SYSTEM INFORMATION | |
---|---|
OS type and version | Almalinux 9.2 |
Webmin version | 2.101 |
Virtualmin version | 7.7 GPL |
I backed up a virtual server on Almalinux 8.8, with all the features activated. The virtual server has a sub-server, and both of them are using Let’s Encrypt certificates.
The target system is a AlmaLinux 9.2, with Webmin version 2.101 and Virtualmin version 7.7 GPL.
While restoring the virtual server on the target Virtualmin (both the main one and the subserver), NGINX complains about the certificate key.
Digging it a bit, I realized that the CA certificate is not properly set on the target subserver. The CA file on the source system was in /etc/ssl/virtualmin//ssl.ca but this file is not properly restored on the target system.
It can be solved by manually copying the CA file from the source to the target system (on the same path), and then on the Virtualmin web in the target system, manually configuring the CA file.
I feel the missing CA file should be included in the backup.
On the other hand, on the target system, there are 4 ssl related files on /etc/ssl/virtualmin/<DOMAIN_ID> folder:
total 44
drwx------ 2 root root 93 Aug 21 15:45 .
drwxr-xr-x 13 root root 4096 Aug 21 20:26 …
-rw------- 1 root root 5565 Aug 21 15:43 ssl.cert
-rw------- 1 root root 9316 Aug 21 15:45 ssl.combined
-rw------- 1 root root 11021 Aug 21 15:45 ssl.everything
-rw------- 1 root root 1704 Aug 21 15:43 ssl.key
Here it is a transcript of the restore:
Checking contents of the backup …
… found 1 virtual servers and 1 global virtualmin settingsStarting restore of 1 domains from local file /private/mydomain.example.com-20230820T231011 …
Extracting backup archive files …
… doneRe-creating virtual server mydomain.example.com …
Creating administration group mydomain …
… done
Creating administration user mydomain …
… done
Adding administration user to groups …
… done
Creating home directory …
… done
Creating mailbox for administration user …
… done
Creating Nginx virtual host …
… done
Starting PHP FastCGI server …
… done
Adding webserver user nginx to server’s group …
… done
Creating SSL certificate and private key …
… done
Adding SSL to Nginx virtual host …
… done
Setting up log file rotation …
… done
Creating MariaDB login …
… done
Saving server details …
… done
Applying Nginx configuration …
… done
Re-loading Webmin …
… done
Restoring backup for virtual server mydomain.example.com …
Restoring virtual server password, quota and other details …
… done
Updating administration password and quotas …
… done
Restoring Cron jobs …
… done
Extracting TAR file of home directory …
… done
Setting ownership of home directory …
… done
Restoring Logrotate configuration …
… done
Restoring allowed MariaDB hosts …
… done
Re-loading MariaDB database mydomain …
Creating MariaDB database mydomain …
… done
… done
Restoring Nginx webserver configuration …
… done
Updating home directory in PHP configuration …
… done
Restoring Nginx webserver log files …
… done
Re-creating mail and FTP users …
… done
Re-creating mail aliases …
… done
Restoring mail and FTP user Cron jobs …
… done
Enabling PHP modules for restored scripts …
… no PHP modules needed to be installedApplying Nginx configuration …
… configuration is invalid : nginx: [warn] the “listen … http2” directive is deprecated, use the “http2” directive instead in /etc/nginx/sites-enabled/mydomain.example.com.conf:4 nginx: [emerg] SSL_CTX_use_PrivateKey(“/etc/ssl/virtualmin/DOMAIN_ID/ssl.key”) failed (SSL: error:05800074:x509 certificate routines::key values mismatch) nginx: configuration file /etc/nginx/nginx.conf test failed… restore complete.