If end-users accidentally or intentionally delete SSL certificate files in the file structure without prior disabling SSL certificate feature through Virtualmin's UI, then it will always give the Problems with SSL "certificate authority file is not valid" after updating
error message as discussed onhttps://www.virtualmin.com/node/54897. And you can't re-enable SSL certificate unless manually go to /etc/webmin/virtual-server/domains/$domain_id file and clean up the SSL certificate-related entries.
And it's not easy to troubleshoot this for non-experienced Virtualmin user. So I believe Virtualmin could automatize the cleaning up process on, for example, check configuration. But ideally this kind of fixes should be offered with additional "Fix found issues" button after Domain Validation process.
Comments
Submitted by JamieCameron on Thu, 04/19/2018 - 19:50 Comment #1
So did the domain in question still have SSL enabled, but just wasn't using a custom CA file? Or was SSL completely disabled?
Submitted by yngens on Mon, 04/23/2018 - 20:04 Comment #2
Jamie, as explained the user deleted SSL-related files without disabling SSL certficiate in Virtualmin's UI. Quickly running a small test won't hurt as you will see what I mean.
Submitted by JamieCameron on Mon, 04/23/2018 - 22:32 Comment #3
Long term we have a plan to fix this by moving the SSL cert files outside the domain's home dir. Deleting them will probably also crash Apache by preventing it from restarting! Just removing the entries from the domain file seems wrong to me, as it would prevent Virtualmin from detecting that anything is wrong.
Submitted by yngens on Tue, 04/24/2018 - 17:02 Comment #4
Whatever you do the implementation should be fool-proof as the end-users can delete the actual SSL-certificate files any time ignoring Virtualmin settings for them and then the whole system stalls. And as this issue can easily run onto this should be done not in long term, but as soon as possible, please.
Submitted by JamieCameron on Tue, 04/24/2018 - 21:28 Comment #5
My plan is to move them to a directory that users can't directly edit.