The server is centos 7 (latest) with webmin 1.930 and plesk onyx. Webmin is used for reading logs, server updates and general server maintenance
After upgrading to plesk 18.0.21 (plesk obsidian), webmin won’t start anymore with ssl enabled, ssl disabled works fine. The log gives the error:
Failed to create SSL context : Invalid argument at /usr/libexec/webmin/miniserv.pl line 4383
I did add to both Library search path and Extra Perl library paths
/usr/lib64/perl5
/usr/lib64/perl5/vendor_perl
/usr/lib64/perl5/vendor_perl/Net
/usr/lib64/perl5/vendor_perl/Net/SSLeay.pm
net::ssleay is installed, the certificate is ok, selinux is disabled. Plesk doesn’t do anything with perl so it would surprise me if the plesk update would have changed the perl path, but something was changed
The perl path is ok (as far as i can tell). What should it be and how can i test that? how do i test if webmin can use ssleay?
Try to comment out ssl_cipher_list option in /etc/webmin/miniserv.conf, for avoiding forcing the ciphers, and restart Webmin by running /etc/webmin/restart command.
Thank you for the suggestion, but that option is not in the config. I have tried every possible config option by now and am 93.3% sure that something somewhere is preventing webmin from using Net::SSLeay, but i cant figure out what is doing that.
thank you for the sugestion, but thats not it. I have tested ssl on the server on various ports (imap, pop3, nginx, plesk) and that is working fine. On port 10000 there is nothing to test because that is just the problem: webmin wont start with ssl enabled. I will only start without ssl. It says
SSL-Session:
Protocol : TLSv1.2
but no certificate and always the same error: webmin can’t access/find/use Net::SSLeay
Invalid argument at /usr/libexec/webmin/miniserv.pl line 4383.
line 4383 trough 4386 =
local $ssl_ctx;
eval { $ssl_ctx = Net::SSLeay::new_x_ctx() };
$ssl_ctx ||= Net::SSLeay::CTX_new();
$ssl_ctx || die "Failed to create SSL context : $!";
I even tried adding
use Net::SSLeay;
eval Net::SSLeay::new_x_ctx();
at the top of /usr/libexec/webmin/miniserv.pl but always the same:
ssl=0 = start ok ssl=1 = error on line 4386 and not starting
My idea was that if i explicitly add SSLeay and it cant find it, then the miniserv would not start, but it starts fine ( but only without ssl)
I tried:
perl-Net-SSLeay-1.55-6.el7.x86_64.rpm (default centos 7)
and all city-fan repo
perl-Net-SSLeay-1.84-1.0.cf.rhel7.x86_64.rpm
perl-Net-SSLeay-1.85-1.0.cf.rhel7.x86_64.rpm
perl-Net-SSLeay-1.88-2.1.cf.rhel7.x86_64.rpm
At the moment 1.85-1.0.cf.rhel7 is installed. This version works fine on other servers still with plesk onyx.
But with
use Net::SSLeay;
eval Net::SSLeay::new_x_ctx();
Added to /usr/libexec/webmin/miniserv.pl the error gets
Failed to create SSL context : No such file or directory at /usr/libexec/webmin/miniserv.pl line 4386.
Now only i need to do is figure out what file or directory it is looking for. Cant be Net::SSLeay else it would stop at the start.
none of the logs in /var/webmin say what file or directiry that is missing either
I have tried varies cert files: the Plesk one, a real from Commodo, a self-signed, a Plesk Let’s Encrypt and a Webmin generated Let’s Encrypt.
When I remove keyfile=/etc/webmin/miniserv.pem and dhparams_file=/etc/webmin/dhparams.pem then I get no startup error, but it won’t work due to no certificate.
I have also tried adding /etc/webmin to the Program search path
Are we talking about the same theme? If so, why exactly you don’t like it, could you share your feelings please?
Still the same:…
The last idea that, I could propose is to change my last proposed /etc/webmin/miniserv.conf and delete ssl_cipher_list and change/set cipher_list_def=1.