My original SSL certificate expired today but i have switched months ago to Let'sEncrypt. Now webmin/virtualmin is not working any more. The web fronten is completely broken and i get errors. ( https://i.imgur.com/eS9TxJD.png )
/var/webmin/miniserv.error
[24/Jul/2018:04:08:17 +0200] miniserv.pl started
[24/Jul/2018:04:08:17 +0200] IPv6 support enabled
[24/Jul/2018:04:08:17 +0200] Using MD5 module Digest::MD5
[24/Jul/2018:04:08:17 +0200] Using SHA512 module Crypt::SHA
[24/Jul/2018:04:08:17 +0200] PAM authentication enabled
[24/Jul/2018:04:08:18 +0200] [188.192.82.39] Document follows : This web server is running in SSL mode. Try the URL <a href='https://my.server.de:10000/'>https://my.server.de:10000/</a> instead.<br>
Temp file clearing is disabled
[24/Jul/2018:04:11:58 +0200] [188.192.82.39] Document follows : This web server is running in SSL mode. Try the URL <a href='https://my.server.de:10000/'>https://my.server.de:10000/</a> instead.<br>
sh: 1: Syntax error: ")" unexpected
sh: 1: Syntax error: ")" unexpected
Error: useradmin::list_users failed : Undefined subroutine &useradmin::passfiles_type called at /usr/share/webmin/useradmin/user-lib.pl line 114.
Error
-----
useradmin::list_users failed : Undefined subroutine &useradmin::passfiles_type called at /usr/share/webmin/useradmin/user-lib.pl line 114.
-----
/etc/webmin has the correct files from let's encrypt:
my.server.de.cert my.server.de.chain my.server.de.key
How do i fix this problem using the command line since i have no access to the frontend?
also this error is listed when i check 'service webmin status':
Jul 24 05:43:02 primary perl[9725]: pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=rootI updated the let's encrypt certificate and saved it in:
/etc/webmin /etc/usermin
It still uses the old certificate even though the miniserv.conf points to the new one. Something is seriously screwed up and i don't know what it is.
Did some more testing and it seems miniserv is not using SSL or SSL somehow broke. I have to note that all other websites i host using virtualmin/webmin still work perfectly fine with SSL. I just can't access webmin frontend any more since it is broken and unusable.
openssl s_client -connect my.server.de:10000 -state -debug
CONNECTED(00000003)SSL_connect:before/connect initialization
write to 0xf2c040 [0xf2cd90] (305 bytes => 305 (0x131))
0000 - 16 03 01 01 2c 01 00 01-28 03 03 55 9d b9 52 5d ....,...(..U..R]
0010 - c2 69 fd 4c 8f dd ff d8-71 54 45 81 48 fc 61 e2 .i.L....qTE.H.a.
0020 - c5 e0 8d de a2 d6 a9 f1-ef e3 16 00 00 aa c0 30 ...............0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a5 00 a3 00 a1 .,.(.$..........
0040 - 00 9f 00 6b 00 6a 00 69-00 68 00 39 00 38 00 37 ...k.j.i.h.9.8.7
0050 - 00 36 00 88 00 87 00 86-00 85 c0 32 c0 2e c0 2a .6.........2...*
0060 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../
0070 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a4 00 a2 00 a0 .+.'.#..........
0080 - 00 9e 00 67 00 40 00 3f-00 3e 00 33 00 32 00 31 ...g.@.?.>.3.2.1
0090 - 00 30 00 9a 00 99 00 98-00 97 00 45 00 44 00 43 .0.........E.D.C
00a0 - 00 42 c0 31 c0 2d c0 29-c0 25 c0 0e c0 04 00 9c .B.1.-.).%......
00b0 - 00 3c 00 2f 00 96 00 41-c0 11 c0 07 c0 0c c0 02 .<./...A........
00c0 - 00 05 00 04 c0 12 c0 08-00 16 00 13 00 10 00 0d ................
00d0 - c0 0d c0 03 00 0a 00 ff-01 00 00 55 00 0b 00 04 ...........U....
00e0 - 03 00 01 02 00 0a 00 1c-00 1a 00 17 00 19 00 1c ................
00f0 - 00 1b 00 18 00 1a 00 16-00 0e 00 0d 00 0b 00 0c ................
0100 - 00 09 00 0a 00 23 00 00-00 0d 00 20 00 1e 06 01 .....#..... ....
0110 - 06 02 06 03 05 01 05 02-05 03 04 01 04 02 04 03 ................
0120 - 03 01 03 02 03 03 02 01-02 02 02 03 00 0f 00 01 ................
0130 - 01 .
SSL_connect:SSLv2/v3 write client hello A
read from 0xf2c040 [0xf322f0] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e HTTP/1.
SSL_connect:error in SSLv2/v3 read server hello A
140318782740120:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1532431544
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
curl -v https://my.server.de:10000
* Rebuilt URL to: https://my.server.de:10000/* Trying 2a01:4f8:201:4252::2...
* Connected to my.server.de (2a01:4f8:201:4252::2) port 10000 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 596 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: An unexpected TLS packet was received.
* Closing connection 0
curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.
Try connecting to webmin with the IP instead of domain name. That should use the default ssl cert and allow you in at least. https://ipaddress:10000.
fixed by going directly to /webmin/edit_themes.cgi and changing to Authentic theme.