Is it now possible to just store the certificates in the users home directory and make the server resilient to accidental certificate deletions.
This as mentioned can make things easier to manage, a little more logical because all user files should be in their home directory and one further step from the wizard can be removed.
@Jamie, I think this is a good question — what really stops Virtualmin from creating ~/ssl.* files in user home directory without permissions to edit/delete those files?
This doesn’t sound right. I have yet to know anyone accidentally deleting their own ssl certs.
You would cause a lot of problems if the user is unable to delete a corrupted cert and keys or just delete for manually switching them out.
I would suggest making a directory /home/user/ssl makes it easier to find instead of throwing them in the /home/user/ directory.
I had a case not to long ago where Let’s Encrypt Certs where corrupted during creation and being able to go in and delete all ssl files and recreate took only 5 minutes to resolve.
Although it might seem like a good plan, in practice, it’s a worst-case scenario for shared hosting. Unless each user had a separate webserver, on a separate IP address, it’s not feasible to implement this idea safely. Each domain’s SSL certificate is read by a webserver. If a certificate is missing or corrupt, the webserver (such as Apache or Nginx) will fail to restart, affecting every other domain hosted on the system.
And, yes, it needs to be managed by Virtualmin. If Virtualmin configured the ~/ssl.* files to be owned by root:domain1 with permissions set to 0640, it would prevent manual mis-editing of SSL certificates. However, this approach would require making those files immutable to prevent deletion, and handling it every time certificates are renewed can be error-prone; using a separate directory like ~/ssl/ (with special permissions) under user’s home to store ssl.* certificate files could also work though.
Besides, storing system-related files under a user’s home directory presents other issues (like malicious symlink attack) and generally should be avoided.
I think we should just stick to /etc/ssl/virtualmin for storing SSL certificates.
Yeah, we used to put certs in the home directory, but this allows domain owners to rename or delete them, which can then cause Apache to fail to start! In a shared hosting environment, this allows one user to take down websites for everyone…
What problem are we trying to solve? The only thing I see that having a copy in the users home directory is that it is easier to move the site? ( I guess I never thought of this, but does the VM backup include the keys?) Maybe it would be just as good to store a copy of the current good cert there then?
