Virtualmin virtual-server module version 6.08 released

Howdy all,

We’ve rolled out version 6.08 of Virtualmin virtual-server module. This release includes some security fixes (domain owners can obtain access they shouldn’t have), so upgrading ASAP is recommended.

Changes since 6.07:

  • Fixes for several security issues that could be exploited by domain owners. Thanks to RACK911 Labs for finding and reporting these!
  • Much improved MariaDB 10.x support.
  • Virtual servers to backup can now be selected by reseller.
  • Fixes for Dropbox backup problems.
  • Fixes for FPM port collision problem.

The Dropbox fix also needs a Webmin update to 1.932 (also rolled out today). The updated MariaDB 10.x support means we can finally support Debian 10 and CentOS 8. Debian 10 support should be announced in a day or two (we’re testing and it looks good so far), and CentOS 8 soon after.

As always, report bugs!



Is this solved to?

Or upcoming update in time?

letsencrypt moved to API v2 in the meanwhile, deprecating API v1. Therefore i will receive this error:

Error registering: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See for details.

Those issues are not part of this release – we hope to have that sorted soon, though the workaround until then is to install certbot, which Virtualmin can use to generate new Let’s Encrypt SSL certificates.


First time I’ve gotten that error in virtualmin I think, it said the package couldn’t be authenticated, and thus wouldn’t be installed.

I had to do it in a terminal, apt-get upgrade.

~# apt-get upgrade
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages will be upgraded:
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,797 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue [Y/n]? Y
WARNING: The following packages cannot be authenticated!
Install these packages without verification [y/N]? Y
Get:1 virtualmin-universal/main webmin-virtual-server all 6.08.gpl [1,797 kB]
Fetched 1,797 kB in 0s (21.4 MB/s)
(Reading database … 107172 files and directories currently installed.)
Preparing to replace webmin-virtual-server 6.07.gpl (using …/webmin-virtual-server_6.08.gpl_all.deb) …
Unpacking replacement webmin-virtual-server …
Setting up webmin-virtual-server (6.08.gpl) …

Maybe because I’ve tested it on a debian Wheezy that’s not maintained anymore, no idea.

Still, I report it in case it mattered.

OK maybe you take a look at this solution to. for clone or working together if that is a good one.

It’s probably the easiest & smartest shell script to automatically issue & renew the free certificates from Let’s Encrypt. they write

The repo metadata should be signed, though apt repos are still occasionally mysterious to me. Try apt-get clean; apt-get update and see if the problem persists.

Edit: Also, get onto a supported version of your OS! You’re in danger!


Where can we find the new installer for testing on Debian 10 ? :slight_smile:

I currently have Virtualmin “6.08 Pro” installed and I am getting update notifications for version “6.08.gpl”, am I supposed to be getting that update?

Take care of this to!
We have added support for the POST-as-GET construction for certificates, orders, authorizations and challenges to the ACME v2 API while simultaneously allowing legacy GET requests to these resources. Clients may begin sending POST-as-GET requests to the staging and production V2 API as of October 25th, 2018.

On November 1st, 2019 we will remove support for unauthenticated GETs from the staging V2 API, requiring client support for POST-as-GET.

On November 1st, 2020 (one year later) we will remove support for unauthenticated GETs from the production V2 API.

No, you should not be receiving notices for the GPL version if you’re using Pro. You may want to open a support incident so we can look deeper into that… it may mean your repo is pointed at the GPL version rather than Pro version for some reason.


It’s not a constantly running production server, no worries about that. A terminal apt-get --upgrade command allowed to give manually the required [Y] confirmations, so it’s also allright.
I was simply reporting something that might have been an issue, in case it was particular to the 6.08 version and could mean trouble, that’s just it :slight_smile:

Hi @joe

Where can we find the new installer for testing on Debian 10 ? :slight_smile:

My Systmem is with following :
Operating system Debian Linux 11.0 Webmin version 1.930 Kernel and CPU Linux 5.3.0-1-amd64 on x86_64 Processor information Intel® Core™ i5 CPU M 450 @ 2.40GHz, 4 cores


Debian 10 support should be announced in a day or two :slight_smile:

Waiting for Virtualmin for Debian 10 buster … please let me know where can I download new for testing.


One month and a half after the release of 6.08, may I politely ask if you know if you have a window of visibility for when we may hope to see a Debian 10 compatible virtualmin release?

I’m certain you and your colleagues have your valid reasons for delaying the announcement and release of a version of Virtualmin that would officially work with Debian 10, I am not questioning this, no doubt there’s work going on behind the scene, or maybe you are waiting for a third party to deliver/update/code something.
But, well, simply, I am curious, I hope that doesn’t come as unwanted pressure to ask for an estimation, if an estimation can be done :slight_smile:

@joe more than a month since this post about debian 10… any news on this ?

I feel that forum support has changed in the last six months compared to previous years. No status updates …Does Virtualmin have any problem? Or does it only have to do with Debian 10?

You can read this

The forum readers should have noticed lot of BUGS/Changes needed with newer versions of some “software”

And ofcourse few Developers.

And Busy with new forum software to.

So alltogether one could / should understand the time needed is…

Thats fine… thats what happends… but when joe for more than a month ago posted that it would be released in 1 or 2 days, then just radiosilence it is bad… If a new post/reply was made, that there is problems being worked on and therefor things take longer time, we can wait, just hard, when there is no information.
Is there an estimate when it will be ready or is there still to much work to give this estimate ?

The best TIP i can give: :wink:


( typing here in forum cost time, especially if it is not clear enough release time …makes it … you give the example yourself… :wink: