Feedback / suggestion

SYSTEM INFORMATION
OS type and version CentOS 7
Webmin version 2.111
Virtualmin version 7.10.0

Hi All,

As a suggestion for @Jamie, Virtualmin does auto renew domain-ssl certificates as by design and expectation, however i have two customers who refuse to clean their inboxes and as a result they have run out of free space. Knowing they refuse to clean up / upgrade. I left it that.

Now Virtualmin does try to refresh their certificates, resulting in a successful request, though then being unable to write the certificates in the correct locations, as a result it tries the renew over and over, the request succeeds, though the install fails.

result then observed: after a couple of days Letsencrypt denies the host to request more certs ( for working and valid hosts ) as too many have been provided in the last 168 hours already.

Suggestion:

  • Do not renew certs for hosts that are at / over quota until their quota is cleaned up.
    Seems to be the cleanest option.

  • Do the renewal request though hold them in a staged location?
    Seems like this could become messy rather fast tracking vallid / what is installed or reqeusted and on hold.

  • Write the certs out as a user with higher permissions and ignore the quota?
    Seems to be a potential path for abuse, there are reasons to have a quota and not ignore that by force.

Not sure what would be the best option, though as it is the behavior affects other domains that are unrelated.

Steven

I’m pretty sure Jamie worked around this issue by disabling quotas while the SSL certificate was requested for the domain.

However, it will need to be reconfirmed by Jamie.

Actually I didn’t disable quotas when writing the SSL cert … but this is fixed for the next release.

1 Like