locked out from Virtualmin (SSL)


can someone please help, have just purchased the valid SSL ca for one domain name
which is NOT the same domain as the Virtualmin admin URL uses…

So this is what happened, I have successfully installed the SSL ca for this domain and
after that I clicked on the button “Copy to Virtualmin” or “Copy to Webmin” than I was locked out from
the Virtualmin, cannot access it anymore… I should only copy it to dovecot and postfix but not
to Virtualmin-Webmin…

An error occurred during a connection to virtualmin_admin_url:10000.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

any way to fix this issue ??


That’s an odd issue and should not really depend on the certificate you use. You could first try another web browser, or restarting Webmin by logging in via SSH and doing /etc/init.d/webmin restart. Maybe that helps. Can you connect to Webmin on the non-SSL port? Or have you disabled that or turned on “forward to SSL”?

In that case we’d need to figure out how you can remove that certificate. Easiest would be to log in via SSH and enable non-SSL use of Webmin by manipulating its config files. Since I never tried that, I’d have to dig a bit how to do that manually. Maybe Eric or Jamie, who probably know precisely how to do that, can chime in here.

Additional info: Found it out already. :slight_smile:

If restarting Webmin and using another browser doesn’t help, log in via SSH and edit “/etc/webmin/miniserv.conf” and change the line “ssl=1” to “ssl=0”. Then restart Webmin using the command I posted before.

Then you can connect to Webmin with “http”, log in and create a new self-signed SSL certificate using its GUI at “Webmin / Webmin Configuration / SSL Encryption / Self-signed cert”.

Hi pal :slight_smile:

thank you for quick response !
I kept the Virtualmin default settings which is “SSL only” I was not able to connect to the Virtualmin by using the http:// but only https://

Will test it and let you know…

once again thank you very much !


it`s fixed now…
Works just like before…

Thank You again !!


You’re welcome, and have a merry Christmas!

Sounds like another instance of Apache is still running. You can check that with netstat -tpln | grep 80

If any is found, kill it with killall [processname].

hm just tried to restart the apache in order to verify that “apache” restart is working fine after messing up with the CS`s, and I am not able to start the apache now, here is the error:

Failed to start service :

Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address
no listening sockets available, shutting down
Unable to open logs

Any idea ?

netstat -tpln | grep 80

tcp 0 0 176.x.xx.77:53* LISTEN 1153/named
tcp 0 0 176.x.xx.76:53* LISTEN 1153/named
tcp 0 0 176.x.xx.78:53* LISTEN 1153/named

killall ?

these services are up and running after I restarted whole server… only apache is down now …

can I share my desktop with You for a min or 2 ? i can let You know how …

Oh, it seems my grep was too generic there and matched part of your "x"ed-out IP addresses. :slight_smile: Only kill if Apache processes listen on port 80.

We could use Teamviewer, do you use an instant messenger?

hm but nothing is running on port 80, strange… how could messing up with SSL CA cause this issue …
I have several virtual servers that uses different ip addresses because of the SSL …

But it worked just fine

we can use Teamviewer, here is my infos right now:

ID: *******
Pass: *****


I know this is an old thread, but I’m experiencing the same issue. Tried the fix and although I can access the control panel w/ http now, even generating a new self-signed cert doesn’t fix https access.

I experienced the same thing on both webmin 1.69 and 1.7, and after reverting to http mode, I logged in.

What worked for me on the ssl side, is recutting and pasting the ssl cert, key, and chain certificates.

I’ve read elsewhere that a bug in windows 8.1 root certificate update may the be cause of the issue, however this fixed it for me.

Also, self-signed certificates can be part of the problem.

For a FREE no strings attached solution, go over the startssl.com and get authenticated. They offer basic certs for free, as many as you want, and these are perfect for securing https access to servers. You can pay for extended validation and such, and that’s great for production websites, but if you just need a internal use cert, these guys are awesome!

The one key thing is to remember to install the intermediate chain certificate as well, or it won’t work correctly!

Good luck! I have had 20+ machines using the certs on every mobile and desktop browser without issue.