Virtualmin adds X3 CA certificate to Lets Encrypt certificates that are issued with R3 CA.
I noticed this bug on several virtualmin servers of mine.
Status:
Closed (fixed)
Virtualmin version:
6.14
Webmin version:
1.962
Virtualmin adds X3 CA certificate to Lets Encrypt certificates that are issued with R3 CA.
I noticed this bug on several virtualmin servers of mine.
Comments
Submitted by PaliGap on Tue, 12/08/2020 - 03:57 Pro Licensee Comment #1
I too had this on CentOS 7. I found I need to do 'yum install certbot' and it was fixed (after reinstalling the bad certificates)
Yes, correct. We will consider dropping acme_tiny.py script eventually. certbot is the right choice for doing a job!
Submitted by JamieCameron on Tue, 12/08/2020 - 15:31 Comment #3
Also, the next release of Webmin will use the new CA cert file for systems without acme_tiny.
The fix can be seen at https://github.com/webmin/webmin/commit/9c490d38d38c9a5ba4f16bcdbc2705aa...
Submitted by JamieCameron on Tue, 12/08/2020 - 15:31 Comment #4
Submitted by alstam on Fri, 01/22/2021 - 12:24 Pro Licensee Comment #5
Hi,
i installed certbot but i still have some issues. When i check ssl i receive
Chain issues Incomplete
Sorry for double post please delete
Submitted by alstam on Fri, 01/22/2021 - 12:16 Pro Licensee Comment #6
Hi,
i installed certbot but i still have some issues. When i check ssl i receive
Chain issues Incomplete
Submitted by JamieCameron on Fri, 01/22/2021 - 20:16 Comment #7
Note that if you have installed
certbot
, you will need to refresh the cert to get the new CA.Submitted by Gizmokid2005 on Mon, 02/22/2021 - 12:17 Comment #8
This fix was put into webmin 1.970 which was released on January 6th, but there's still no update on the virtualmin-universal repo for this. Is there a new repo we should be using or is this getting pushed soon?
We are about to release new Webmin 1.972, which will address those and other issues as well. Jamie is about to do it, as far as I am aware.
We will try to do it as soon as possible.
Sorry for inconvenience.
Submitted by jonas-2 on Thu, 02/25/2021 - 02:46 Comment #10
For those who can't (or won't) install Certbot, you can download LetsEncrypt CA file (link below) and just upload it in your Wirtualmin SSL Configuration as so: Virtualmin -> Server Configuration -> SSL Certificate -> CA Certificate
There will be no reason for doing this with upcoming Webmin 1.972+.
Submitted by jonas-2 on Thu, 02/25/2021 - 12:53 Comment #12
@Ilia Roger that! :) It's a temporary solution till your upcoming release for those who have production systems failing TLS handshakes that can't fail another minute.
Submitted by shillongserver on Wed, 04/14/2021 - 11:07 Comment #13
I'm currently on Webmin 1.973 and I'm having this issue as well. SSL checkers like sslshopper, digicert and geocerts all returned errors regarding the CA certificate.
Server Configuration > SSL Certificate > CA Certificate shows the correct path to the generated
ssl.ca
file (/home/example/ssl.ca) and when I check the folder, the file is there with the same content as https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem but I don't understand why these SSL checkers can't seem to locate the ssl.ca file.Submitted by shillongserver on Wed, 04/14/2021 - 11:11 Comment #14
Kindly ignore (and delete if required) my previous comment. It was most probably a cache issue or something. It's working fine after restarting webmin and rebooting the server.
Submitted by IssueBot on Wed, 04/28/2021 - 11:11 Comment #15
Automatically closed - issue fixed for 2 weeks with no activity.