37 package updates are available, of which 5 are security updates
These are the buttons in Virtualmin --> Server Configuration --> SSL Certificate --> Current Certificate. But why do I have them?
When I install an SSL certificate I expect it to be added wherever needed so I am struggling to see why I need to use these buttons to manually add them into services or is there another use?
Some services require a cert to work. This is determined by the developers, OS and packagers. Defaults get installed by the OS in this case. Generally these generic options are a bad idea for public facing services. If you get another cert, like Let’s Encrypt, you are given the option to use it instead.
At least that’s what I think is happening. If you used the server internally then you could just keep the defaults.
does the text next to the uttons not make sense ?
The top button will add the current certificate to your servers services that require a certificate and are sni enabled.
the lower button sets the current certificate as a default (when a domain does not have a certificate but you have set the services to require one)
That said the these buttons allow you to add a cert that is not generated by letsencrypt and has been added manually. Since letsencrypt integration into the virtualmin module, it’s something I have not used as using letsencrypt justs adds the certificate to services that require it. However it’s so long since I used these buttons that is how I remember their usage
Again, the OS installs some certs, or not. Use of Virtualmin does not assume it isn’t serving a private LAN. At least some of us don’t want the software making choices for us. What makes sense in YOUR use case may not work for others.
Er, actually, it might still be needed for one or two services, I don’t remember.
What it does is makes the domain you’re copying from the “default” for services that either can’t use SNI or for which Virtualmin doesn’t yet configure SNI. I don’t remember exactly which one(s) meet that description.
It will not be used for any service where it doesn’t have to be (the service will use the certificate that matches the domain you’re connecting with). I know Dovecot, Webmin, and Usermin will all use the domain cert from the client request. I don’t know about Postfix or ProFTPd with confidence.
Just select the domain you consider your “default” and use that one. You don’t have to use this, you can configure some other name, if you want to. This is just to make it easier for folks uncomfortable with configuring TLS and such.
Copy SSL Certificate to Services - Install this certificate on this Virtual Server for use by the attached services on this domain, such as email and websites. If Let’s Encrypt is enabled, Virtualmin will automatically install the certificate for you.
Set as Default Services Certificate - Install this certificate as the Virtualmin Server Default SSL certificate.
These are the buttons where I have a Let’s Encrypt certificate installed and one of the descriptions is different and make more sense. Maybe the description needs updating a little.
