Preview website does not work with SSL enabled

I was in the process of migrating a bunch of virtual servers across hosts and while testing I came across an issue which might be a bug (maybe a configuration issue on my side - if so please chnage to support request and advise correct steps).

Steps to reproduce:

Create any virtual server with SSL enabled (Ensure default http --> https redirect exists) Services --> Preview website

https://host.domain.tld:10000/virtual-server/link.cgi/81.xx.xx.96/https:...

Result: Bad request: Your browser sent a request that this server could not understand.

Tested on a brand new install of Virtualmin, domains tested are working correctly and tested with new created server with no dns working.

Status: 
Closed (fixed)

Comments

unborn's picture
Submitted by unborn on Tue, 04/25/2017 - 11:00 Pro Licensee

@h4ns3n

hi, let me check that for you :)

unborn's picture
Submitted by unborn on Tue, 04/25/2017 - 11:17 Pro Licensee

@h4ns3n

  • sorry but it does works for me.. im latest on virtgualmin, webmin and on debian jessie os..you can use lets encrypt for free ssl for your server.....

any thoughts?

I'm using Let's Encrypt.

I have this issue on a Debian 8 and a CentOS host.

Thanks, we'll look deeper into this.

I can confirm this on a Debian 8 system

Can you post what gets logged to /var/log/virtualmin/yourdomain.com_error_log on the server? I'd like to see where that "Your browser sent a request that this server could not understand" message is coming from.

On my CentOS box an error is logged for a site that has SSL enabled. For a site that does not have SSL enabled I can preview that particular website.
The error logged for the SSL enabled site is:
[Fri Apr 28 01:06:04.262565 2017] [ssl:error] [pid 11259] AH02032: Hostname 67.xxx.xxx.xx provided via SNI and hostname www.mydomain.org provided via HTTP are different

On my Debian 8 box I cannot preview any website, whether SSL is enabled or not. Also, there is nothing logged in the error report.

I think I might know the cause... do you have redirection from the non-SSL to SSL website setup?

I can't remember enabling anything for a virtual domain after requesting a Letsencrypt certificate. If I enter the domain name in the address bar it goes directly to https

Where could I look to establish if redirection from the non-SSL to SSL is setup, to answer your question?

Yes, I can confirm that there is a redirect. Although it's not a redirect created by any admin, it's seemingly created when SSL is enabled.

The redirect is created as follows:

Source url path: ^/(?!.well-known) URL at other website; https://domain.com/$1

You can see the redirect on the screenshot here: https://www.evernote.com/l/APME8gBQ0fVBTo_Xf_vv9Me1eKoZziXOfQQ

Removing that redirect has worked in some cases, but in other cases not. I'm not sure why it doesn't work consistently.

Ok, this will be fixed in the next Webmin release (1.840).

Status: Active » Fixed
Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

On Webmin 1.840. I still cannot preview websites with a letsencrypt certificate on CentOS. Ones with an SSL certificate show the same error in the domian's Apache error log:
[Sat May 13 23:05:14.557602 2017] [ssl:error] [pid 30010] AH02032: Hostname 67.xxx.xxx.xx provided via SNI and hostname www.mydomain.org provided via HTTP are different
I can preview domains without an SSL certificate.

On Debian 8 all websites cannot be previewed, those with an SSL cerificate or not, but again as mentioned earlier, there is no error that comes up in the logs.

Can anyone else confirm this please?

I'm using ubuntu 14.04, just updated to version 1.840. I also cannot preview my http website. It says:

Bad Request
Your browser sent a request that this server could not understand.

Nothing is found in the error log for the domain I want to preview.

I found this issue to have a few variations to it when it manifests itself.

  1. The problem was always consistent whenever I transferred a server from an old VPS to a new one. No matter what configuration the destination VPS was in, preview website would not work regardless of SSL or no SSL. I thought this was the extent of the problem I had reported, but I have found subsequently that there is more to it than just this.

  2. Creating a virtual server directly on the new VPS with SSL enabled: When I use preview, then the site shown is always the http version. If there is a default redirect, then I will get the error reported in the above post ("browser cannot understand blah blah"). If there is no automatic redirect to SSL, then the http version shows without an error.

To clarify the above:

https://myhostserver.com:10000/virtual-server/link.cgi/12.34.56.78/https://myclientsite.com/?1494747056
The above does not work. I get the same browser error

https://myhostserver.com:10000/virtual-server/link.cgi/12.34.56.78/http://myotherclientsite.com/?1494747250
The above does work.

Both clients sites are setup exactly the same. Lets Encrypt SSL exists on both. However the first one contains a default redirect (not setup in website redirects, it must be setup in .htaccess but have not confirmed. it is not possible to load the page with http:// The second does not redirect automatically, it is possible to load the page with http://.

I would suggest others experiencing this issue test along these same cases to see f the problem persists, or if mine is merely a configuration issue that only I am experiencing.

In my case, the problem happens on both new and existing domains, which worked fine before the upgrade. I don't have https site, only http

unborn's picture
Submitted by unborn on Sun, 05/14/2017 - 09:21 Pro Licensee

backlog report

  • hi guys I've just updated my debian jessie today, cleared my cache in all browsers (google chrome, ff latest on debian desktop gnome) and it all works without single issue... any domain...

EDIT : official linux chromium package is included... it all worked just fine.

Interesting .. did that but it didn't work for me :)

I'm running Centos 7 and mine was initially also tested on a brand new install.

If anyone is seeing this issue and could grant Virtualmin staff access to a system that is experiencing it, please let me know.

I'm willing to give access.

Not a problem Jamie on both servers, CentOS and Debian 8. All of you already have login rights, I'd just have to let you know the addresses and port numbers

@cyrus - I have patched your system to fix this, and will include the same fix in the next Webmin release.

The trigger is cases where non-SSL requests are redirected to SSL.

Are you able to share the patch until the new version of virtualmin comes out? I am running a vps with a fresh install of Deb 8 64 uptodate & webmin 1.8.40 . Restored a virtual server which has an http site and when previewing the site get error:

Bad Request Your browser sent a request that this server could not understand.

(https://ip.ip.ip.ip:10000/virtual-server/link.cgi/127.0.0.2/http://www.d...)

Thanks.

sorry to bring this up again but I made those changes on my Debian server at /usr/share/webmin/virtual-server/link.cgi and it didn't work for me. Restarted webmin, cleared my browser cache, didn't see any pertaining entries in the error log ...

Yes same for me. Updated file, rebooted, cleared browser cache with same result "Bad Request - Your browser sent a request that this server could not understand."

For those still seeing the error - what message are you getting in the domain's error_log file under /var/log/virtualmin ?

Log file is empty in most. One domain however shows :

[Sun May 28 06:25:51.100223 2017] [ssl:warn] [pid 10430] AH01906: domain.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 28 06:25:51.100252 2017] [ssl:warn] [pid 10430] AH01909: domain.com:443:0 server certificate does NOT include an ID which matches the server name

The domain log file is empty for me.

@postlounge - how about the access_log file - does anything get logged when you try the Preview link?

Hi Jamie

Both file empty, access_log & error_log.

If the log file for that domain is empty, that suggests that the requests are being answered by a different domain.

Are you able to determine from the logs in /var/log/virtualmin which domain is receiving the requests?

This is only a test vps for now so one domain setup. One set of logs in the /var/log/virtualmin folder, both empty.

What about the access_log located in /var/log/httpd/ or /var/log/apache2/, does it contain anything?

Access log shows:

127.0.0.2 - - [30/May/2017:13:41:47 +1200] "GET / HTTP/1.0" 400 0 "-" "-"

Hello,

I have 3 different VPS with Webmin/Virtualmin (Debian 7).

On 2 of them i have a 400 error "Bad request" when i want to use "Preview Website" in Services.

VPS 1 : Webmin 1.830 / Virtualmin 5.05.gpl : OK

VPS 2 : Webmin 1.831 / Virtualmin 5.07.gpl : KO - error 400

VPS 3 : Webmin 1.840 / Virtualmin 5.07.gpl : KO - error 400

Furthermore, on the VPS 2 i have a website with Revive Ads Server and the redirection of the banners didn't work anymore.

Do you know if this is a problem with 5.07 version or a different configuration ? What can i do or where can i go to see/solve the problem ?

Thanks in advance for your help. Gil

Thanks for your reply. Is it possible to upgrade with webmin UI ?

No, it's easier to do on the command line. Which linux distribution are you running there?

The simplest way to upgrade is just to run dpkg --install http://download.webmin.com/devel/deb/webmin_1.844_all.deb

"dpk g --install http://download.webmin.com/devel/deb/webmin_1.844_all.deb" didn't work for me, I got error: "dpkg: error processing archive http://download.webmin.com/devel/deb/webmin_1.844_all.deb (--install): cannot access archive: No such file or directory"

So I did: wget wget http://download.webmin.com/devel/deb/webmin_1.844_all.deb & dpkg --install webmin_1.844_all.deb

This installed 1.844. Logged in to virtualmin and confirmed running webmin 1.844.

Same error "Bad Request Your browser sent a request that this server could not understand."

Logs for domain empty. Apached logs show: 127.0.0.2 - - [03/Jun/2017:14:14:22 +1200] "GET / HTTP/1.0" 400 0 "-" "-" 127.0.0.2 - - [03/Jun/2017:14:14:25 +1200] "GET / HTTP/1.0" 400 0 "-" "-"

As Badidon found Webmin 1.830 / Virtualmin 5.05.gpl does work OK is it possible to give a download link and install for that version or can you not downgrade via terminal?

If not, I am happy to start from scratch with my beta vps and reinstall a working vs of virtualmin. Can you install a specific vs?

Also, we just released Virtualmin 5.99 - can you upgrade to that?

Process to upgrade? Virtualmin ui does not show upgrade available for 5.07.

Ok Followed install instructions from http://www.webmin.com/vdownload.html and got this error:

Downloading http://download.webmin.com/download/virtualmin/webmin-virtual-server_5.9... (1.84 MB) .. Received 1024 bytes (0 %) Received 189 kB (10 %) Received 377 kB (20 %) Received 565 kB (30 %) Received 753 kB (40 %) Received 941 kB (50 %) Received 1.10 MB (60 %) Received 1.29 MB (70 %) Received 1.47 MB (80 %) Received 1.65 MB (90 %) Received 1.84 MB (100 %) .. download complete. Failed to install module from http://download.webmin.com/download/virtualmin/webmin-virtual-server_5.9... : Not a valid module file : tar: This does not look like a tar archive tar: Skipping to next header tar: Exiting with failure status due to previous errors

You'd be better off waiting approx 24 hours until the upgrade appears on the System Information page.

Hello,

I have updated the VPS 2 & 3 in Webmin 1.844 and i still have the same trouble. I am waiting for available upgrade to Virtualmin 5.99

Does this probleme could impact the ReviveAds Server delevery on a website or is it something else ?

Thanks Gil

The trigger for this is typically just having a website that redirects from http to https.

Hi Jamie

Non of the websites I have hosted redirect to https.

I notice this article has been marked "fixed/closed" but the problem is still there????

If you're seeing a 400 error from a http website, check the log file at /var/log/virtualmin/domain.co.nz_error_log

access & error logs empty for domain.

I have updated my VPS 3 in 5.99.gpl, rebooted, et cleared browser cache and it's still Bad Request in FF and Chrome...

Does this website work without using the Preview feature?

@JamieCameron - You had fixed this issue for me on my CentOS server but my Debian server preview website feature didn't work after applying your patch.

I have now moved my sites from the CentOS server to the Debian one. Can confirm that the websites work but unfortunately can't give you any further information as surprisingly there isn't any entry in the error logs for specific virtual domains. Not a big deal, but the feature is definitely not working. Running all latest versions to date.

I can't absolutely confirm the website works on this server as the dns is set for the main server and I don't want to change it for testing purposes. However it is a backup/ restore using virtualmin of a working website hosted on an earlier version of Virtualmin and Debian and preview does work on that server.

As others have commented about this problem too it seems to be a bug but am happy to try and fault find for you with any new tests and or code you can suggest.

Would it be possible to get remote access to this system to see what's going wrong?

Yes can do that. Ssh? PM me.

@ JamieCameron Yes the website works without preview. I have also disabled "Apache SSL website enabled?" off virtual server.

As the OP on the thread, I just want to confirm that the issue is resolved for me. All sites whether SSL enabled or not are working using the preview feature.

Thanks to all for the fix.

Sadly the issue is not resolved for me. Jamie spent some time looking at my vps and cannot find the issue so preview does not seem to be an option. Thanks for your time Jamie.

My fresh installation of virtualmin on ubuntu 16.04 also have the same problem. It cannot preview both ssl and regular websites: "Your browser sent a request that this server could not understand"

Hope this issue will be fixed in a near future.

Thanks!

unborn's picture
Submitted by unborn on Sun, 07/02/2017 - 10:46 Pro Licensee

my 2 cents to this - sadly after update today, it does not work for me as well.. debian jessie latest... edit: perhaps you should and would edit your hosts file.

I just ran a full update and the preview website is no long working and returning a 400 Bad Request for all my sites on the server.

Operating system: Ubuntu Linux 16.04.2 Webmin version: 1.850 Usermin version: 1.720 Virtualmin version: 5.99

https://104.#.#.#:10000/virtual-server/link.cgi/104.#.#.#/http://www.example.org/

There is no errors reported in any of the /var/log files or in /var/log/virtualmin.

This bug report is closed. I'm wondering if another one needs to be opened for this issue that still seems to be occuring?

Thanks, David

i can confirm i have the same issue and the install on ubuntu 16.04 lts new install persists, i checked the link.cgi script and it was the new version as above.

just ran into this issue and the one line patch from jamie on 7/24 does indeed fix things.

Could you post the location of link.cgi thanks.

PS - OK that was a stupid question, a simple search found it. Thanks for the fix Jason. usr/share/webmin/virtual-server/link.cgi