Virtualmin 6.02 doesn't create SSL files for sub-domains

Turns out it was because SSL certificate sharing with the main domain. However, still the reported issue there because after disabling SSL certificate sharing it only created two files: ssl.cert, ssl.key. All other ca, bundle, everything files are missing for subdomains.

This is quite big issue. Not tog et distracted I've disabled all Let's Encrypt settings, so now we have classic Virtualmin setup with SSL certificates for new domains enabled, so it is supposed to create self-signed certificates.

Now, when you create a top level domain name, then everything works ok and it creates all the necessary files:

Now, if you create a sub-domain, then it doesn't create those files until you stop SSL certificate sharing. So if you stop and then create self-signed SSL certificate then it correctly creates all four files for sub-domain too. However, if you attempt to request Let's Encrypt certificate at this stage, then it creates only two files for the sub-domain: ssl.cert, ssl.key. So there is an issue here.

Apart from the described issue, could you please consult how I could configure not to share SSL certificate by default? I looked everywhere and could not find such a setting. Sharing SSL certificate by default causes lot's of issues as besides never-ending Let's Encrypt epopee we also use Pound proxy that has to create its own SSL-related entries, so we would like to keep things simpler. We really need to turn off that SSL certificate sharing...

Thanks!

If the top-level domain has a wildcart cert that also matches the sub-domain, it's expected that they will be shared - and SSL should work fine for both domains.

Jamie, if we leave Let's Encrypt aside, then the main domains SSL certificate should not cover all subdomains by default - there are cases when the main domain and sub-domains require separate certificates. We can not impose just one approach to all use cases. Anyway, we would like to keep them separately - so where we could set this?

Jamie, so will you finally tell us how to configure our Virtualmin not to impose the top domain SSL certificate to its subdomains? Common, that's really too restrictive, you should give some space to users!

It could be configurable for those who need the current behavior and separately for those who really need separate SSL certificates for subdomains. You simply can not say: it should be done in one particular way and make it difficult for lot's of use-cases which need the other way.

Jamie, we again are hitting pre-post installation script problem - one is too early and the other is too late. The current state makes proxy server integration so miserable...

And then what do your comments have to do with the subject matter of this issue?! Whatever the reason the problem is still there: Virtualmin (in this particular case) doesn't create SSL files for sub-domains! And it should!

Yes, Jamie, please fix and push it ASAP as the ssl files should be available regardless if SSL certificate for the main domain is shared or not. Well, maybe not necessarily when shared, however they MUST be there available as soon as sharing stops. Otherwise, it is breaking proxy server configs.

It does not, Jamie! Please run some tests. When you click that "Stop sharing" button and look in the directory, then you will find only two files. Please take error reports for serious, Jamie, as we use time in vain when you don't bother even trying to replicate the issue. It is there, believe, me.