Webmin installed correctly but own certificate got SSL_ERROR_NO_CYPHER_OVERLAP

Help! (Home for newbies)
1
SYSTEM INFORMATION
OS type and version Linux Debian 13
Virtualmin version 2.620

Hi,

i’ve installed webmin as usual (i’ve made more than 100 installation without any issues).
I tried to setup the SSL cryptography with my own certificate.
Thus i set up the key with my cert private key and the cert with my certificate.
But when restarted i got error: SSL_ERROR_NO_CYPHER_OVERLAP

On the same server i have another application, kanboard which i setup with its own certificate without any issue. It work well, and it was recognized by my browser.

I suspect the error in webmin could be caused by the SHA512 signature algorithm used? may that be possible?

~# openssl s_client -connect bhaal.net.enedwaith.org:10000
Connecting to 192.168.1.105
CONNECTED(00000003)
407771DD8E750000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:../ssl/record/rec_layer_s3.c:916:SSL alert number 40

no peer certificate available

No client certificate CA names sent
Negotiated TLS1.3 group:

SSL handshake has read 7 bytes and written 1565 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Protocol: TLSv1.3
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

~# sslscan --show-certificate --show ciphers :10000
Version: 2.1.5
OpenSSL 3.5.4 30 Sep 2025

Connected to 192.168.1.105

Testing SSL server on port 10000 using SNI name bhaal.net.enedwaith.org

SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0 disabled
TLSv1.1 disabled
TLSv1.2 disabled
TLSv1.3 disabled

TLS Fallback SCSV:
Connection failed - unable to determine TLS Fallback SCSV support

TLS renegotiation:
Session renegotiation not supported

TLS Compression:
Compression disabled

Heartbleed:

Supported Server Cipher(s):
Unable to parse certificate
Unable to parse certificate
Unable to parse certificate
Unable to parse certificate
Certificate information cannot be retrieved.

Kind regards

1 Like
3

Define “my own certificate”? Where did you get the certificate?

I doubt it’s the signature algorithm, as OpenSSL on Debian 13 should certainly support SHA512 (and I would assume the Perl SSLeay module would, too, as it’s been updated recently enough and I see sha512 mentioned in the source: lib/Net/SSLeay.pm - metacpan.org).

I think this is probably just a misconfiguration or invalid cert. Is your cert in PEM format? When you look at the Current Certificate tab in Webmin’s SSL configuration page, do you see valid information? Any errors in the miniserv.error log about the cert or connection?

4

I have a full chain certificate.

The Sub CA which has been used to signed the system certificate is correct.

I’ve verified certificates and they are correct (i have two other web sites made the same way that are working corfrectly on the same computer, signed by the same authority).

5

Hi,

Hi,

After doing all check and configuration made as per your suggestions, i found out that there was something wrong between my cert and my key (when i check the sha512sum for both).

I don’t where was the problem when generating them. I’ve redo both and now it is ok.

Thanks to you for your help, as well to Joe.

Laurent