Virtualmin: Break sharing SSL certificates
I recently ran into some problems trying to activate
https for some virtual servers in Virtualmin. After enabling
SSL for the virtual server
foo.bar.example.com and clicking
Manage SSL Certificate I got the message
This virtual server shares its SSL certificate with baz.example.com, so it cannot be edited on this page. Use its Manage SSL Certificate page to change SSL settings.
baz.example.com has a wildcard certificate
*.example.com, I think that Virtualmin tries to be smart and wants to use the same certificate for
foo.bar.example.com, which will not work since
foo.bar.example.com is not part of
To get around this and allow separate SSL configuration for
foo.bar.example.com one need to break the link between these both virtual servers SSL configurations. To do so, first find the Virtualmin configuration for the given virtual server:
root@host:~# cd /etc/webmin/virtual-server/domains root@host:~# grep -rFx 'dom=foo.bar.example.com' . ./145382287315480:dom=foo.bar.example.com
Open the file and edit the
ssl_chain directives to point to a location individual for the virtual server. Do not use locations served by the apache webserver!
ssl_cert = /var/www/vserver/bar.example.com/domains/foo.bar.example.com/ssl.cert ssl_key = /var/www/vserver/bar.example.com/domains/foo.bar.example.com/ssl.key ssl_chain = /var/www/vserver/bar.example.com/domains/foo.bar.example.com/ssl.ca
Now delete the
ssl_same=… directive from the configuration. This will isolate the SSL configuration for this virtual server.
Save the configuration, and in Virtualmin click
Manage SSL Certificate again. You are now able to change SSL settings for the given virtual server.