Cannot install Virtualmin - software.virtualmin.com’ is not trusted.

pixel_paul's picture
Submitted by pixel_paul on Sat, 01/09/2021 - 15:11 Pro Licensee

It is currently not possible to install Virtualmin due to a certificate error:

sh install.sh
ERROR: The certificate of ‘software.virtualmin.com’ is not trusted.
ERROR: The certificate of ‘software.virtualmin.com’ hasn't got a known issuer.
chmod: cannot access 'slib.sh': No such file or directory
install.sh: line 297: ./slib.sh: No such file or directory
Status: 
Closed (fixed)
Virtualmin version: 
-
Webmin version: 
1.970

Comments

jimr's picture
Submitted by jimr on Sun, 01/10/2021 - 00:47 Pro Licensee

same here

Hit:1 http://gb.archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://archive.canonical.com/ubuntu focal InRelease                                                                      
Get:3 http://gb.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]                                                     
Get:4 http://gb.archive.ubuntu.com/ubuntu focal-security InRelease [109 kB]                                   
Get:5 http://security.ubuntu.com/ubuntu focal-security InRelease [109 kB]                                     
Ign:6 http://download.webmin.com/download/repository sarge InRelease                    
Ign:7 https://software.virtualmin.com/vm/6/apt virtualmin-focal InRelease                                       
Ign:8 https://software.virtualmin.com/vm/6/apt virtualmin-universal InRelease                                   
Err:9 https://software.virtualmin.com/vm/6/apt virtualmin-focal Release          
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 163.172.162.254 443]
Err:10 https://software.virtualmin.com/vm/6/apt virtualmin-universal Release     
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 163.172.162.254 443]
Hit:11 http://download.webmin.com/download/repository sarge Release
Get:12 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [747 kB]
Get:13 http://gb.archive.ubuntu.com/ubuntu focal-updates/main i386 Packages [403 kB]
Get:14 http://gb.archive.ubuntu.com/ubuntu focal-updates/restricted i386 Packages [16.3 kB]
Get:15 http://gb.archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [126 kB]
Get:16 http://gb.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [723 kB]
Reading package lists... Done                              
E: The repository 'https://software.virtualmin.com/vm/6/apt virtualmin-focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://software.virtualmin.com/vm/6/apt virtualmin-universal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

pixel_paul's picture
Submitted by pixel_paul on Sun, 01/10/2021 - 01:08 Pro Licensee

Yes, I did check using a Web browser and it appears valid.

My issue is happening via the cli.

Submitted by JamieCameron on Sun, 01/10/2021 - 02:09

Which Debian or Ubuntu version are you running there?

pixel_paul's picture
Submitted by pixel_paul on Sun, 01/10/2021 - 02:44 Pro Licensee

I'm using Centos 8.

Ilia's picture
Submitted by Ilia on Sun, 01/10/2021 - 02:47

It looks that you haven't installed and/or upgraded ca-certificates package.

Try:

apt-get install --reinstall ca-certificates

Submitted by amjad9633 on Sun, 01/10/2021 - 03:40

I have the same problem and get this message

ERROR: cannot verify software.virtualmin.com's certificate, issued by ‘/C=US/O To connect to software.virtualmin.com insecurely, use `--no-check-certificate'. chmod: cannot access ‘slib.sh’: No such file or directory install.sh: line 297: ./slib.sh: No such file or directory

pixel_paul's picture
Submitted by pixel_paul on Sun, 01/10/2021 - 04:19 Pro Licensee

In my case, I am using the Cloudmin image for CentOS 8. I then ran:

dnf update

Then tried to install Virtualmin and got my original error.

Just to make sure that ca-certificates is installed:

dnf install ca-certificates
Last metadata expiration check: 0:53:29 ago on Sun 10 Jan 2021 09:20:17 GMT.
Package ca-certificates-2020.2.41-80.0.el8_2.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!

dnf info ca-certificates
Last metadata expiration check: 0:58:29 ago on Sun 10 Jan 2021 09:20:17 GMT.
Installed Packages
Name         : ca-certificates
Version      : 2020.2.41
Release      : 80.0.el8_2
Architecture : noarch
Size         : 927 k
Source       : ca-certificates-2020.2.41-80.0.el8_2.src.rpm
Repository   : @System
From repo    : BaseOS
Summary      : The Mozilla CA root certificate bundle
URL          : https://fedoraproject.org/wiki/CA-Certificates
License      : Public Domain
Description  : This package contains the set of CA certificates chosen by the
             : Mozilla Foundation for use with the Internet PKI.

Submitted by amjad9633 on Sun, 01/10/2021 - 04:34

It seems like a general problem!

pixel_paul's picture
Submitted by pixel_paul on Sun, 01/10/2021 - 04:41 Pro Licensee

I'm getting this on two machines in different locations.

# openssl s_client -connect software.virtualmin.com:443

CONNECTED(00000003)
depth=0 CN = software2.virtualmin.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = software2.virtualmin.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:CN = software2.virtualmin.com
   i:C = US, O = Let's Encrypt, CN = R3
---
Server certificate
-----BEGIN CERTIFICATE-----
<!-- -->
-----END CERTIFICATE-----
subject=CN = software2.virtualmin.com

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2069 bytes and written 447 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: C028FDD610C185D79F6F0462CAF61354040294FBAFE4B347D098290CE64DAF6C
    Session-ID-ctx:
    Master-Key: 24500F93730DE183964B361B19F380F7F66D4233DB76E491E00F243DBEA53E3A36C720A53BBADFA026A350B618012DE0
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
   <!-- -->

    Start Time: 1610274551
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
---
read:errno=0

Ilia's picture
Submitted by Ilia on Sun, 01/10/2021 - 04:50

Assigned: Unassigned »

Just to make sure that ca-certificates is installed:

Okay, I have taken a closer look and indeed our certificates are not well based on the output of:

openssl s_client -showcerts -servername software.virtualmin.com -connect software.virtualmin.com:443

Output:

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2085 bytes and written 444 bytes
Verification error: unable to verify the first certificate

I will assign this to Joe to have a look.

pixel_paul's picture
Submitted by pixel_paul on Sun, 01/10/2021 - 04:58 Pro Licensee

Thank you Ilia.

Submitted by amjad9633 on Sun, 01/10/2021 - 08:43

do you have any ETA on this? Thank you!

Ilia's picture
Submitted by Ilia on Sun, 01/10/2021 - 11:49

This was fixed. Thanks for the heads up.

pixel_paul's picture
Submitted by pixel_paul on Sun, 01/10/2021 - 13:26 Pro Licensee

Thanks for resolving this - on a Sunday too!

Paul

Submitted by IssueBot on Sun, 01/24/2021 - 13:30

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.