This is starting to happen for me too on all of my servers. Auto-renew is failing and I discover this, thankfully, by the expiring soon emails from Let’s Encrypt. Manual renew works without problem. Running CentOS Linux 3.10.0-1160.15.2.el7.x86_64 on x86_64; VirtualMin 6.14; WebMin 1.962. Do have certbot installed, version 1.11.0-1.el7.
Yea I think more and more users will start running into the issue if they don’t release a new version based on the updated code soon…
We’ll be rolling updates to fix this problem (and another LE related issue) this weekend.
Hey Joe, thanks for the news that a fix is coming. Do you happen to have any updates here? I’m asking because we have hundreds of sites across hundreds of Vmin-enabled servers and… a very noisy Nagios server warning us about expiring SSL certificates! We’d sure like to know what to expect re: the 6.15 release and whether we’re going to need to mitigate across all of those servers before then. Thanks again!
Hi, any update on this?
We will try to release a new version as soon as possible. Meanwhile there is a quick and simple solution to address this particular issue.
Goodness, I sure hope the new version is imminent, as we’d certainly prefer that 100x over making that quick and simple change to the code across hundreds of servers.
Me to. Glad the fix is coming.
I dont know if its related, but the CA root is also missing on many of my servers. The browser works OK, but some people when using services that connect to the website are failing saying there is a authority issue with the cert. I have to manually upload the Lets Encrypt root cert for each site. I dont know what sites its failing without doing a SSL check on all sites.
Started a couple of months back.
Posting here in case its related.
I assumed certbot software would interfere so never added it to a Virtualmin server. As a remember, certbot let you do
For those lazy half-assed admins like me…
Today was the first time I noticed this. One of my primary virtual servers expired 0 days ago and I just gave a whirl at Virtualmin → Server Configuration → SSL Certificate: Let’s Encrypt [Request Certificate] and all is well for that one untill the update happens.
Good to have an update coming, I also have issues in several domains that doesnt renew , i do manual update with them, but some other autorenew fine… maybe is because of path where I have certs located? Because I know the path is default for some, but nondefault for others…
Issue also present here on various Domains, code snippet fixed it.
For anyone having issues with certificates expiring, you can run the following command on the server to get a list of certificates sorted by expiry date.
virtualmin list-certs-expiry --all-domains
You can then manually request a renewal via Server Configuration / SSL Certificate / Let’s Encrypt on any vhost with a certificate expiring soon.
Much quicker than checking them all manually until 6.15 is released with the fix, if you don’t want to patch it before then.
noticed the same in a virtual server. apache vhost had SSLCertificate /home/domain/ssl.cert instead of /home/domain/ssl.combined … don’t know if it applies to every virtual server yet, but it should be the default for all…
I can confirm this just hit one of my servers as well. I set the renewal period to 2 months and it expired. Manually updating the certificate worked. I have patched code as suggested after manually renewing certs.
Might be related to this LetsEncrypt announcement Transitioning to ISRG's Root - Let's Encrypt - Free SSL/TLS Certificates
Same issue here. Certs dropping like flies on multiple servers.
I also ran today in some problems while trying to manually renew a LetsEncrypt certificate, after the update to virtualmin 6.15 (webmin 1.973, usermin 1.823) it seems to happen like this:
Requesting a certificate for [------snip/snap------] from Let’s Encrypt …
HTTP/1.0 500 Perl execution failed Server: MiniServ/1.973 Date: Fri, 12 Mar 2021 10:40:42 GMT Content-type: text/html; Charset=utf-8 Connection: close
Error — Perl execution failed
panic: attempt to copy freed scalar 5597e13d19d8 to 5597df5400b8 at /usr/share/webmin/web-lib-funcs.pl line 3353.
It works for me with Webmin 1.973 and Virtualmin 6.15.
What distro do you see this problem on? Have you tried restarting Webmin manually with
/etc/webmin/restart command, and re-running certificate request?
Okay I restarted it
/etc/webmin/restart Stopping Webmin server in /usr/libexec/webmin Starting Webmin server in /usr/share/webmin
But no difference when requesting manually the certificates. The distro is
Linux 4.9.0-15-amd64 #1 SMP Debian 4.9.258-1 (2021-03-08) x86_64 GNU/Linux