webmin icon indicating copy to clipboard operation
webmin copied to clipboard
verified publisher icon webmin

Setting SSL Encryption results in PEM format error

Open MHeuvel opened this issue 8 years ago • 7 comments

Error message: Failed to save SSL options : The SSL private key file /etc/webmin/miniserv.pem does not exist or does not contain a PEM format key

Reproduction: Clean install, open SSL Encryption and click "Save" without any changes.

Workaround: Editing miniserv.conf directly.

MHeuvel avatar Oct 12 '17 11:10 MHeuvel

@MHeuvel & @jcameron: I think this was introduced in commit f52cb3a, where I have a more detailed comment.

Fix: remove the extra space character from webmin/webmin-lib.pl line 1037, so that it reads: ...)?PRIVATE KEY... instead of ...)? PRIVATE KEY...

chrispolley avatar Nov 01 '17 20:11 chrispolley

Thanks Chris! The next webmin release will include a fix for this ..

jcameron avatar Nov 01 '17 22:11 jcameron

This is still broken. Just tried in a new installation and even in the interface it verifies and show in "Current certificate", webmin keeps serving the self-signed. Any workaround or fix?

RixzZ avatar Apr 10 '18 03:04 RixzZ

Ruben,

As a workaround, I have edited the /etc/webmin/miniserv.conf file to have entries similar to:

keyfile=/path/to/ssl_key.key certfile=/path/to/ssl_certificate.cer extracas=/path/to/ca_certificate.cer

You need to reload webmin to put the new certificates into effect.

On Mon, Apr 9, 2018 at 10:06 PM, Rubén Pérez [email protected] wrote:

This is still broken. Just tried in a new installation and even in the interface it verifies and show in "Current certificate", webmin keeps serving the self-signed. Any workaround or fix?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/webmin/webmin/issues/653#issuecomment-379959368, or mute the thread https://github.com/notifications/unsubscribe-auth/AHM_jLqfPDEk8G_kJ9LLmONPNXQmZG00ks5tnCHCgaJpZM4P21mo .

chrispolley avatar Apr 10 '18 15:04 chrispolley

@chrispolley @RixzZ It's probably a bug the fact that webmin doesn't seem to install the valid letsencrypt TLS cert to its own web server miniserv.pl in miniserv.conf. Self signed certs should no longer be the default when you have valid secure letsencrypt certs available at no cost.

chris001 avatar Apr 10 '18 20:04 chris001

Thanks for both your replies. I finally figure out a 'good' way while this fails.

In my case I have Virtualmin too, with a Virtual Server using the hostname. I generated the Let's Encrypt certificate from the Manage Certificates virtual server section. That created the proper files in the home folder of the virtual server.

Then I just had to specify those files from the Webmin SSL certificates section.

Seems like the files that are generated in /etc/webmin/ by the Webmin SSL section are not working, but if you generate the LE certificate from Virtualmin it just works.

RixzZ avatar Apr 10 '18 20:04 RixzZ

Ruben,

As a workaround, I have edited the /etc/webmin/miniserv.conf file to have entries similar to:

keyfile=/path/to/ssl_key.key For letsencrypt it is privkey.pem then certfile=/path/to/ssl_certificate.cer and this is cert.pem extracas=/path/to/ca_certificate.cer and this is chain.pem

pls correct me if i'm wrong, but for me it works.

Pit

Bedenk avatar Feb 06 '25 09:02 Bedenk