URL for Webmin/Virtualmin redirecting to somewhere else

OK, this is a real odd one and I can’t find the solution.

I have the GPL version (all updated) set up on a server. It’s hosting two top-level virtual servers (example.COM and example.NET), one sub-server and three aliases. These all work just fine. I have example.NET explicitly set up as the “Default website for IP address” at Virtualmin -> example.NET -> Server Configuration -> Website Options.

I have admin.example.COM pointing to the server’s IP address. When I access https://admin.example.COM:10000 I get the Webmin/Virtualmin log-in page, and I can log in with no problem. If I access http://admin.example.COM (note no HTTPS and no port number) I get redirected to the log-in page of my discrete Virtualmin Pro server. No idea why this is. There is nothing in the DNS of example.COM pointing to the IP address of the Pro server.

The GPL server was set up from scratch, so I don’t know how there would be a redirect to the old Pro server configured anywhere. I have checked a number of index.php and index.html pages on the server for references to the URL of the Pro server, and haven’t found anything.

The reason this is an issue is that when I try to renew the LE certificate for admin.example.COM, the validation process is redirected to the old Pro server where, of course, the validation files don’t exist.

Is there anywhere else I should be looking for redirects to the old Pro server?

Thanks.

Craig

Did you manage to set something under URL for admin redirect under the server templates on the GPL server?

Edit: on my phone right now, so don’t quite remember where it is, but Server settings - server templates - Apache something…

Hi @toreskev, thanks for your suggestion. I looked at System Settings -> Server Templates -> Apache website, but I don’t see what you might be referring to. Is it somewhere else?

Hm, not near the bottom of the page?

Yeah, but that’s webmail. Unless you’ve got webmail and Webmin confused, I don’t see the connection.

Oh, I see the connection. But yes, I have it set there, and it’s correct.

1 Like

Under webmail there is also an option to redirect admin…

Yes, it’s set.

The question is answered “yes”, and the URL is set to https://admin.example.COM:10000/.

Have you checked the Apache config for the domain on the server? Maybe there’s something there that could give you a hint.

Also check the logs while accessing to see where it’s heading.

I know exactly where it’s heading, just not why.

[13:44:55 leftseat@wrathall ~]$ wget -S --spider admin.example.com
Spider mode enabled. Check if remote file exists.
--2020-07-28 13:45:01--  http://admin.example.com/
Resolving admin.example.com (admin.example.com)... 1.2.3.4
Connecting to admin.example.com (admin.example.com)|1.2.3.4|:80... connected.
HTTP request sent, awaiting response... 
  HTTP/1.1 302 Found
  Date: Tue, 28 Jul 2020 20:45:00 GMT
  Server: Apache/2.4.6
  Location: https://cp31.anotherdomain.com:10000/
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=iso-8859-1
Location: https://cp31.anotherdomain.com:10000/ [following]
Spider mode enabled. Check if remote file exists.
--2020-07-28 13:45:02--  https://cp31.anotherdomain.com:10000/
Resolving cp31.anotherdomain.com (cp31.anotherdomain.com)... 2.3.4.5
Connecting to cp31.anotherdomain.com (cp31.anotherdomain.com)|2.3.4.5|:10000... connected.
HTTP request sent, awaiting response... 
  HTTP/1.0 200 Document follows
  Date: Tue, 28 Jul 2020 20:45:02 GMT
  Server: MiniServ/1.953
  Connection: close
  Auth-type: auth-required=1
  Set-Cookie: redirect=1; path=/; secure; httpOnly
  Set-Cookie: testing=1; path=/; secure; httpOnly
  X-Frame-Options: SAMEORIGIN
  Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; child-src 'self'
  X-Content-Type-Options: nosniff
  Content-type: text/html; Charset=UTF-8
Length: unspecified [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.

[13:45:02 leftseat@wrathall ~]$

I believe I’ve found where the errant configuration is. It’s in /etc/httpd/conf/httpd.conf. Not sure how the URL of the old Pro server got in there (must have been something I did), but I’ve removed it and replaced it with https://admin.example.COM:10000. Now I’ll just wait for LE’s cache of the redirect to expire and try again.

That’s probably what you were referring to @toreskev, so thanks.

OK, this is now a different ticket. Now when I try to renew my LE certificate, I get this error:

Traceback (most recent call last):
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 149, in get_crt
    raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for admin.example.com: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://admin.example.com/.well-known/acme-challenge/MvrJg05k2zhXXAo5iV3radsriHdnBItBRQ0fvO9OzPE', u'hostname': u'admin.example.com', u'addressUsed': u'2600:3c04::f03c:92ff:fed5:3db2', u'port': u'80', u'addressesResolved': [u'172.105.17.182', u'2600:3c04::f03c:92ff:fed5:3db2']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/6174587154/NxZjuQ', u'token': u'MvrJg05k2zhXXAo5iV3radsriHdnBItBRQ0fvO9OzPE', u'error': {u'status': 400, u'type': u'urn:ietf:params:acme:error:connection', u'detail': u'Fetching https://admin.example.com:10000/: Invalid port in redirect target. Only ports 80 and 443 are supported, not 10000'}, u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'admin.example.com'}, u'expires': u'2020-08-04T23:30:09Z'}

Not sure how to overcome that.

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.