Missing CA certificates when restoring a backed up virtual server (2nd post)

Today I migrated a website from one Virtualmin server to another. I took the nightly backup file, and did a restore. It reported a successful restore. I changed the DNS, and tried to request the SSL certificate for several hours but it kept failing.

Basically, apache2 never restarted because “ssl.ca” was missing for this site. It is NOT in the backup. Good thing I still have access to the OLD server!!! After manually copying the file over, apache2 was able to restart.

This issue was documented by @miceno in 2023.

Additionally, I still wasn’t online because DocumentRoot in the port 80 section of the apache2 .conf file was missing. So Let’s Encrypt was failing the autoconfig.

After fixing that, it’s finally working!

When moving its best to have a very low TTL setting for the dns, and set that at least 24 hours before then move. Lets Encrypt (plus the rest of the internet) will most likely fail as its dns cache is still showing your old address. A lower TTL will update its cache quicker.

I don’t explain things to well so maybe read this

Best Practices for Using TTL.

image865×156 10.9 KB

I agree, my problem was not with DNS. This site was just a test, so DNS could have taken 24 hours.

The problem, as documented above, is files not restored after a backup/restore.

Where was it pointing to on the original server in Apache config? Did the ssl.ca file actually exist on the original server?

Sep 24 19:10:31 www1personal apachectl[376475]: SSLCACertificateFile: file '/etc/ssl/virtualmin/174389381592512/ssl.ca' does not exist or is empty

That is the error apache was reporting when it would not start, immediately after the virtual site restore. So, I checked the old server for /etc/ssl/virtualmin/174389381592512/ssl.ca and it was there, but not on the new server. I copied it over and right away, apache2 started with no error.

The right solution is probably just to get rid of that SSLCACertificateFile line. You don’t need it in this context.

Well, if the restore isn’t going to copy over this file, maybe it shouldn’t copy over that statement? I had no idea it wasn’t necessary. I was left with an apache2 that wouldn’t start.

Even after it started, there was a missing DocumentRoot in the apache conf file.

We don’t generally try to modify the Apache configuration when importing backups, beyond updating IP addresses and paths/users when necessary based on something specified during the restore…it’d be pretty risky to modify stuff inside the VirtualHost.

There will be changes during migrations and upgrades, and it’s just a thing to be aware of.

That’s a different issue and a surprise (because if it was on the old system, it should be there on the new system, maybe with path changes). Can you make a new topic, and if possible include what the VirtualHost looked like on the old system versus what it looks like on the new system?