New entries in miniserv.com beginning ipcert and ipkey

I recently created a new virtual (sub) server. I then changed the Apache lines that define the SSL certificate / key / chain to use - I wanted to use the same one as the parent server. I then deleted the self-signed ssl.cert and ssl.key files that had been auto-generated with the virtual server.

I then found that the webmin and usermin daemons wouldn’t restart. I looked at their two miniserv.conf files, and found two new entries had been appended to each:

ipcert_subdomain.example.com,.subdomain.example.com=/home/example/domains/subdomain.example.com/ssl.cert
ipkey_subdomain.example.com,
.subdomain.example.com=/home/example/domains/subdomain.example.com/ssl.key

What do these do? (I’ve got no others lines in miniserv.com that look like that).

It turns out that they were the problem. Remove those lines, and webmin and usermin would fire up quite happily. Obviously, you can’t have configuration entries that point to ssl files that don’t exist any more - but I was just wondering why these lines were added, and how we’d mitigate against these kinds of problems the next time I create a new virtual server.

+1 on this

I’d also like an answer to how to stop webmin doing this, or at least update the config once I change the SSL certificate via SSL Management on the vhost.

For me I update the certificate either by copy/paste or by uploading and setting the “File on server” but this does not update the miniserv.conf file, so once I’ve deleted the old self signed certificate it done breaks webmin never to restart again, then I have to SSH in and modify the conf file so the ability for my team to quickly roll new sites on a shared host is stymied.

One thought is that this is related to the Webmin login (or Usermin) however the site I have set up does not have the Webmin Login enabled so I suspect its Usermin. Not sure if Usermin shared the webbmin/miniserv.conf file but perhaps once the new certificate is applied you can click the “Copy to Usermin” to fix, not had a chance to test and play just yet.

A configuration option in Website Templates or otherwise somewhere in Webmin would be the holy grail.

There’s also a slew of SSL options within Webmin > Usermin Config & Webmin > Webmin config, gotta be related to some of these but a sign post as to what sub-system causes this would not go amiss!

They allow Webmin/Usermin to serve the right certificate based on the domain being contacted. It’s a good thing. But, it sounds like it’s got buggy handling of deletion of domain certificates. That’s not something that should happen often, but Webmin/Usermin shouldn’t fail to start if it does, so we need to fix it (that’s actually a potential DoS bug, I think, as users can delete their own certs).

Can you update too Webmin 1.860, which just rolled out, and see if the problem still exists? I don’t wanna bug Jamie about it if it is already fixed.

Hi @Joe

Still an issue. I just spent the whole day resolving that exact issue. It places that last created virtualserver cert details (in my case letsencrypt cert details) in the ipkey and ipcert lines at the bottom of the miniserv.conf file. This breaks my default SSL site and causes untold issues. Happens every time you create a new virtualserver btw.

Latest VirtualMin install as of today (2018-01-16)

Operating system Ubuntu Linux 16.04.3
Webmin version 1.872
Usermin version 1.732
Virtualmin version 6.02
Theme version Authentic Theme 19.07
Time on system Tuesday, January 16, 2018 6:56 PM
Kernel and CPU Linux 4.4.0-1048-aws on x86_64

1 Like