Virtualmin: Break sharing SSL certificates
I recently ran into some problems trying to activate https
for some virtual servers in Virtualmin. After enabling SSL
for the virtual server foo.bar.example.com
and clicking Manage SSL Certificate
I got the message
This virtual server shares its SSL certificate with baz.example.com, so it cannot be edited on this page. Use its Manage SSL Certificate page to change SSL settings.
Since baz.example.com
has a wildcard certificate *.example.com
, I think that Virtualmin tries to be smart and wants to use the same certificate for foo.bar.example.com
, which will not work since foo.bar.example.com
is not part of *.example.com
.
To get around this and allow separate SSL configuration for foo.bar.example.com
one need to break the link between these both virtual servers SSL configurations. To do so, first find the Virtualmin configuration for the given virtual server:
root@host:~# cd /etc/webmin/virtual-server/domains root@host:~# grep -rFx 'dom=foo.bar.example.com' . ./145382287315480:dom=foo.bar.example.com
Open the file and edit the ssl_cert
, ssl_key
and ssl_chain
directives to point to a location individual for the virtual server. Do not use locations served by the apache webserver!
- /etc/webmin/virtual-server/domains/145382287315480
ssl_cert = /var/www/vserver/bar.example.com/domains/foo.bar.example.com/ssl.cert ssl_key = /var/www/vserver/bar.example.com/domains/foo.bar.example.com/ssl.key ssl_chain = /var/www/vserver/bar.example.com/domains/foo.bar.example.com/ssl.ca
Now delete the ssl_same=…
directive from the configuration. This will isolate the SSL configuration for this virtual server.
Save the configuration, and in Virtualmin click Manage SSL Certificate
again. You are now able to change SSL settings for the given virtual server.