ssl certifcate renew, problems with firefox & thunderbird

hi there

i had to renew a wildcard ssl certificate issued by commodo last year. everything worked fine. after renewal of the certificate we experienced issues with certain mail-clients (postbox on apple, thunderbird) to access mail without warning that the certificate is not valid. furthermore firefox displays the following: uses an invalid security certificate.
The certificate expired on 10/4/12 1:59 AM. The current time is 10/10/12 12:26 PM.
(Error code: sec_error_expired_certificate)

virtualmin tells me ( “Server Configuration” -> “Manage SSL Certificate”):
Web server hostname * Issuer name EssentialSSL CA
Issuer organization COMODO CA Limited Expiry date Oct 4 23:59:59 2013 GMT
Certificate type Signed by CA

so what went wrong with the update? google chrome is showing things as correct. one difference i see to an other installation is the following:

a perfectly running virtualmin domain under -> “Server Configuration” -> “Manage SSL Certificate”
SSL certificate file /home/xyz/ssl.cert
SSL private key file /home/xyz/ssl.key

it shows me cert and key file location, on the updated server i do not see any of these information, why?

i don’t know what i have to do differently then when setting it first up, or maybe i missed something which i did and was not mentioned in the documentation.

any help what to do?


It’s possible to update the SSL cert within Apache, but not within Webmin/Virtualmin.

That is, after performing the update in Server Configuration -> Manage SSL Certificates – which just updates Apache – you would then want to click the “Copy to Webmin”, “Copy to Postfix”, and “Copy to Dovecot” buttons.


hi there

i copied it, with no effect.

firefox tells me, that:

Owner: This website does not supply ownership information.
Verified: COMODO CA Limited

Could this be something with ca-bundle? I do not exactly know how it works but some research on google mentioned that firefox (and possibly thunderbird/postbox) handle certificates not the same way as for example google chrome and ie?

so i think i am just halfway through with the certificate, i guess something with ca-bundle is going wrong, do i do not know how to fix it… any input welcome.



Well, so long as the expiration date isn’t correct, it means it’s not seeing the correct SSL cert.

You may also want to try a restart of the service, just to make sure that’s not the issue.