Multiple issues after a fresh install

I tried on Ubuntu as well. Fresh VPS install at Hostinger. The problems were the same.

1. I got the solution for the first problem from Ilia’s post here - Apache2 wont start for ns1 - #7 by Ilia

/etc/apache2/ports.conf
Make sure that the file contents is as follows:

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 80

<IfModule ssl_module>
	Listen 443
</IfModule>

<IfModule mod_gnutls.c>
	Listen 443
</IfModule>

New replies are closed on that post. Therefore, I thought of creating this post hoping it will help others. I did not copy the original contents of the file. All I have now is what I posted.

2. SSL issues after I transfer a server from another VPS.

No solution to this as yet.

AH00526: Syntax error on line 74 of /etc/apache2/sites-enabled/example.com.conf:
SSLCACertificateFile: file ‘/etc/ssl/virtualmin/169133753040921/ssl.ca’ does not exist or is empty
Action ‘configtest’ failed.

The Apache error log may have more information.

When I run ‘configtest’ in the terminal, it shows syntax OK.

Both Apache and Dovecot stop working.

3. After a transfer of an older PHP site with Php7.4., Apache and MariaDB both stop working. I am working on trying to find what exactly is happening. Will post an update on this after I transfer another PHP server.

4. This happens after every transfer -
   Warning!
   The Apache configuration on your system has errors! This will prevent any new domains from being fully added by Virtualmin until the errors are fixed.

AH00526: Syntax error on line 89 of /etc/apache2/sites-enabled/example.com.conf:
SSLCACertificateFile: file '/etc/ssl/virtualmin/169140052264536/ssl.ca' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.

A question here:

System Settings → Virtualmin Configuration → SSL setings category to Configure Apache to use Combined cert and CA file or Cert file only. Which option should one choose? Default is ‘Decide Automatically’.

Thanks for the heads up!

This issue should fixed later today for all new installs!

This is a known bug and will be fixed in the new Virtualmin 7.50.0 release! @Jamie, is there anything else holding back the new release? We need to fix ongoing bugs.

In the meantime, it’s possible to address it using the following patch:

webmin patch https://github.com/virtualmin/virtualmin-gpl/commit/868c2ca

This is also related to the previous issue that the patch should fix.

Thank you for replying. That was reassuring.

How do I install this?
webmin patch Fix backup and restore for CA cert · virtualmin/virtualmin-gpl@868c2ca · GitHub

I have never installed a patch

Also, I have not been able to install an SSL certificate for any domains after a transfer. The DNS entries are all correct and everything was updated for some time before I tried a certificate request.

Basically you just run:

webmin patch https://github.com/virtualmin/virtualmin-gpl/commit/868c2ca

Well, I did that. It took hardly a second. I rebooted and then transferred one more website from another VPS. No Apache errors. No SSL errors at all. SSL certificate request went ahead smoothly and got the certificate installed fast, as it always used to be. Even with the websites I had transferred earlier.

Thank you very much for the ultra fast response. You are very kind.

I still need some help with this issue i posted earlier.

/var/webmin/miniserv.error still shows this - SSL CA file /etc/ssl/virtualmin/169133753040921/ssl.ca does not exist

What do I do about this?

You should edit the Apache config, manually remove all mentions of the SSLCACertificateFile record, and then restart Apache.

If you don’t mind, which exact file is this? Because the /etc/apache2/apache2.conf has no mention of SSLCACertificateFil

On a Debian/Ubuntu system, VirtualHosts get their own separate files (in /etc/apache2/sites-available/). You’d find that line in those files.

I have `/etc/apache2/sites-available/example.com.conf but nothing that shows this number169133753040921

How do I look for this number in any of the files here in /etc/apache2/sites-available/

You can remove all those lines containing SSLCACertificateFile directive in on shot:

sudo find /etc/apache2 -type f -exec sed -i '/SSLCACertificateFile/d' {} +

And then restart Apache:

sudo systemctl restart apache2

I did this. Have run journalctl - f to check email issues.

It shows only this error so far - SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46

And this one is from a client website that is not able to connect through Outlook.

Also, any way I should be able to check if everything is working fine after I ran that command - sudo find /etc/apache2 -type f -exec sed -i ‘/SSLCACertificateFile/d’ {} + ?

Because I wont even know if something is broken till some customer complains.

Yes, it will remove those directives from the Apache config that do not have a referenced ssl.ca file.

All right. Can you please help me on this issue?

SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46

I took a command you (Ilia) had given in a post many years ago here - Email clients not accepting new Letsencrypt R3 CA certificate used in dovecot/postfix email servers - #5 by Ilia

openssl s_client -connect mail.example.com:993

and ran that command. It gives this error, among other things - BAD Error in IMAP command received by server.

Further, when i run this command - journalctl -u dovecot

it throws up this error - imap-login: Error: Failed to initialize SSL server context: Can’t load SSL private key (ssl_key setting>
pop3-login: Error: Failed to initialize SSL server context: Can’t load SSL private key (ssl_key setting>

I was able to get to the root of the problem. It was the firewall at Hostinger. One has to set up the firewall in addition to the Virtualmin firewall. It resolved the email issues.

Hope this helps someone.

Spoke too soon. This error refuses to go away. Don’t know what to do about this. Can someone please help? Has anyone experienced this?

SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46

Do all sites fail or just one? What is listening on port 443? If you try to connect using the openssl command to your domain, does it work?

Only one site.

If you try to connect using the openssl command to your domain, does it work? - Yes, it does.
It seems Apache2 is listening on port 443. Got that by running sudo netstat -lntup

This thread is pretty chaotic and hard to follow. You’ve talked about Webmin, Apache and email, all different issues. And, at least two different problems in Apache. Please focus on one problem per topic. (FAQ - Virtualmin Community)

This error:

Means the browser is unhappy with the certificate it received. Probably means it received a self-signed certificate.

So, you need to look at the specific site where that log appears. Don’t be vague about it or keep changing random things unrelated to the problem hoping it does something good. The browser made a request to a specific domain. You need to browse to that domain and look at the cert you receive. This could be a case of “the wrong site shows up” (Troubleshooting Websites | Virtualmin — Open Source Web Hosting Control Panel) as that is common with Apache if you have misconfigured IPv6 or have multiple IPs misconfigured or…well, there’s a wide variety of ways to get this behavior.