Virtual Server Migration where Hosting Server is a Subdomain of the Domain in one of the Migrated Virtual Servers

Virtualmin
1

I ran into a situation where an existing Ubuntu 18.04.6 LTS server running Virtualmin and Webmin started running out of space. So I decided to move some virtual servers to a new server similar to the first one. Let’s call the new server server2.domain.com to distinguish it from the old one server1.domain.com.

My normal approach to provisioning a new Virtualmin / Webmin server is to:

  1. Create the server, install Webmin and Virtualmin, get the SSL for the control panels running under a Lets Encrypt certificate for it’s FQDN.
  2. Migrate a virtual server from the old server to the new server.
  3. Get an additional Lets Encrypt certificate for the migrated virtual server.
  4. Enable SSL on the webserver within the migrated virtual server and move the content from the http to the https website.

In this case, I decided to move my company’s own web presence to the new server first, so that we took the downtime hit if things didn’t go perfectly.

The problem I ran into is that the new Webmin / Virtualmin server is named server2.domain.com and the first migrated virtual server happens to contain the parent domain for that subdomain, in this example called domain.com.

The Lets Encrypt certificate for server2.domain.com covering Webmin and Virtualmin is set up and works correctly. But when I migrated the virtual server for domain.com to the new hosting server, and got the Lets Encrypt certificate issued for it correctly, as soon as I enabled SSL on that website, my browser started reporting “This Connection is Not Private” for the Virtualmin / Webmin control panel.

The certificate being presented is for the parent domain, not the subdomain.

Why is this happening? How should I have set this up, so the certificate presented by Webmin and Virtualmin remains server2.domain.com?

Thanks,

–Dave Aiello

SYSTEM INFORMATION
OS type and version Ubuntu 18.04.6 LTS
Webmin version 1.990
Virtualmin version 6.17-3
Related packages Not sure what you want here
2

Before I answer your question, I feel the correct workflow should be step 4 followed by step 3. That is, enable SSL for a virtual server, then apply SSL certificate.

Now, to your question about why the domain is interfering with the subdomain, did you perchance ask for a wildcard SSL for the domain? It may be that Virtualmin intelligently chooses the higher level certificate when it finds a subdomain present.

I am just guessing here…

3

I only can tell it should be possible to have more servers with same main domain name but then different subdomain as hostname.

But only one could have serve the real main domain as virtualserver!

I have myself:
hst1.mydomain.de there on mydomain.de

and second box hst2.mydomain.de only there the hst2.mydomain.de

DNS external services pointing the right stuff.
Also SSL TLS and DKIM DMARC working on both servers where main mailserver is the hostname where it is on. So must be working here one on centos 7x and other alma 8x vmin 6.x

Problem is maybe if you migrate the main domain from one to the other box, you have to take care of the dns that takes time to resolv. and ist must be deleted afterwards ofcourse from old box, where you must take care the hostname stays.

Oyea while i use external dns services i had no problem with resolving times, while i did the dns 1 day before if installed the second server. set ttl time some day’s before moving / migrate on 5 minutes or so

I didn’t do a migrate / move but used it for extra box / hostname, and only did put the virtualserver from the start on the second with hst2.mydomain.de anc the ssl letsencrypt for it and copy that to services.

So maybe you should start in that way, then if fully running, move the maindomain from old box to new box.

Wildcards letsencrypt not working here i think for hostname subdomain and maindomain for doing migrations!

Also i think to have no problems reconize the right ssl cert ( and dkim on hostname) , that was why i decided to use a own real virtualserver as hst2.mydomain.de so no subserver / alias here!

At ssl configuration if i did it right? i have:
"SSL certificate file /home/hst2/ssl.cert
SSL private key file /home/hst2/ssl.key
Web server hostname hst2.mydomain.de Issuer name R3
Issuer organization Let’s Encrypt Expiry date May 25 09:15:22 3022 GMT
Certificate type Signed by CA
Other domain names admin.hst2.mydomain.de, mail.hst2.mydomain.de, hst2.mydomain.de, webmail.hst2.mydomain.de, www.hst2.mydomain.de.
Used by services Webmin (hst2.mydomain.de), Usermin (host hst2.mydomain.de), Dovecot (host hst2.mydomain.de), Postfix (host hst2.mydomain.de)
"

4

The new hosting server, which I’ve been calling server2.domain.com, was working as far as I was willing to test it, before I tried to move the virtual server containing domain.com to this new hosting server.

The big issue is that the established lets encrypt certificate for server2.domain.com, which was being asserted when I connected to server2.domain.com to access Virtualmin, was no longer asserted once the domain.com digital certificate was requested and installed and the SSL website for domain.com was enabled.

With the SSL website enabled for domain.com, the certificate asserted when trying to access server2.domain.com is the certificate for domain.com, not a wildcard certificate.

When I turn off the SSL website for domain.com and hit “Save”, I see the following message:

Save Server in domain domain.com

Are you sure you want to save the domain domain.com? The following features have been selected for deletion:

Apache SSL website: All Apache directives in the SSL virtual host will be removed.

The confirmation button below that message says “Yes, Save Now”.

Once that process is completed, the certificate server2.domain.com is again correctly asserted when I try to access Virtualmin.

5

Can’t help sorry , i do no migrations on virtualmin. (sofar)

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.