I’ve just finished setting up two new VPS with fresh installations of Virtualmin. I’m starting over fresh after my previous hosting provider folded.
I’ve got the basics set up, now I want to cluster the two servers together using the basic clustering features from Webmin. However, when add one server to the other and check it the Server Status says
Failed to connect to my.host.name: Invalid SSL certificate : Certificate is signed by an unknown CA : /C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3 (code 20). Now, I’m aware I can simply uncheck “Check remote SSL certificate?” and it will work. I’ve done this in the past. However, I’m a bit perplexed on why this is necessary and, from a security standpoint, I’d rather not assume the cert is valid just cause it exists (could have just used a self-signed cert for that).
So what’s the problem here and, more importantly, how do I solve it?
EDIT: Hmm, I may actually have found the problem. I just noticed the “File or directory for remote SSL CA certificates” setting in the Webmin Servers Index module config. It’s set to only pull certs from
/usr/share/ca-certificates. I had assumed
/usr/local/share/ca-certificates would be sourced as well and placed the LetsEncrypt ca-cert there… but it seems not. Is moving the ca-cert to a system-managed directory the only option?
EDIT2: Nope, it seems placing the ca cert in
/usr/share/ca-certificates does not work either.