How to we reset Webmin SSL certificate settings?

Hi guys,

  1. how do i prevent one of my virtual servers from automatically writing its SSL certificate (when updated) to webmin, dovecot, postfix etc?
  2. what are the meanings of the entries for this domain in the square boxes? I dont follow why it is suddenly using the terms host domain.com for things like usermin and dovecot…but not for webmin (where its just domain.com)

It seems to be only affecting this one particular domain (clients mobile phone apps and desktop pc apps keep returning an error saying the SSL certificate is invalid)

Everything has been working fine for more than 6 months with this domain, then all of a sudden, immediately after the last two webmin updates, I am now unable to connect with this virtual server…particularly on mobile email apps…they all throw an invalid certificate error and refuse to synchronise with it. It cant be dns issues unless there has been a change in webmin coding related to this?..i havent changed this domains dns records and they are hosted outside my system.

It depends on what exactly you’ve done.
That area with “This SSL certificate is already beeined used by:” is showing you that the SSL certificate for that server is shared with the following services.
You can only get that when you manually press “Copy to Postfix” or “Copy to Webmin” buttons.
I assume you did that on that virtual server and its not the domain with the FQDN you use for the server itself.
So copy the SSL certificate from the FQDN entry back to webmin/postfix/dovecot/ftp/etc…

I went back to my primary domain and did that, however, virtualmin still shows in one of the other virtual server domains, that that domain certificate is being used for webmin etc.

the trouble seems to be, once one has inadvertantly clicked these buttons, one cannot reverse the bloody setting in virtualmin. No matter what i do it refuses to reverse the setting.

What i expect should happen, if i make such a mistake, then go to the correct primary domain that i wish to use the SSL cert for in webmin, if i click “use in webmin” it should overwrite the wrong SSL cert.

EDIT…
i just had a look in webmin>webmin Configuration>SSL Encryption

It is showing the wrong domain in webmin. Its actually showing the domain for the virtual server where postfix and dovecot crashed after the recent webmin update.

Can someone suggest the safest way to fix this without taking out any of my clients email or website functionality?

the domain shown on this webmin SSL cert uses my mail server in its mxrecord

And that is was is actually happening. However it is possible, that the domain doesnt puts in the corresponding subdomain into the certificate by default.
Meaning, check this post from your first topic about it: Webmin SSL certificate for host.domain.com .

that other topic is unrelated…that has nothing to do with this issue.

the problem is, i cannot find a way in virtulamin of undoing “copy SSL to postfix” or “copy SSL to dovecot” or copy SSL to webmin"

and so, if i go and change the SSL certificate, the next time the virtual server clientdomain.com (whoms certificate was inadvertantly copied to webmin/postfix/dovecot etc) updates is own SSL certificate, i am worried that it will over write the correct one that is stored in webmin/postfix/dovecot for the host.mydomain.com. once that happens, the mail server becomes unusable for client email apps (such as Outlook or apple mail) on shared hosting…they start throwing invalid SSL certificate errors and mail traffic comes to a standstill!

If you copied the correct certificate back (matching URL this time), then its fine.
No need to worry.

I suspect that letsencrypt is ignoring the ipaddress of server2.tesla.com and instead going to the website tesla.com on server1.tesla.com and copying its file there…because even when i create a virtual host on server2.tesla.com called server2.tesla.com, i can browse the website via url server2.tesla.com, however, i still get the same error when i try to obtain a LE SSL.

I suspect that the domain tesla.com is being looked at first…not the subdomain server2.tesla.com.

Shouldnt be the case. Did you set the DNS records correctly? It seems more like you did something wrong on your end since in general it works perfectly fine.

You should provide more details btw. Because you never said whats the error and so on.

The simple way to understand my problem is to do the following…

  1. Setup a debian 10 + virtualmin gpl vps with only server2.tesla.com …obviously substitute tesla for your own domain

ensure that you use any domain you already have currently registered and hosted on another server somewhere but use a different hostname obviously. you must do it exactly this way to replicate my problem correctly)

Keep everything as default virtualmin install.

Add only a single dns record to your registrar…an A record pointing at server2.tesla.com and dont put anything else on the vps…no virtual servers nothing.

Go to webmin and try to obtain letsencrypt ssl for server2.tesla.com

My feeling is you will fail to obtain a certificate citing ACME error. It will be because there is no apache virtual host on the server for the domain “tesla.com

Creating a virtual host server2.tesla.com still doesnt work because the parent domain tesla.com is not also on this server …so the ACME test will fail.

If you succeed then clearly i am doing something wrong, however , if you fail, then we are both in good company and need a solution!

ACME is a DNS based challenge. You need to properly set it up, otherwise its pretty normal that it will fail.

There are two ways to validate for Let’s Encrypt. One is to put the challenge response on your website (which requires DNS to work for your domain name and point to your web server but it does not require the ability to modify DNS records). The second is to put the challenge response in a txt record in the DNS for your domain. Virtualmin may use either method…I’m not sure what Webmin does.

Wildcards always validate via DNS, because admin access to the domain is the only way to ensure you “own” the domain. The usual path in Virtualmin is to try to validate via web first (as it’s more likely to work, a lot of people don’t host DNS locally) and then fall back to DNS if the DNS feature is enabled.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.