noob here, so apologies in advance for the probably stupid questions.
I’m confused about SSL setup in VirtualMin.
It seems there are two places that SSL certificates can to managed for a given site in Virtualmin
Server Configuration > SSL Certificate
Services > Configure SSL Website > SSL Options
…and that the options set in these two places can be mutually contradictory. Where there its a contradiction, which one “wins” and is actually used by the webserver?
I’d be really grateful if someone could throw some light on the the purposes of these two admin areas, and the correct process to be used to install or update an SSL certificate.
Also, I notice that some (but not all) of the virtual servers I’ve setup are set to use a shared certificate in Server Configuration > SSL Certificate. Since the certificate installed in the first site covers all sites, it makes sense for all sites to share the same certificate, but one of the sites doesn’t seem to be setup to do this, and I can’t find where to set this option.
Sorry again for the silly questions. SSL does in fact seem to be working as it should, at the browser end, but I want to clear up my confusion about the above, so I’m in a better position to troubleshoot potential future issues, and know the best way to renew the certificate next time I need to.
Incidentally, I can’t work out how to get the VirtualMin version in the Web/VirtualMin web UI. I will update the info at top if someone can tell me how to find the version number.
Welcome.
I’ll answer that one first.
At the top of the Dashboard you will see some icons. Click on the “clipboard” and it copies the system info to your clipboard to paste in.
As for SSL
Server Configuration → SSL Certificate
is the one I use as it is definitely per VS(domain)
Hi @Stegan thanks very much for getting back to me!
Re. VirtuallMin versions: Oddly, when I do that, I just get this in the clipboard
SYSTEM INFORMATION
(no actual information).
Re. Services > Configure SSL Website > SSL Options: That’s strange. SSL Options is an icon on the Services > Configure SSL Website page on my system, giving access to this panel:
The website option is for a more granular option if needed. There are lots of things in the program that were probably added to solve some issue or need at some point.
You can use multiple certs. I know in the past a commercial cert could be quite narrow in scope and maybe only apply to a specific commerce site. The code here probably easily predates Let’s Encrypt. But for most of us, don’t worry as long as it works.
This is what confuses me. I actually have different certificate files referenced in the two places. This is because it’s not possible to use a cert file that’s outside a site home directory in Server Configuration > SSL Certificate, so I had to copy the certificate from a central location in /etc/httpd into the home of one of the sites, in order to use it.
At the moment, the data in the files are the same, but in the past they were contradictory, and it seemed liked client browsers were seeing the certificate specified in the Configure SSL Website panel, rather than the certificate defined in Server Configuration > SSL Certificate when showing any of the hosted sites.
Could it be the case that the certificate setup in Configure SSL Website is only used when serving websites via https, and the SLL setup options in Server Configuration > SSL Certificate apply only to other services the server provides (ie Web/Virtualmin on port 10000)?
This would make sense, but isn’t flagged up in the Virtualmin UI, as far as I can tell.
I don’t think so as I only know about the Server Configuration -> SSL Certificate and that provides the SSL on the per domain basis VS for webservers and for mail as requested under the Lets Encrypt tab. I have no idea what the Configure SSL Website panel does because I have never seen it or know how to get it.
On the theme issue. Is there a reason not to update it? and recheck configuration.
It could be that panel is disabled in the module config. Or maybe you’re using Nginx, and it only appears if you have Apache installed.
Config check fails, with an error re. public IP address and NAT. Maybe that’s. causing issues, and preventing updates showing up. When I check for module updates, nothing is listed, which seems wrong as it’s a while since I updated.
