| SYSTEM INFORMATION | |
|---|---|
| OS type and version | UBUNTU 20.04 VM |
| Webmin version | 2.111 |
| Virtualmin version | 7.10.0 |
| Related packages | Wordpress Multisite |
Hello
When I try to update the multisite I get this message
Warning! Problem updating https://website.com. Your server may not be able to connect to sites running on it. Error message: cURL error 35: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Never used mulisite, but wouldn’t there be a issue with certificates for the new domain, I presume thats what it does add a new domain.
Ok, search forum , did you name the domain the same as the hostname of the server.
This is not a public domain. I have a self-signed certificate and no it is not the same hostname
I also re-generated the certificate, but I am still getting this error.
Wait, you’re expecting curl to connect to a site with a self-signed certificate? You have to either add the chain to your CA bundle, or you’ll need to tell curl to ignore security problems with the --insecure option.
Thank you but to be honest I have no idea how to do that
See default config file
Or if it is easier for you to do so, add a SSL certificate which is valid - issued by a CA.
Can I do this from Manage Virtual Server —> Setup SSL Certificate ???
Yes, if you get a SSL certificate then CRUL will not complain.
However…
You will have to do something about this. If you want a free certificate from Lets Encrypt, you need to make the domain accessible over the net. If that’s not possible, then you won’t be able to get a SSL certificate from Lets Encrypt.
However…
I was once in such a situation and was able to work around it by getting a wildcard certificate from Lets Encrypt and (after jumping through a few hoops) make it work on an air-gapped server.
I hope you will be able to do the simpler thing and make the domain accessible on the net so that you can get a certificate from Lets Encrypt.
You do not need a wildcard to do this. You can do DNS validation for any name in your zone, as long as you own the zone and can manage the zone. A wildcard requires DNS validation, but any Let’s Encrypt certificate can be DNS-validated.
Private websites generally cannot get a Let’s Encrypt certificate. Virtualmin can only get Let’s Encrypt certificates if it can be validated using web validation (i.e. the domain is publicly visible) or via DNS validation (i.e. Virtualmin is managing DNS, either locally or via a cloud DNS API and it is a publicly visible zone).
Let’s Encrypt will not issue a certificate without verifying you own the name you’re trying to get a certificate for. It can do that via a web validation or via a DNS validation (Virtualmin works with either, but inexperienced users tend to have a lot of trouble figuring out DNS in general, so I mostly recommend people focus on web validation as it’s simpler and easier to understand).
OK All good explanation, but I never had that problem until I upgraded from 18.04 to 20.04. Now how can I fix it. I don’t need Let’s Encrypt because is my internal website and I will never expose it to the public. So is there a way I can fix it without rebuilding it from a scratch
Thank you
I don’t see what useful thing rebuilding from scratch could do for you.
As I said above, if you want curl to download from a TLS site with an invalid cert (and a self-signed cert is invalid unless you tell curl about it), you need to use the --insecure option. Or you could use http instead of https. No certs involved in that.
The problem is that @xlameee is not calling curl through the cli. He has little control over how curl is called or the parameters used.
We need to find a way to get curl to work in the environment in which it will be run and for that we need to make curl accept the SSL certificate that is being offered.
Idea: in your internal system @xlameee, could you not specify a pseudo CA which your internal system will treat as a real CA and accept SSL certificates as if they were as valid as those issued by a real CA?
I don’t understand that. Why wouldn’t they have control over how curl is called? If it’s PHP code using the curl lib, you can still use options. PHP: curl_setopt - Manual
Specifically: PHP: Predefined Constants - Manual
Set that to false, and it’ll work.
Or, make it available on http for local connections.
A local CA will also work, but that seems a lot more complicated.
Is that what you mean
curl --insecure https://example.com
That’s what I get
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I tried to update cURL and openssl but said it is the latest version
Probably with Ubuntu 20.04 that’s all I can get
I tried to upgrade to 22.04 but I get errors after errors not an option. I fix one the other one comes in.
I had no problem installing clean 24.04 and upload my wordpress I use Duplicator Pro and its easy, but now I use MINIO as a storage trough plugin called Media Cloud it was very painful to setup this plugin and make it work with MINIO, but I do not have other options. I have to move forward with the “Innovation craps”. Everything is made today to waste your time
Thank you for your help I will handle it from here
It’s not the client that’s too old, it’s the server. I thought they were on the same system?
I just found an article https://www.virtualmin.com/docs/data-operations/how-to-migrate-to-a-new-server/#install-virtualmin
I this going to work if I have a brand new server with Ubuntu 24.04 fresh install and transfer those backups as on this article?
What are you talking about. Its a Ubuntu 20.04 VM what other system?
What client? what server?
I don’t know. You haven’t been clear where you’re running curl and where the server curl is talking to is running.
If you’re on Ubuntu 20.04, it is not too old. That’s a current system. Can support all the modern TLS standards. Unless you’ve explicitly configured the web server to not support modern protocols, I don’t know why you’d get an SSL3 version error. So, I’m trying to figure out WTF you’re doing that can produce this error, making wild guesses, based on limited information.
What information do you need?
In a mean while … I run apt update and get this
apt update
Hit:1 http://software.virtualmin.com/vm/6/gpl/apt virtualmin-focal InRelease
Hit:2 http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal InRelease
Hit:3 Index of /ubuntu focal InRelease
Get:4 Index of /ubuntu focal-updates InRelease [128 kB]
Err:1 http://software.virtualmin.com/vm/6/gpl/apt virtualmin-focal InRelease
The following signatures were invalid: EXPKEYSIG D9F9010760D62A6B Virtualmin, Inc. (Package signing key for Virtualmin 6) security@virtualmin.com
Err:2 http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal InRelease
The following signatures were invalid: EXPKEYSIG D9F9010760D62A6B Virtualmin, Inc. (Package signing key for Virtualmin 6) security@virtualmin.com
Hit:5 Index of /ubuntu focal-backports InRelease
Hit:6 Index of /ubuntu focal-security InRelease
Get:7 Index of /ubuntu focal-updates/main amd64 Packages [3394 kB]
Get:8 Index of /ubuntu focal-updates/universe amd64 Packages [1202 kB]
Fetched 4724 kB in 4s (1126 kB/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://software.virtualmin.com/vm/6/gpl/apt virtualmin-focal InRelease: The following signatures were invalid: EXPKEYSIG D9F9010760D62A6B Virtualmin, Inc. (Package signing key for Virtualmin 6) security@virtualmin.com
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal InRelease: The following signatures were invalid: EXPKEYSIG D9F9010760D62A6B Virtualmin, Inc. (Package signing key for Virtualmin 6) security@virtualmin.com
W: Failed to fetch http://software.virtualmin.com/vm/6/gpl/apt/dists/virtualmin-focal/InRelease The following signatures were invalid: EXPKEYSIG D9F9010760D62A6B Virtualmin, Inc. (Package signing key for Virtualmin 6) security@virtualmin.com
W: Failed to fetch http://software.virtualmin.com/vm/6/gpl/apt/dists/virtualmin-universal/InRelease The following signatures were invalid: EXPKEYSIG D9F9010760D62A6B Virtualmin, Inc. (Package signing key for Virtualmin 6) security@virtualmin.com
W: Some index files failed to download. They have been ignored, or old ones used instead.