For anyone having issues with certificates expiring, you can run the following command on the server to get a list of certificates sorted by expiry date.
virtualmin list-certs-expiry --all-domains
You can then manually request a renewal via Server Configuration / SSL Certificate / Let’s Encrypt on any vhost with a certificate expiring soon.
Much quicker than checking them all manually until 6.15 is released with the fix, if you don’t want to patch it before then.
noticed the same in a virtual server. apache vhost had SSLCertificate /home/domain/ssl.cert instead of /home/domain/ssl.combined … don’t know if it applies to every virtual server yet, but it should be the default for all…
I can confirm this just hit one of my servers as well. I set the renewal period to 2 months and it expired. Manually updating the certificate worked. I have patched code as suggested after manually renewing certs.
Might be related to this LetsEncrypt announcement Transitioning to ISRG's Root - Let's Encrypt - Free SSL/TLS Certificates
Same issue here. Certs dropping like flies on multiple servers.
I also ran today in some problems while trying to manually renew a LetsEncrypt certificate, after the update to virtualmin 6.15 (webmin 1.973, usermin 1.823) it seems to happen like this:
Requesting a certificate for [------snip/snap------] from Let’s Encrypt …
HTTP/1.0 500 Perl execution failed Server: MiniServ/1.973 Date: Fri, 12 Mar 2021 10:40:42 GMT Content-type: text/html; Charset=utf-8 Connection: close
panic: attempt to copy freed scalar 5597e13d19d8 to 5597df5400b8 at /usr/share/webmin/web-lib-funcs.pl line 3353.
It works for me with Webmin 1.973 and Virtualmin 6.15.
What distro do you see this problem on? Have you tried restarting Webmin manually with /etc/webmin/restart command, and re-running certificate request?
Okay I restarted it
/etc/webmin/restart
Stopping Webmin server in /usr/libexec/webmin
Starting Webmin server in /usr/share/webmin
But no difference when requesting manually the certificates. The distro is
Linux 4.9.0-15-amd64 #1 SMP Debian 4.9.258-1 (2021-03-08) x86_64 GNU/Linux
But no difference when requesting manually the certificates.
What is the output of cat /etc/os-release and whereis certbot and certbot --version commands?
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
VERSION_CODENAME=stretch
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
Mea culpa … that was the problem. There was no certbot installed. I did that, and now the error is gone. Since when certbot is needed ? Haven’t seen this in the documentation by now.
Thanks.
certbot has always been recommended.
I never knew this! So on a Debian based distribution simply
sudo apt-get install certbot
and nothing else?
Nothing else.
Is it possible to run the Let’s Encrypt cronjob or whatever Virtualmin uses for renewal manually? I still have issues after applying the fix to Virtualmin and would like to debug this.
And should the systemd timer for certbot run? I guess this doesn’t make sense as it provisions to the wrong folder. But system default this is on.
Manually running /etc/webmin/virtual-server/collectinfo.pl renewed all pending certificates. Not sure why I needed to call this command manually.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.