Primary SSL cert for main domain

Our vmin server is currently using the default port 10000 for the webmin login page. That has a current SSL cert but our security guys are complaining that our security score is being negatively impacted because the root domain (without the :10000 appended) doesn’t have a valid cert.

I have tried setting one of the configured subdomains that also has a valid SSL cert to be used when someone visits the server by setting that as the default but that hasn’t worked. The subdomain opens fine (conplete with secure SSL connection) if I enter its full address but it doesn’t load correctlly when vmin redirects to it from the root domain.

I suspect I can fix this by changing the port of webmin to 443 but might there be a better solution so that we don’t have to change webmin’s port?

why not add a certificate to the ‘root domain’ however I am not quite understanding your question …
all domains that you install and a certificate you can append :10000 to them to access webmin, I’m guessing you are talking about the hostname (this maybe the root domain) is this correct ?

Add a new virtual server the same as your hostname. Then request an SSL certificate for it. Access your Virtualmin using a hostname and a port. This solves your concern.

You should almost always change the default port to your own unless you want people to easily know you are using Virtualmin. We do not expose any of our software for security reasons, including nginx header information.

There is an option for creating a SSL for the hostname. It’s in the virtualmin settings, I can’t remember what it is called but it should be obvious.

Don’t create a virtual server manually for the hostname i.e. myserver.hostname.com it will break stuff.

If you make a server in virtualmin for the domain you used to install virtualmin with. Your host like (server.domain.TDL) and only enable Apache, not mail or database you can request a letsencrypt cert (or any cert you have) and it will not break stuff. Enabling mail on that server is what breaks stuff.

Changing the port won’t fix it.

You can also access your admin panel with any domain.TLD:10000 that is on your server but you have to give that user all the privileges needed to be admin.

Screenshot 2024-03-27 at 7.03.40 PM1404×306 25.2 KB

Yes, I think adding a cert to the “root domain” would be one solution here but I’m not sure how thars done. Its my understandig that webmin uses its own custom webserver so I’m not sure if I’d need to be modifying that or apache but I presume the former.

I am talkig about the SSL cert errors that people get when they currently visit

domain.com

instead of

domain.com:10000

Which is fine cert wise.

I have not been able to find this option. Are you sure this will fix my cert errors for when people visit domain.com instead of domain.com:10000?

Does anyone know where this option can be found?

We mainly use apache, mysql and postgres on our vmin server. It may have some sort of email support partly enabled but we don’t support that. We could fully disable vmin email support if it isn’t disabled already.

System Settings → SSL Settings → Create host domain with Let’s Encrypt certtificate

Set to yes

I can’t quite understand your issue to be honest to early in the morning but this will add a cert to virtualmin.server.com

My setup

• mydomain.com
  • my local domain
  • I also have a virtual server running on this
• virtualminserver.mydomain.com
  • my server host name
  • I have an SSL installed on it because I used that setting above
  • i don’t use this for a website.
  • Using an email service on domain this will break email routing.
  • I would never manually create a virtual server for this domain as it will break things
  • You could leave visiable and maybe use it for a website which I have never done.

NB If in doubt set up an dev server and play around with it. that is what I do because I am not a linux expert.

We have created a sub-server under the main domain for the hostname. Nothing has been broken.

as long as it is not the same as the hostname of the server, I don’t know about domain.virtualminserver.mydomain.com

Yes, that option “Create host default domain with Let’s Encrypt certificate” sounds like it should fix my problem, It was set to No so I changed it to yes, clicked save but its not fixed my problem so I’ve either found a bug or there is an additional step or two required?

Looking at the list of subdomains on my vmin server after doing this I can’t spot a new one. I expected it would create a new subdomain, generate a new LE cert and then make that new subdomain the default automatically?

• Yes, and keep visible = A virtual server will apear in your list of virtual servers and stay there
• yes = it just presents the domain while it is doing the LE SSL handshakes and then hides it again.

I have tried using the Yes, and keep visible option now too and that hasn’t worked either so it looks like I need to open a bug report.

EDIT

iliajie syas to run the System Settings --> Re-Check Configuration and I can confirm this works

Perhaps for context read the tool tip for

System Settings → SSL Settings → Create host domain with Let’s Encrypt certtificate

I think that is what the OP is on about … it’s not clear by what is meant by ‘root domain’ I guessing this is the system hostname

Yes I should’ve just said hostname rather than root domain.

No luck here:

I ran virtualmin check-config and it ended with:

Creating poseidon.salford.ac.uk as host default domain ..
.. failed : The DNS domain poseidon.salford.ac.uk is already hosted by your DNS server

there is already an account created for the domain poseidon.salford.ac.uk

have you got this configures as a sub-server of or an alias, I suspect you have.

what do you see under List Virtual Servers

I cannot see a domain that is using the just the hostname for its domain name in the list of virtual servers. They all have a prefix.

Maybe I need to delete the DNS entry for the server off of my virtualmin server then re-run the check config?