Hello everyone,
I run into a strange problem, here’s how it goes.
Context : Debian 9 server. All packages, Webmin, Virtualmin, Authentic theme up to date. This server is dedicated to the hosting of one single site, let’s call it domain.com.
Virtualmin contains 2 Virtual Servers:
-
domain.com with its own RapidSSL SSL certificate. The certificate is correctly installed as well as the CA certificate.
-
The second Virtual Server is to manage the “root” of the server, it looks like “reverse.server.com”. It has its own Let’s Encrypt certificate, which has been copied to Postfix, Dovecot, ProFTPd, Webmin and Usermin.
So far so good, everything runs like a charm.
The problem occurs when the Let’s Encrypt certificate of VS #2 is renewed: whenever this certificate is renewed, the CA certificate of VS #1 is replaced by Let’s Encrypt’s CA certificate! Note that the certificate of VS #1 remains untouched: only it’s CA certificate is erased and replaced by the one of Let’s encrypt.
I already observed that kind of bug in the past, but it was on some other servers with many Virtual Servers. The situation was more tricky and I didn’t know exactly what to think about it.
Now I have a more striking example since this server only hosts 2 VS and the problem is 100% reproductible: every time the Let’s Encrypt certificate of VS #2 is renewed (automatically or manually), it also changes the CA certificate of the other domain hosted on the server.
Sorry for my rather poor English, I hope it was clear enough … any idea where I have to look into to fix this ?
All the best,
Nico