I have configured Authenticated Origin Pulls (mTLS) from Cloudflare in my virtual servers (Zone-level authenticated origin pulls · Cloudflare SSL/TLS docs), and i put these in the Apache virtual server configuration (also, I deleted /home/user_name/ssl.ca):
All is ok, and works, but when I renewed the Let’s Encrypt certificate, Virtualmin recreated the file.
/home/user_name/ssl.ca
in the Apache .conf, and delete SSLCACertificateFile /etc/ssl/cloudflare/authenticated_origin_pull_ca.pem. Then, the connection with Cloudflare is lost.
Also, in the menu SSL Certificate > Current Certificate I see this: ** SSL CA cert for CloudFlare, Inc./origin-pull.cloudflare.net does not match the issuer of the SSL cert Let’s Encrypt/R12* when the authenticated_origin_pull_ca.pem is active.
How can I avoid this? Changing the template file in Virtualmin for SSL?
That seems likely. But, it still shouldn’t happen. There’s no reason for it to be there in a Virtualmin TLS configuration. It does nothing.
You can explicitly override the Virtualmin VirtualHost configuration in Server Templates, but I think that means you have to replace everything, which isn’t a great compromise. This is just a bug we need to fix, and I really thought we had fixed it…a few times.