SSL option not available

Roborough · February 16, 2023, 3:35pm

SYSTEM INFORMATION

I built 2 servers on the oracle free cloud and they share the same public subnet.
They both have the same versions of software and both are updated.
Server1 has the “Setup Apache SSL website” and it works fine
Server2 does not have the option in the create or edit.
I just ran certbot certonly and got a success message and its put the certificates in etc/letsencrypt/live… but the website is still not secure.
So why has this instance of virtualmin not included the SSL option
many thanks

jimr1 · February 16, 2023, 3:38pm

see Virtual server on virtualmin keeps redirecting to wrong website - #11 by Gomez_Adams set this up & update your certs via virttualmin

Ilia · February 16, 2023, 4:46pm

Hello,

What is being set under features section in Edit Virtual Server page? Can you provide a screenshot?

Jamie · February 16, 2023, 5:14pm

In Virtualmin 7.5, by default when you create a new domain and check the “Setup Apache website” option an SSL website will also be enabled automatically. Our thinking is that there’s no reason not to always enabled SSL…

There should be no need to run certbot manually. Instead, after creation go to Server Configuration → SSL Certificate and request a Let’s Encrypt cert.

jimr1 · February 16, 2023, 5:17pm

would have been nice to know this fact … but you live & learn

Joe · February 16, 2023, 5:23pm

It was in the changelog, but I can see it is not at all obvious what it means:

“Added support for enabling an SSL website automatically”

Roborough · February 16, 2023, 5:51pm

I got 2 installs of virtualmin 7.5 both installed on ARM - 2 core - 12gb VPS

I just made this website, it is the only one on the server
There was no option to enable SSL on creation which I understand has now been automated.
During the creation dialog it reported
Creating SSL certificate and private key …
… done
Adding new SSL virtual website …
… done
But the site does not have a certificate
I have a few sites on my other 7.5 vmin which does have the option
I have created an account plan to include SSL
and both checkboxs are ticked in the plugins SSL options
any thoughts?

Jamie · February 16, 2023, 6:46pm

What do you mean by the site doesn’t have an SSL certificate? It may have a self-signed cert which is the default if Virtualmin can’t request a valid cert at setup time from Let’s Encrypt…

Gomez_Adams · February 16, 2023, 6:52pm

And not surprisingly, the flatearth site is unsecured and the crabline site is. In fact, it says that the flatearth site doesn’t have a certificate. If it did have a self signed I would think it would have a no-good certificate error, not a no certificate at all error.

I’m on 7.5 as well and still have the enable Apache SSL website check box. I’ve never seen Virtualmin without it.

Ilia · February 16, 2023, 7:03pm

Yes, it is automatically always chained to be enabled by default.

Yes, what is the output of:

grep -Rs :443 /etc/apache2 -A 4 | grep -i virtualhost -A 4

Roborough · February 17, 2023, 6:06pm

root@beano:~# grep -Rs :443 /etc/apache2 -A 4 | grep -i virtualhost -A 4
/etc/apache2/sites-enabled/flat-earth.website.conf:<VirtualHost 10.0.0.151:443>
/etc/apache2/sites-enabled/flat-earth.website.conf- SuexecUserGroup "#1004" "#1004"
/etc/apache2/sites-enabled/flat-earth.website.conf- ServerName flat-earth.website
/etc/apache2/sites-enabled/flat-earth.website.conf- ServerAlias www.flat-earth.website
/etc/apache2/sites-enabled/flat-earth.website.conf- ServerAlias mail.flat-earth.website

Ilia · February 17, 2023, 10:31pm

Your site https://flat-earth.website works just fine. No worries.

Roborough · February 18, 2023, 11:54am

That is good news, although I don’t know why it started working.
The DNS has been set for about a week.
Thank you for your assistance

dpark34 · April 9, 2023, 6:52pm

I think it’d be better to have the “setup ssl website too” check option in there.
It enabled me to troubleshoot when ssl certificate breaks or expires causing nginx to stop functioning and reluctant to restart because of certs mismatching or any other ssl related problems.

It was easier to tackle on such problems before just by disabling the ssl option, get nginx up and running next then re-enabling the ssl option always have worked.

Sometimes expired letsencrypt certs give all sorts of problems especially when you need or decide to revert the location path of ssl certs files back to virtualmin folder from website’s home directory.

Maybe it’s just me but that little check box never really bothered me lol it’s sad to see it go.

Stegan · April 10, 2023, 12:33pm

Screenshot 2023-04-10 133129
I agree. Why doesn’t the LE request always start as renew “yes”? Why would anyone requesting a cert ever want it to not renew?