Webmin is failing to use the LetsEncrypt SSL certificate generated from "SSL Encryption" section.

Operating system Debian Linux 9
Webmin version 1.860
Usermin version 1.720
Virtualmin version 6.01-3

Steps taken to cause problem:

  1. Verified apache configuration is correct and working.
  2. Go to webmin/edit_ssl.cgi > Let's Encrypt
  3. Verify "Copy new key and certificate to Webmin?" set to Yes. Set all other options. Successfully generate SSL certificate.
  4. Restart webmin, still using default self-signed certificate.
  5. Restarted server. No change. Verified issue exists on multiple computers (not a cache issue)

Troubleshooting performed.

  1. Check directory:
  2. root@hostname:/etc/webmin# ls -la lets*
    -rw------- 1 root root 1647 Nov  7 20:37 letsencrypt-ca.pem
    -rw------- 1 root root 2151 Nov  7 20:37 letsencrypt-cert.pem
    -rw------- 1 root root 3247 Nov  7 20:37 letsencrypt-key.pem
  3. Verified files are correct, valid and working.
  4. Go back to webmin/edit_ssl.cgi, go to SSL Settings, verified settings are correct. The settings were already filled out properly. Hit Save, get error:
  5. "Failed to save SSL options : The SSL private key file /etc/webmin/letsencrypt-key.pem does not exist or does not contain a PEM format key"
  6. run chmod 777 /etc/webmin/letsencrypt-key.pem. Error still occurs. Revert chmod.

Possible cause: pem check is incorrect and causing webmin to use default miniserv certificate.



I am seeing the same thing on 1.872

I'm still getting this on the latest version too

Even on version 1.900 ?

Hi Jamie

Sorry for late reply, have been away on leave, and only saw the email this morning.... Yes I'm currently on version 1.900

For people who are seeing the error with the file /etc/webmin/letsencrypt-key.pem , can you post the contents here?

Seeing the same problem. Webmin 1.900 on Debian 9. LetsEncrypt certificate successfully created, but Webmin fails to use it. Instead, it uses another cert that was issued on a hosted domain then copied to Webmin.

Check that Webmin isn't configured to use a different cert for requests to a specific domain or IP, at Webmin -> Webmin Configuration -> SSL Encryption -> Per-IP Keys