Our vmin server is currently using the default port 10000 for the webmin login page. That has a current SSL cert but our security guys are complaining that our security score is being negatively impacted because the root domain (without the :10000 appended) doesn’t have a valid cert.
I have tried setting one of the configured subdomains that also has a valid SSL cert to be used when someone visits the server by setting that as the default but that hasn’t worked. The subdomain opens fine (conplete with secure SSL connection) if I enter its full address but it doesn’t load correctlly when vmin redirects to it from the root domain.
I suspect I can fix this by changing the port of webmin to 443 but might there be a better solution so that we don’t have to change webmin’s port?
why not add a certificate to the ‘root domain’ however I am not quite understanding your question …
all domains that you install and a certificate you can append :10000 to them to access webmin, I’m guessing you are talking about the hostname (this maybe the root domain) is this correct ?
Add a new virtual server the same as your hostname. Then request an SSL certificate for it. Access your Virtualmin using a hostname and a port. This solves your concern.
You should almost always change the default port to your own unless you want people to easily know you are using Virtualmin. We do not expose any of our software for security reasons, including nginx header information.
If you make a server in virtualmin for the domain you used to install virtualmin with. Your host like (server.domain.TDL) and only enable Apache, not mail or database you can request a letsencrypt cert (or any cert you have) and it will not break stuff. Enabling mail on that server is what breaks stuff.
Changing the port won’t fix it.
You can also access your admin panel with any domain.TLD:10000 that is on your server but you have to give that user all the privileges needed to be admin.
Yes, I think adding a cert to the “root domain” would be one solution here but I’m not sure how thars done. Its my understandig that webmin uses its own custom webserver so I’m not sure if I’d need to be modifying that or apache but I presume the former.
I am talkig about the SSL cert errors that people get when they currently visit
We mainly use apache, mysql and postgres on our vmin server. It may have some sort of email support partly enabled but we don’t support that. We could fully disable vmin email support if it isn’t disabled already.
Yes, that option “Create host default domain with Let’s Encrypt certificate” sounds like it should fix my problem, It was set to No so I changed it to yes, clicked save but its not fixed my problem so I’ve either found a bug or there is an additional step or two required?
Looking at the list of subdomains on my vmin server after doing this I can’t spot a new one. I expected it would create a new subdomain, generate a new LE cert and then make that new subdomain the default automatically?