Hi and our first issue report in 2017.
Requesting Let's Encrypt certificate on a CentOS 6.x Virtualmin system is giving:
An unexpected error occurred:
The request message was malformed :: CSR generated using a pre-1.0.2 OpenSSL with a client that doesn't properly specify the CSR version. See https://community.letsencrypt.org/t/openssl-bug-information/19591
Please see the logfiles in /var/log/letsencrypt for more details.
Searching Virtualmin.com gives this relevant discussion https://www.virtualmin.com/node/44321 where Jamie skeptically suggests:
You may have to upgrade OpenSSL manually, by downloading and compiling it from the source. If Let's Encrypt doesn't accept certs from older versions, there isn't much Virtualmin can do :-(
However, unlike Ivan2 in that case we never installed any letsencrypt-related software other than comes from Virtualmin itself, because we always comply with *min official repositories and because that's what Eric recommends in another discussion on https://www.virtualmin.com/node/41607:
You probably want to use our built-in letsencrypt client (which is a minimal client written in Python; I think Jamie settled on using ACME Tiny, but it might be another one), rather than the one provided by Debian or something downloaded. Every client has different command line options and usage, so Virtualmin wouldn't know about any clients other than its own built-in one or the offical ACME client distributed by the Let's Encrypt folks.
The problem is that what Eric said contradicts with what Jamie suggests, so I wonder what is the optimal solution here? Should we follow Jamie's recommendation and upgrade OpenSSL by compiling manually? OR there is another way that would be "officially" proposed by *min team to address this issue principally?