Just raised a new hosting server with Webmin/Virtualmin supposed to host a batch of virtual hosts from old hosting farm without any management UI. Turned out that latest Virtualmin (7.40.1.gpl) lack the checkbox " Setup Apache SSL website" in Create Virtual Server form. Means how to disable SSL website for a new virtual server are nowhere to found. Former Let’s Encrypt entries under System Settings → Virtualmin Configuration → SSL settings are gone. How to disable HTTPS by default for a new virtual server now?
Why I need HTTP by default? Because I won’t switch DNS for old hosts I want to migrate before they are tested on a new server. Manual entry in /etc/hosts and a self-signed SSL certificate are enough for that. Only when migrated hosts will be accepted as working on the new server, I will switch their DNS records and enable HTTPS for them with subsequent Let’s Encrypt certificate generating. Till then I want HTTPS disabled. I’m aware about Disable SSL for new domain and I agree to disagree with @ID10T’s answer about HTTP-only site usefulness. Why I want HTTP-only site in general, is not his or everybody else business.
I’m not sure what context you mean here, but I have automatic SSL turned off because I needed that for site migration. After that? I don’t need to have my browser exempt it every time for not being https.
In that other thread you said “You realize most browsers will block nonhttps sites by default now? …”. Yes, I know that. And that doesn’t change the fact that it is nobody’s business I need to use HTTP or HTTPS for this or that virtual host on my server. Particularly now I must go with HTTP on default due to migration constraints I explained in my question.
Flames aside, the latest Virtualmin version - 7.40.1.gpl - has no visible means to go with HTTP by default. Really, I checked with other server I installed at last week, but with Ubuntu Server 24.04.3 LTS. The same problem repeats. You see, the older Virtualmin versions had the possibility to skip SSL on default during virtual server creation. Particularly Virtualmin 7.10.0 that I have in other server.
However latest Virtualmin version - 7.40.1.gpl - lack the possibility to skip SSL on virtual server creating. The same Create Virtual Server form in it:
As you see there is no way to choose or refuse SSL on virtual server creating. Without it Virtualmin tries to create SSL certificate on each new virtual server creation and freeze for like 5 minutes with that till Lets Encrypt kick it out with “Too many failed authorizations recently.”. I have no idea where the SSL website checkbox or whatever control it uses now is hidden. IMHO it is either moved under some unrelated name or removed from miniserv completely because I found nothing in Virtualmin settings what might work for disabling SSL by default for virtual servers. Maybe you know where I can do it in latest Virtualmin - I am out of ideas.
You missed the part where I’m asking for help about switching the HTTPS certificate creating during new virtual server creating. I want that because I wish to have new virtual server as HTTP-only by default. And forced waiting during Virtualmin’s create-domain.pl struggle with Lets Encrypt for 5 minutes on each new virtual server creating is unnecessary. You said that you disabled mandatory HTTPS on new server creation in your Virtualmin instance(s). How you did that?
I’m familiar with Perl enough to nudge the Virtualmin Perl code in this aspect. But I definitely want to avoid that if possible. For now the disappeared “Setup Apache SSL website” checkbox look like Virtualmin developer idea fix because “nobody use plain HTTP anymore”. I believe these “smarties” have no idea what really people use.
The biggest ‘problem’ with the software is number of choices it gives you and they may not be the easiest thing to find. I believe this is where you disable automatic though.
My Virtualmin configuration “SSL settings” form look exactly like yours. But on each new virtual server creating Lets Encrypt certificate enrolling is fired despite what is set here. I started to investigate… In never Virtualmin versions SSL certificate provider configuration is moved behind paywall. Suspiciously look like that now the SSL website feature in Virtualmin is enabled by default and can’t be disabled in community version. As I said earlier, poking around other SSL options didn’t helped. But… there is still Virtualmin CLI API where is possible to create a new server with create-domain command (it is a Perl script actually) from a terminal. The description page for create-domain command in Virtualmin online documentation has the sentence
Use the --letsencrypt flag to request an auto-renewable Let’s Encrypt certificate. To do the same but skip connectivity checks, use --letsencrypt-always flag instead.
So Lets Encrypt for virtual server creating is available via CLI parameters after all. Interesting… lets dig here a bit with old trusty grep:
So it should be possible to skip Lets Encrypt certificate enrolling by adding undocumented parameters --letsencrypt-never or --acme-never to the Virtualmin create-domain command. Let check it out:
# virtualmin create-domain --domain mydomain.tld --pass mypassword --unix --dir --webmin --web --mysql --dns --logrotate --letsencrypt-never
Beginning server creation ..
Saving server details ..
.. done
Creating administration group mydomain ..
.. done
Creating administration user mydomain ..
.. done
Adding administration user to groups ..
.. done
Creating home directory ..
.. done
Creating mailbox for administration user ..
.. done
Adding new DNS zone ..
.. done
Adding new virtual website ..
.. done
Adding webserver user apache to server's group ..
.. done
Performing other Apache configuration ..
.. done
Creating SSL certificate and private key ..
.. done
Adding new SSL virtual website ..
.. done
Setting up log file rotation ..
.. done
Creating MariaDB login ..
.. done
Creating MariaDB database mydomain ..
.. done
Creating Webmin user ..
.. done
Saving server details ..
.. done
Updating Webmin user ..
.. done
Creating initial website index page ..
.. done
All done!
After few seconds I had a new virtual server without waiting for certificate enrolling that will not happen anyway due to lack of DNS entry in public registrar database. Added few other virtual servers in same way without any problems. Manual Lets Encrypt certificate enrolling via Manage Virtual Server → Setup SSL Certificate for these server domains works as usual. Now I can confirm that this method works. At least if Virtualmin developers will not break something else in future.
Still creating new servers via CLI only is kinda meh. I hope that Apache SSL website checkbox for new server creating will return.
Go to the “System Settings ⇾ Features and Plugins” page, find the “Apache SSL website” row, and disable “Default?” for it—then the option will be visible in the UI.
This feature is chained by default with non-SSL websites, which is why it is hidden by default.
You can disable this on the “System Settings ⇾ Server Templates: Edit Server Template / SSL website for domain” page by using the “Request SSL certificate from provider at domain creation time” option.
We have no “idea fix”—we did this to simplify the UI.
Virtualmin code is complex. Please don’t edit the source code manually, even if you can—just ask us; we’d be happy to help or add anything that’s truly missing.
Indeed it works. Where you been before? Definitely you should update Virtualmin documentation better about this or pin this thread. I noticed arbitrary number of other people who searched for solution for this exactly problem. For you, guys, there is how it look in my Virtualmin settings:
Definitely you should update Virtualmin documentation better about this or pin this thread. I noticed arbitrary number of other people who searched for solution for this exactly problem. For you, guys, there is how it look in my Virtualmin settings: