Hi, am new to Virtualmin, so still learning how it works and testing things out. However, one issue that is worrying me is the SSL Certificate "Copy to Webmin/Usermin/Postfix" feature.
Once I've copied the cert over to the services, I see the message This SSL certificate is already being used by : Webmin, Usermin, Dovecot (host example.com), Postfix - great!
However, every now and then, the certificate seems to be "uncopied" to the respective services, and I am left with just This SSL certificate is already being used by : Dovecot (host example.com) and the "Copy to ..." buttons appear underneath again.
Any ideas why this is happening?
I went to send an email earlier from my email client (Thunderbird) and the certificate was rejected, even though it was working earlier.
Another strange issue also, is that the certificate which Thunderbird complained about was issued to another vh on the server - really need to avoid that happening again before I can migrate client sites over, as wouldn't look good if they were asked to accept a certificate from another website/company!
Any help would be appreciate, thanks in advance.
Comments
Submitted by andreychek on Mon, 01/21/2019 - 09:38 Comment #1
Howdy -- thanks for contacting us!
Some services such as Postfix can only have one SSL certificate.
If a different domain on the same IP address has it's certificate copied out, that would overwrite the current one.
Could that explain what you are seeing there?
Submitted by node77 on Mon, 01/21/2019 - 09:51 Pro Licensee Comment #2
Hi, thanks for your reply. Yes that would totally explain it! I only have one IP on the server.
Does that also apply to Webmin, Usermin, and FTP?
So i'm guessing I need one main certificate for the server (e.g. vps.example.com) and use that for Postfix and any other service which can only have one certificate (please could you confirm which services).
But...
I read somewhere that having a virtual server with the same name as the hostname can cause issues, which is what I have. But how else would I get a Let's Encrypt certificate for the main hostname of the server (for use on the Virtualmin login, Postfix, etc)?
Submitted by node77 on Wed, 01/23/2019 - 07:35 Pro Licensee Comment #3
Anybody please?
Submitted by andreychek on Wed, 01/23/2019 - 09:47 Comment #4
FTP would be like that too.
A way to get an SSL Certificate for the name "vps.example.com" would be to create an alias for another domain, perhaps the "example.com" domain. Then tie in the example.com and vps.example.com domains into one cert, and copy that into your services.
Submitted by node77 on Mon, 01/28/2019 - 10:57 Pro Licensee Comment #5
Seems that having "vps.example.com" as a virtual host (which is the same as the hostname) was indeed causing issues, with certs, DKIM, SPF, all sorts. So i deleted the virtual host, set up a new one as "example.com", and created a sub-server off it for "vps.example.com", as you suggested. All seems to be great now :) Thanks.
Submitted by node77 on Mon, 01/28/2019 - 10:57 Pro Licensee Comment #6