Creating a virtual server breaking existing certbot certificates

OS type and version Ubuntu 22.04.4 LTS
Virtualmin version 7.10.0

Hello Virtualmin community. I am facing an issue on my server that was being used before installing Virtualmin. Installing Virtualmin went just fine, no issues and it integrated seamlessly with my existing Webmin installation. But after I created my first virtual server, I noticed it breaks my existing certificates and Nginx domains. I guess it is because Virtualmin uses RSA certificates but Certbot uses ECDSA by default. Is it possible to tell Webmin to generate with ECDSA? Also, I noticed that Virtualmin certificates use the certbot of my main system. Does Virtualmin support something like docker to create servers in? That would be an even better solution and I would also feel safer if my main system is seperated from my web server

I think that may have been the wrong thing to do, Virtualmin only installs well on a clean OS. That said I have added the virtualmin module to webmin without a webserver installed, then installed nginx and did not suffer the problems you face. Maybe there is a setting in certbot that virtualmin sets (IDK) ? It may be worth researching certbot for config options

Yes, it can be defined on the Webmin ⇾ Webmin Configuration ⇾ Let’s Encrypt configuration page. To be clear, this page can be accessed by clicking the cog icon on the top left of the Webmin Configuration page.

It never ceases to amaze how feature-rich Virtualmin is.

Thank you for your reply. I checked this page before, but I can only see the algorithms RSA and ECC. Or is ECC the same as ECDSA in this context?

Elliptic Curve Cryptography, a subdomain of cryptography involving various schemes (for signing, encryption, key agreement etc.).

Elliptic Curve Digital Signature Algorithm, a specific cryptographic scheme consisting of three algorithms: one for key generation, one for creating signatures, one for verifying signatures. It is a variant of the older DSA algorithm, but using elliptic curve based techniques rather than multiplication-modulo-a-prime.

Should this not have its own icon? I always find there is alot of stuff up in these cogs that you dont expect to be there. :smile:

Thumbs up. When I started with *min I always wondered what I discovered behind the cogs… However, I got used to it meanwhile but it might be useful for newbie users.

1 Like
  • Let’s Encrypt accepts RSA keys that are 2048, 3072, or 4096 bits in length and P-256 or P-384 ECDSA keys. That’s true for both account keys and certificate keys. You can’t reuse an account key as a certificate key.

  • Our recommendation is to serve a dual-cert config, offering an RSA certificate by default, and a (much smaller) ECDSA certificate to those clients that indicate support.

Maybe ECC should be renamed to ECDSA, it could be a typo ion virtualmin as Letsencrypt does not have an option for ECC.

I don’t think so, as RSA refers to the specific cryptographic algorithm, while ECC encompasses a broader range of elliptic curve-based cryptographic algorithms, including ECDSA, ECDH, and some others.