,785:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 501
Line 4694: 2026-06-27 09:42:25,035:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 501
Line 5147: 2026-06-27 09:42:28,546:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 501
Line 5600: 2026-06-27 09:46:55,478:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 501
Line 6053: 2026-06-27 09:46:59,036:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 429 312
Line 6210: 2026-06-27 09:47:20,784:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 429 312
Line 6367: 2026-06-27 09:47:22,312:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 429 312
Line 6525: 2026-06-27 09:48:20,123:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 511
Line 6980: 2026-06-27 09:48:23,990:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 511
Line 7435: 2026-06-27 09:48:47,552:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 511
Line 7890: 2026-06-27 09:48:52,058:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 511

By the count, it almost looks like it’s repeatedly asking for a new cert. Below is the log output from the tail end of the successful request, and the start of the failed request.

letsencrypt.log

2026-06-27 09:46:57,514:DEBUG:acme.client:Storing nonce: tgKU1SCRnlZCGtwUOK1ow_d_YRBTMMW4mbcftyWal-GNEfn0nJY
2026-06-27 09:46:57,517:DEBUG:certbot._internal.storage:Writing new private key to /etc/letsencrypt/archive/seafile.myDomain.me/privkey5.pem.
2026-06-27 09:46:57,517:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/archive/seafile.myDomain.me/cert5.pem.
2026-06-27 09:46:57,517:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/archive/seafile.myDomain.me/chain5.pem.
2026-06-27 09:46:57,517:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/archive/seafile.myDomain.me/fullchain5.pem.
2026-06-27 09:46:57,518:DEBUG:certbot._internal.cli:Var rsa_key_size=2048 (set by user).
2026-06-27 09:46:57,518:DEBUG:certbot._internal.cli:Var key_type=rsa (set by user).
2026-06-27 09:46:57,518:DEBUG:certbot._internal.cli:Var autorenew=True (set by user).
2026-06-27 09:46:57,518:DEBUG:certbot._internal.cli:Var authenticator=webroot (set by user).
2026-06-27 09:46:57,518:DEBUG:certbot._internal.cli:Var webroot_path=/home/myDomain/domains/seafile.myDomain.me/public_html (set by user).
2026-06-27 09:46:57,518:DEBUG:certbot._internal.cli:Var webroot_path=/home/myDomain/domains/seafile.myDomain.me/public_html (set by user).
2026-06-27 09:46:57,518:DEBUG:certbot._internal.cli:Var webroot_map={‘webroot_path’} (set by user).
2026-06-27 09:46:57,518:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/seafile.myDomain.me.conf.new.
2026-06-27 09:46:57,522:DEBUG:certbot._internal.display.obj:Notifying user:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/seafile.myDomain.me/fullchain.pem
Key is saved at: /etc/letsencrypt/live/seafile.myDomain.me/privkey.pem
This certificate expires on 2026-09-25.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
2026-06-27 09:46:57,526:DEBUG:certbot._internal.display.obj:Notifying user: If you like Certbot, please consider supporting our work by:

  • Donating to ISRG / Let’s Encrypt: Support Encryption for Everyone - Let's Encrypt
  • Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation
    2026-06-27 09:46:58,394:DEBUG:certbot._internal.main:certbot version: 2.1.0
    2026-06-27 09:46:58,394:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
    2026-06-27 09:46:58,394:DEBUG:certbot._internal.main:Arguments: [‘–manual’, ‘-d’, ‘seafile.myDomain.me’, ‘-d’, ‘www.seafile.myDomain.me’, ‘–preferred-challenges=dns’, ‘–manual-auth-hook’, ‘/etc/webmin/webmin/letsencrypt-dns.pl’, ‘–manual-cleanup-hook’, ‘/etc/webmin/webmin/letsencrypt-cleanup.pl’, ‘–duplicate’, ‘–force-renewal’, ‘–non-interactive’, ‘–agree-tos’, ‘–config’, ‘/tmp/.webmin/572654_789961_3_letsencrypt.cgi’, ‘–rsa-key-size’, ‘2048’, ‘–cert-name’, ‘seafile.myDomain.me’, ‘–no-autorenew’, ‘–key-type’, ‘rsa’]
    2026-06-27 09:46:58,395:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2026-06-27 09:46:58,401:DEBUG:certbot._internal.log:Root logging level set at 30
    2026-06-27 09:46:58,402:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
    2026-06-27 09:46:58,402:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
    Description: Manual configuration or run your own shell scripts
    Interfaces: Authenticator, Plugin
    Entry point: manual = certbot._internal.plugins.manual:Authenticator
    Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7f668b027cd0>
    Prep: True
    2026-06-27 09:46:58,403:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7f668b027cd0> and installer None
    2026-06-27 09:46:58,403:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
    2026-06-27 09:46:58,444:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/2488258721’, new_authzr_uri=None, terms_of_service=None), 296756a407bb35ca0605b325b9711f0b, Meta(creation_dt=datetime.datetime(2025, 6, 25, 15, 26, 42, tzinfo=), creation_host=‘david.c9design.top’, register_to_eff=None))>
    2026-06-27 09:46:58,445:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
    2026-06-27 09:46:58,446:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
    2026-06-27 09:46:58,647:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 1031
    2026-06-27 09:46:58,647:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Date: Sat, 27 Jun 2026 14:46:58 GMT
    Content-Type: application/json
    Content-Length: 1031
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800

{
“MfbSo8Cbr5k”: “Adding random entries to the directory - API Announcements - Let's Encrypt Community Support”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“profiles”: {
“classic”: “Profiles - Let's Encrypt”,
“shortlived”: “Profiles - Let's Encrypt”,
“tlsclient”: “Profiles - Let's Encrypt”,
“tlsserver”: “Profiles - Let's Encrypt
},
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.7-June-04-2026.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“renewalInfo”: “https://acme-v02.api.letsencrypt.org/acme/renewal-info”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
2026-06-27 09:46:58,690:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal…
2026-06-27 09:46:58,690:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for seafile.myDomain.me and www.seafile.myDomain.me
2026-06-27 09:46:58,696:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer <certbot._internal.cli.cli_utils._Default object at 0x7f668ac92890>
2026-06-27 09:46:58,890:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0129_key-certbot.pem
2026-06-27 09:46:58,894:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0246_csr-certbot.pem
2026-06-27 09:46:58,895:DEBUG:acme.client:Requesting fresh nonce
2026-06-27 09:46:58,895:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-06-27 09:46:58,961:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2026-06-27 09:46:58,961:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 27 Jun 2026 14:46:58 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: tgKU1SCROGTIHI8Gy8DhzZRGy0hxKHseDLhdwGx2O16pZuIvfLM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2026-06-27 09:46:58,963:DEBUG:acme.client:Storing nonce: tgKU1SCROGTIHI8Gy8DhzZRGy0hxKHseDLhdwGx2O16pZuIvfLM
2026-06-27 09:46:58,963:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “seafile.myDomain.me”\n },\n {\n “type”: “dns”,\n “value”: “www.seafile.myDomain.me”\n }\n ]\n}’
2026-06-27 09:46:58,965:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjQ4ODI1ODcyMSIsICJub25jZSI6ICJ0Z0tVMVNDUk9HVElISThHeThEaHpaUkd5MGh4S0hzZURMaGR3R3gyTzE2cFp1SXZmTE0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9”,
“signature”: “oJcXKkIJOfVVpa1OnFJ8sDjVp6lY74-PUqWC7KuD-RZ-Gv24ZLVXG4bVTaNoQa4_v45nDi_cmrMlmawanrtRO5sb09IC1SRBQaTfDI09zeo03QR1clXxlbO8kytd3ZVMFiHvdpRNzQ0kBOGgkR4cxVx1-QB8BbtgpUiTPA_77oX_5aA3lIQC3YzxHkBLtcvs3qajBUJIOHAvUC42HiP-m8O3orvPmoPoDnVMjnRuGFGmGcGoh_tJolNvjxUOgR_5ulvghsbC_qIttmdj3n68dagZiju1vPavTRfaJTnz4MerCKFw26jWlf7IaZJ8FfnJ7-OjIMDZ7XjhvY1wXza8Jw”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNlYWZpbGUuYnVza292Lm1lIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5zZWFmaWxlLmJ1c2tvdi5tZSIKICAgIH0KICBdCn0”
}
2026-06-27 09:46:59,036:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 429 312
2026-06-27 09:46:59,036:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Sat, 27 Jun 2026 14:46:58 GMT
Content-Type: application/problem+json
Content-Length: 312
Connection: keep-alive
Boulder-Requester: 2488258721
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”, https://letsencrypt.org/docs/rate-limits;rel=“help”
Replay-Nonce: tgKU1SCRV6wXz0YitYA5eQkpM7gYYTO8OBAJKb5BvHwJyRUpm2U
Retry-After: 124146

2

I upgraded to webmin 2.650 again to test something. I created a new domain that did not exist previously and tried generating a letsencrypt cert. I received the following error. Back to 2.641 for me.

Requesting a certificate for test.myDomain.me, www.test.myDomain.me from Let's Encrypt ..
.. request failed : Web-based validation failed : Expected full certificate file /etc/letsencrypt/live/test.myDomain.me/fullchain.pemKeyissavedat:/etc/letsencrypt/live/test.myDomain.me/privkey.pem was not found   DNS-based validation failed : Expected full certificate file /etc/letsencrypt/live/test.myDomain.me/fullchain.pemKeyissavedat:/etc/letsencrypt/live/test.myDomain.me/privkey.pem was not found
3

Just wondering, did you create a new top level server or a sub server?
Asking because I upgraded this morning and can try testing . Difference would be I’m on EL 10.2 not Debian.
Also is DNS local or are you using Cloudflare?

4

I created two sub servers during testing. One was created, then I upgraded, then I requested the SSL. The second was done after a complete upgrade. I did not test top level server. My DNS is local.

5

ok thanks for answering.
I can test on sub server in a few minutes and report back.

6

Something to note… I got a rate limit on my domain before figuring out I had a problem. Now I have to wait until cooldown period ends before I can request for the domain I really want. :stuck_out_tongue:

7

Well I just created a sub server under a top level server that has a Lets Encrypt certificate and i experienced same failure as you described.
I’m on Rocky Linux 10.2 if that makes a difference to the Staff. Also DNS is local also.

@Ilia @Joe
anything we should be checking or adjusting after upgrade to webmin 2.650?

8

I updated webmin this morning as well on 8.1.0 GPL Debian 12. I received an email notification not too long ago indicating:

An error occurred requesting a new certificate for sitedomain1.com, www.sitedomain1.com from Let’s Encrypt : Web-based validation failed : Expected full certificate file /etc/letsencrypt/live/sitedomain1.com/fullchain.pemKeyissavedat:/etc/letsencrypt/live/sitedomain1.com/privkey.pem was not found

When I went into Virtualmin and tried to manually renew the certificate, I got:

Request Certificate
In domain sitedomain1.com
Requesting a certificate for sitedomain1.com, www.sitedomain1.com from Let’s Encrypt ..
.. request failed : Web-based validation failed : Expected full certificate file /etc/letsencrypt/live/sitedomain1.com/fullchain.pemKeyissavedat:/etc/letsencrypt/live/sitedomain1.com/privkey.pem was not found

I’ve not seen this particular error before, so I went to a separate Virtualmin box running 8.1.0 GPL Debian 13 and picked a virtual server and went to renew the SSL certificate and got the same thing:

Request Certificate
In domain sitedomain2.com
Requesting a certificate for sitedomain2.com, www.sitedomain2.com from Let’s Encrypt ..
.. request failed : Web-based validation failed : Expected full certificate file /etc/letsencrypt/live/sitedomain2.com/fullchain.pemKeyissavedat:/etc/letsencrypt/live/sitedomain2.com/privkey.pem was not found

Any guidance very much appreciated!
Charles

9

Hope we hear something soon as this in not a good situation
I have already received tickets from users about this situation.
@iliaross @Joe

10

Downgrading works if you’re in a production environment.

11

How did you downgrade?
Using apt?
I tried using DNF but did not work.

12

sudo apt install webmin=2.641
Not sure about Rocky.

13

ok thanks for the reply. I will try with DNF soon if we do not hear anything about this situation.

14

Hello,

Confirmed. This is a regression in Webmin 2.650! Sorry about that!

The certificate request itself may succeed, but Webmin then parses Certbot’s output incorrectly after IPv6 certificate-name support was added. That makes Webmin look for a bogus path like.

So this is not a DNS, Apache, or Let’s Encrypt validation problem. It happens after Certbot has already issued and saved the certificate.

A fix is ready:

Webmin now extracts only the first PEM path from Certbot output, while still supporting IPv6 certificate names.

To fix it immediately for those who already installed Webmin 2.650, apply the following patch:

{ cd /usr/libexec/webmin ||
  cd /usr/share/webmin; } &&
webmin patch /dev/stdin <<'EOF'
From d02f0b6cb5998ef2f9fbb4930e0e5719fd064b3e Mon Sep 17 00:00:00 2001
From: Ilia Ross
Date: Sat, 27 Jun 2026 22:59:21 +0200
Subject: [PATCH] Fix Let's Encrypt Certbot PEM path parsing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

ⓘ Prevent Webmin from swallowing Certbot's key-path output when extracting PEM paths
---
diff --git a/webmin/letsencrypt-lib.pl b/webmin/letsencrypt-lib.pl
index b335ddbe03..06315ba5f1 100755
--- a/webmin/letsencrypt-lib.pl
+++ b/webmin/letsencrypt-lib.pl
@@ -131,6 +131,20 @@ sub get_letsencrypt_install_message
  "certbot", $text{'letsencrypt_certbot'}, $rlink, $rmsg);
 }
 
+# get_letsencrypt_output_pem_path(output)
+# Returns the first certbot PEM path from command output, or undef
+sub get_letsencrypt_output_pem_path
+{
+my ($out) = @_;
+if ($out =~ /((?:\/usr\/local)?\/etc\/letsencrypt\/(?:live|archive)\/[a-zA-Z0-9\.\_\-:\/\*]+\.pem)/ ||
+    $out =~ /((?:\/usr\/local)?\/etc\/letsencrypt\/(?:live|archive)\/[a-zA-Z0-9\.\_\-:\/\r\n\* ]*?\.pem)/) {
+ my $full = $1;
+ $full =~ s/\s//g;
+ return $full;
+ }
+return undef;
+}
+
 # request_letsencrypt_cert(domain|&domains|&ips, webroot, [email], [keysize],
 #         [request-mode], [use-staging], [account-email],
 #         [key-type], [reuse-key],
@@ -387,14 +401,15 @@ sub request_letsencrypt_cert
    goto FAILED;
    }
  my ($full, $cert, $key, $chain);
- if ($out =~ /((?:\/usr\/local)?\/etc\/letsencrypt\/(?:live|archive)\/[a-zA-Z0-9\.\_\-:\/\r\n\* ]*\.pem)/) {
+ if ($full = &get_letsencrypt_output_pem_path($out)) {
    # Output contained the full path
-   $full = $1;
-   $full =~ s/\s//g;
    }
  else {
    # Try searching common paths
-   my @fulls = (glob("/etc/letsencrypt/live/$certname-*/cert.pem"),
+   my @fulls = grep { -r $_ } (
+          "/etc/letsencrypt/live/$certname/cert.pem",
+          glob("/etc/letsencrypt/live/$certname-*/cert.pem"),
+          "/usr/local/etc/letsencrypt/live/$certname/cert.pem",
           glob("/usr/local/etc/letsencrypt/live/$certname-*/cert.pem"));
    if (@fulls) {
      my %stats = map { $_, [ stat($_) ] } @fulls;
EOF
15

Is that patch the in normal format? Or is it my phone.

16

A little abnormal—all good though.

17

On servers that have not yet run the upgrade to Webmin 2.650, is it safe to run the upgrade now?

18

If you don’t use the Webmin option to request an SSL certificate, it’s safe. Or, if you apply the patch manually after upgrading, it’s then safe too.

19

Actually, it would affect Virtualmin install too, so you’d need to apply patch either way.

20

@Ilia, please clarify. We set up SSL in the Virtualmin interface on new sites. I am not seeing issues on a box still with Webmin 2.641 (it can renew certificates without any issue). The box shows a webmin update is available. I don’t want to perform that update if it will break the SSL. I’m asking if it is safe yet to perform that update to 2.650 - has the fix been incorporated into it?