Failed to create SSL context : Invalid argument at /usr/libexec/webmin/miniserv.pl line 4383

I have done slightly more tests and it appears, the this system had on /etc/pam.d/webmin the following:

#%PAM-1.0
auth	            sufficient pam_unix.so nullok
auth                required pam_plesk.so try_first_pass
account	required	pam_unix.so
session	required	pam_unix.so

…while default/working /etc/pam.d/webmin is:

#%PAM-1.0
auth	required	pam_unix.so	nullok
account	required	pam_unix.so
session	required	pam_unix.so

I really wonder who could change that in this way? I hope it’s not done by Plesk.

The issue is solved! :wink:

You are welcome to contribute here. :smirk:

No idea, all our servers have plesk on it. It never happened till now, only started happening with the latest plesk version.

It did happen on a centos 6 that was terminated by the client and upgraded to the latest plesk, but because it was centos 6, i didn’t pay a lot of attention to it at the time because centos 6 is eol and we are upgrading all servers to centos 7 anyway.
As GDPR law dictates, the disks of that server are cleaned so i can’t look at it to see if it was there to.

This server was/is a test to learn the new plesk, but that version is not yet production ready for several more months in my book. Plesk says it is, but reading there forum and seeing what errors they fix in there updates, i say it is not.

Regards
Jan

I think it is.
/etc/pam.d has the proof:

.webmin.saved_by_psa
.webmin.saved_by_psa.dN0j1w

I am going to ask plesk why they do that.

Thanks a lot for finding and fixing it.

Regards
Jan

Please do ask them and come back to us.

The question is asked

regards
Jan

Strangly enough i also found these changed files on Plesk onyx servers, but there they doesn’t stop webmin from starting with ssl enabled.

regards
Jan

Duh, then there might be something else. Probably some Perl modules incompatibility. It would require more digging. I am not sure if it’s worth further time investments, though.

If i would guess i would say that plesk changed pam_plesk.so. I remember reading that in plesk 18 tls 1.3 was added for OS’ses that support it. Perhaps thats why they changed pam_plesk.so.
Changing to the old one works, so i connsider it fixed. I am going to set up a “file change monitor” in case plesk changes it again.

Thank again for the help and fixing it.

The donation is made, i hope it was enough.

Do you still need the server or can i close it?

Regards
Jan

2 Likes

You can close it. Thanks.

I have the same issue. Please + Webmin. If I disable SSL for webmin it works.

/etc/init.d/webmin restart
Stopping Webmin server in /usr/share/webmin
/etc/webmin/stop: line 4: kill: (19050) - No such process
Starting Webmin server in /usr/share/webmin
Failed to create SSL context : Invalid argument at /usr/share/webmin/miniserv.pl line 4381.
xod:/etc/pam.d# cat /etc/pam.d/webmin
#%PAM-1.0
@include common-auth
@include common-account
@include common-password
@include common-session

I am using Webmin 1.941 and

# plesk version
Product version: Plesk Obsidian 18.0.25.2
     OS version: Ubuntu 16.04 x86_64
     Build date: 2020/03/25 19:00
       Revision: 08233eba37b8979f0477fd63296b3065ffc99a8e

The solution is hidden in this post, ill summerize and give my sollution how to fix it forever and ever. The problem is that plesk always changes the file again, so you have to be prepared.

  1. create a file /etc/pam.d/webmin.ok with content
#%PAM-1.0
auth	required	pam_unix.so	nullok
account	required	pam_unix.so
session	required	pam_unix.so
  1. create a test file test under “System and Server Status”
    File, directory or pattern to check = /etc/pam.d/webmin
    Size must be smaller than = 120 bytes
    If monitor goes down, run command = cp /etc/pam.d/webmin.ok /etc/pam.d/webmin

  2. every time plesk does an update you will get a mail that webmin has replaced the plesk faulty one with a correct one.

regards
Jan

Thanks! I runs now, let’s see what happens on the next plesk update.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.