Need help setting up a Wild Card Multiple Domain SSL Certificate: Virtualmin Pro

I enabled the Feature for SSL under edit virtual server,
I have a new Wild Card Multiple Domain SSL Certificate from Alpha GlobalSign,
I took what they sent in the email, normally it comes in files, so I had to create them, I called to make sure I put all the correct certs in the correct files, I named them:

and enabled only SSLv3 and TLSv1.2, which should work fine, not sure if anyone uses less secure protocols nowadays.

Services -> Configure Website for SSL
I set the properties and verified it under the directives in Edit Directives

SSLEngine on
SSLCertificateFile /home/domainname/ssl_domainnamecom.cert
SSLCertificateKeyFile /home/domainname/ssl_domainnamecom.key
SSLProtocol +SSLv3 +TLSv1.2 (changed to all, no help)
SSLCACertificateFile /home/domainname/

Now under Server Configuration -> Manage SSL Certificate
it shows the current servers are the default self signed certs and not the ones above, how do I fix this?

It does not work, and I am at a lose as to how to troubleshoot this.

Have you tried pasting the cert in the Virtualmin interface under manage SSL Certificate

Also in the directives as far as I know should be

SSLProtocol all -SSLv2 -SSLv3

Thanks I will try the SSL Protocols and see if that works.

I did find a bug, I can not paste them in, but I can upload them and they work.

Now it looks like its setup correctly as far as I can tell, all this information is correct, but it still gives me the error below.
How do I know the Certificate is good, any way to verify if a Cert is good, just because I paid for it, does not mean much nowadays.

Current SSL certificate details SSL certificate file /home/domain/ssl_domaincom.cert SSL private key file /home/domain/ssl_domaincom.key Web server hostname * Issuer name AlphaSSL CA - SHA256 - G2 Issuer organization GlobalSign nv-sa Expiry date Sep 29 22:18:37 2017 GMT Certificate type Signed by CA Other domain names * | Download certificate PEM format | PKCS12 format Download private key PEM format | PKCS12 format Certificate authority details CA certificate file None needed In file on server /home/domain/

Uploaded file Choose File Pasted certificate text

Certificate authority name AlphaSSL CA - SHA256 - G2
Organization GlobalSign nv-sa
Issuer name GlobalSign Root CA
Issuer organization GlobalSign nv-sa
Expiry date Feb 20 10:00:00 2024 GMT
Certificate type Self-signed
Save Certificate

Note it says “Certificate type Self-signed” That is not right, what is up with that? uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER

You should be able to paste the cert file contents, I think it’s the 3rd tab from the right.

I set one up last week and pointed it to the file but it didn’t work until I pasted the cert file contents.

Under: External Connectivity Check

SSL website request failed 500 Can't connect to Make sure your system's web server is running, that port 443 is not blocked by a firewall, and that the domain has a valid index page.

I do not have iptables or firewall enabled on this server.

I only have one virtual server with SSL enabled.


Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls, tlsv1.0, tlsv1.1, tlsv1.2

SSL Version NSS/3.19.1 Basic ECC


OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version OpenSSL 1.0.1e-fips 11 Feb 2013
Directive Local Value Master Value
openssl.cafile no value no value
openssl.capath no value no value

As far as I can tell it took the Cert, so that is not the issue, unless I am missing something.

This shows port 443 is open

nmap -sT -O localhost

PORT STATE SERVICE 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 587/tcp open submission 993/tcp open imaps 995/tcp open pop3s 1022/tcp open exp2 2222/tcp open EtherNet/IP-1 3306/tcp open mysql 5432/tcp open postgresql 10000/tcp open snet-sensor-mgmt 20000/tcp open dnp

If I check it here:


I get trust issues: resolves to

Server Type: Apache/2.4.6

The certificate will expire in 356 days.
Remind me

The hostname ( is correctly listed in the certificate.

The certificate is not trusted in all web browsers.
You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.
Learn more about this error.
The fastest way to fix this problem is to contact your SSL provider.
Common name:
Organization: SomeOrganization
Location: SomeCity, SomeState, –
Valid from September 23, 2016 to September 23, 2017
Serial Number: 22112 (0x5660)
Signature Algorithm: sha256WithRSAEncryption

Does this mean its installed Correctly, what do I do about this:
You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. ?

No it is still coming up as the self signed certificate

Click the lock icon / https

All this just to find out this is not a Multiple Domain Cert, the people we purchased through got confused about Multiple Sub Domains, so I was lost from the beginning.

That sound like a plan, never heard of it before, that is big help, thanks, all I need is some type of security, nothing fancy, but I would like if for the site as well as email from the site, and Self Signed is all I normally use.

How many domain do you need this for ?

You can always try using the free Let’s Encrypt cert which is integrated into Virtualmin but depends on what level of security you need.

Also if this is your server and you’re concerned about security you really should have a firewall enabled ConfigServer Security & Firewall you’ll be amazed at how many hacking attempts a server gets.

For ConfigServer Security & Firewall install via Webmin see below. You should be ok with the default set up after it is installed.

After you have installed the cert there is an option to copy to Dovecot, Postfix, Webmin and Usermin.

The problem with Let’s Encrypt certs is that they only last 3 months. In Virtualmin you can set an auto update period but I have read elsewhere in this forum the update doesn’t work. Either way if it is does then you would almost certainly have to copy it back to Dovecot etc

Alternatively you may be able to point to the server cert in Dovecot etc in those servers settings.

I’m currently testing a Let’s Encrypt cert on a site but haven’t tried it for mail yet.

It is working on my installation without a fail, 4 domains auto renewing every 2 months.

Hi that’s good to know. So have you configured it for Postfix, Dovecot etc If so I would be interested in knowing how ?

What ended up being the problem was that the front end was set up correctly, but the back end was still forcing the self signed CA, it had to be manually changed in /etc/httpd/conf.d/ to make it work, this is a bug I am sure of it, but its fixed now, wow, that took a lot of effort to figure out, I got the help from my new Hosting Company, they are great, I am on SSD drive with 200 GB, 8 GB RAM, 12 Cores, for $44, with the best tech support, they deserve a plug.

Now I can work on all these other things, thanks for all the help.