Why am I getting "Service monitor : SSL cert abcd.com uninstalled on my.server.com"

rexdog1 · February 21, 2025, 4:35pm

SYSTEM INFORMATION
Ubuntu Linux 20.04.6
7.10.0 Pro

Why am I getting these notification emails several times a week across all the websites on my Virtualmin server? I understand this is the Service Monitor sending these emails, but why would the SSL certs fail the check?

Monitor on my.server.com for ‘SSL cert abcd.com’ has detected that the service is uninstalled at 02/20/2025 09:25 PM
Current status: Web server is down

Then 5 mins later:

Monitor on my.server.com for ‘SSL cert abcd.com’ has detected that the service has gone back up at 02/20/2025 09:30 PM
Current status: Up - 89 days until expiry

ID10T · February 21, 2025, 4:41pm

Well, you have a time stamp. I’d check the logs and see what is going on at that time. Web server down sounds kinda strange.

jimr1 · February 21, 2025, 4:58pm

I would think that this relates to the ssl certificate rather than the web server, it sort of indicates that the ssl certificate took a while to renew, but tbf it may depend on how the OP is checking the current certificate is installed

ID10T · February 21, 2025, 5:03pm

I was going to suggest checking the renewal interval but they say it happens across all domains regularly.

Edit: or the error message is erroneous.

jimr1 · February 21, 2025, 5:09pm

So you use system monitors ? If you do, you will know this webmin module can be a bit difficult to achieve the data you want that said when set up correctly it is first class

rexdog1 · February 21, 2025, 5:11pm

This is happening on sites that have been around a while, and also on newly created ones. So the ssl certs shouldn’t be renewing on the new ones.

The check is from the “Webmin/Tools/System and Server Status” entries that get automatically created when you “create a virtual server”. For each virtual server it creates:

SSL cert www.abcd.com
Website abcd.com (SSL)
Website www.abcd.com

rexdog1 · February 21, 2025, 5:13pm

I just got another one actually:

Monitor on my.server.com for ‘SSL cert www.abcd.com’ has detected that the service is uninstalled at 02/21/2025 08:40 AM Current status: Web server is down

Which would be the best log to view for this?

jimr1 · February 21, 2025, 5:15pm

I would remove those items from the system monitors module and reinstate them if you wish, I did some feed back to this module in the past but it went nearly unheard

rexdog1 · February 21, 2025, 5:49pm

I’ve looked in every log file I can find… and I am not seeing anything with a corresponding timestamp.

I see this, but its not the near the timestamp of the notices im getting… So not sure this is related:

[Fri Feb 21 08:52:47.876709 2025] [ssl:error] [pid 279101:tid 139968320059136] [client 167.94.146.62:34418] AH02032: Hostname abcd.com provided via SNI and hostname xxx.xxx.xx.xx provided via HTTP have no compatible SSL setup

Seems to me to be a malicious attempt as that IP is listed on many blocklists…