I'm just looking for a link to RTFM here.
I had a bad thing happen after trying to run a BigBlueButton server on my webserver that's running Virtualmin. I exported the virtual servers I had on the system using the proper backup tool in Virtualmin and restored them with the same tool after rebuilding my system. Something that went wrong on the restore was the SSL for the Virtual Servers.
I just assumed that there was a way to push a button and have the Let's Encrypt re-issue the key/cert/chain/pem. I can't find any such thing. I also noticed that the Per IP Certificate information didn't restore with the virtual servers.
If I look in the Virtual Servers files I can see the old ssl.ca, ssl.cert, ssl.combined, ssl.everything, and ssl.key, but if I look in Apache only their port 80 virtual host is listed, not the port 443 one.
If I manually make a virtual host in Apache, and manually add the Pre-IP Certificate records, will I screw up Virtualmin's ability to maintain the Virtual Servers?
Comments
Submitted by andreychek on Mon, 02/19/2018 - 00:30 Comment #1
Howdy -- sorry that you're having problems with restoring the SSL functionality from a backup!
That should certainly work, and Jamie may have some more questions for you regarding what you're seeing to fix that in the future.
To get that back up and running in the meantime though, you may need to try going into Edit Virtual Server, and there, ensure that the "SSL Website" feature is enabled.
Once you do that, you should then be able to go into Server Configuration -> Manage SSL Certificates -> Let's Encrypt, and there, you can re-issue your Let's Encrypt Certificates.
If this domain should be on a different IP address, you may want to review what IP it's own to ensure that it was restored with the correct IP, as that could cause some of what you're seeing.
Thanks andreychek, this was all the advice I needed: "To get that back up and running in the meantime though, you may need to try going into Edit Virtual Server, and there, ensure that the "SSL Website" feature is enabled."
The existing SSL cert's were still good so it was a very painless solution.
To add info before Jamie checks in, I didn't list it as a bug because I'm convinced it was the BigBlueButton that caused the problems. They (bbb) DO NOT recommend installing their super cool system on a server that is doing other things. I thought I could be clever enough to get around any possible problems, but I wasn't. Things got difficult because it had so many ports needing to be open and it only runs on Nginx. I got it to run at the expense of not being able to get Apache to serve existing sites. I switched Apache to 591 instead of 80 and 4433 instead of 443, and was able to proxy over non-secure traffic to the Apache virtual hosts, but with bugs. I finally gave up, reversed the things I did and tried uninstalling the BigBlueButton system. That didn't go perfect and I was stuck with an impasse where bbb-html5 wouldn't uninstall because tomcat wouldn't restart because it wasn't there and tomcat wouldn't install, and oddly no Ubuntu updates would install either because bbb-html5 was in the queue to be installed but failed because of tomcat.
So I did what I could to back up everything, but some of the little things I tried to restore didn't go well. I tried to backup my theme and the .gz file was not a compressed file and wouldn't be read when trying to restore it. There was also something wonky about the backup's of Webmin Configuration files. I made a backup of the Webmin Configuration and Usermin Configuration in one archive and the restore wouldn't work. Can't remember the message but I think it was a corrupt archive file. It just seems that I may have corrupted the OS just enough to make that happen wrong.
Submitted by JamieCameron on Mon, 02/19/2018 - 18:02 Comment #3
Are you looking for a way to re-request all the Let's Encrypt certs? Because that could be done with a shell loop that calls the
virtualmin generate-letsencrypt-certcommand.JamieCameron, no but thanks. I just didn't know why things were restored from backup completely except for the ssl virtual hosts in apache and the records in the Per-IP Certificates. I was afraid to make something by hand that Virtualmin was automating. I didn't know the simple solution yet.
By the way, while experimenting yesterday, I noticed this in the on-screen restore messages:
.
So, I can assume my corrupted backup from the OS that I corrupted was the root cause of all my problems.