I think I have royally screwed something up. After fiddling with letsencrypt, doing it through certbot CLI, I managed to have my sites working properly with https.
I started seeing how confusing this started getting because letsencrypt uses a different directory to store the certs, virtualmin puts them somewhere and dovecot puts them somewhere etc., urgh
I do not recall doing any edits out of the ordinary but I'm sure I touched something. A couple of days later dovecot started complaining (I could not get mail) with error:
imap-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY
I was mobile that day and never even touched the server. So I started troubleshooting, I even tried under Manage SSL Certificates and Copy to Dovecot. This made things worse with error: imap-login: Fatal: Can't load private ssl_key: Key is for a different cert than ssl_cert
Now I could not even check email with roundcube and dovecot was not responding when trying to restart. I rebooted the server and now I cannot access virtualmin from my primary domain, getting error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH I can access it from some other domains, but not all of them. several domains give the browser error above but other domains I can get in to virtualmin.
I don't even know where to start anymore...
Can I just regenerate the ssl for virtualmin? I also wanted to do this for the dovecot self-signed certificates...
So I have managed to fix the dovecot problem by generating new cert and key to /etc/pki/dovecot/certs which /etc/dovecot/conf.d/10-ssl.conf is looking. My problem was /etc/dovecot/dovecot.conf had for a couple of my domains: !include_try local.conf local_name domain.ca { ssl_cert = </home/domain/ssl.cert ssl_key = </home/domain/ssl.key } local_name www.domain.ca { ssl_cert = </home/domain/ssl.cert ssl_key = </home/domain/ssl.key }
This was being read after the 10-ssl.conf, which my primary domain had bad *.cert and *.key. I managed to use virtualmin and generate new *.cert and *.key for my prime domain, which added stuff to httpd.conf that I had to change back to letsencrypt path.
Once I fixed all that I still get the error when trying to browse to https://domain.ca:10000/ = ERR_SSL_VERSION_OR_CIPHER_MISMATCH. Again I can still access virtualmin from another domain on the same server but not all domains work. Any idea what I am missing to have this work for my prime domain?