Getting an cert error when accessing my site via specific port

My domain is: server.eyethrees.net

I ran this command: (browse to server.eyethrees.net:20000)

It produced this output: ERR_CERT_DATE_INVALID

My web server is (include version): Apache 2.4.6

The operating system my web server runs on is (include version): CentOS 7.8

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.7.0

going to http://server.eyethrees.net or the webmin control panel at port 10000 produces a secure lock browser icon... going to port 20000 the webmail (usermin) access produces the warning page and the invalid cert date

i think adding proxypass and proxypassreverse lines to my httpd.conf was what allowed the port 10000 to work securely... is it possible to do the same for the port 20000?

here's the httpd.conf lines for my vhost

<VirtualHost *:80>
 ServerName server.eyethrees.net
 DocumentRoot "/var/www/html/server.eyethrees.net"
 <Directory "/var/www/html/server.eyethrees.net">
  allow from all
  Options None
  Require all granted
 </Directory>
 RewriteEngine On
 RewriteCond %{HTTP_HOST} ^www\.server.eyethrees\.net$ [NC]
 RewriteRule ^(.*)$ http://server.eyethrees.net$1 [R=301,L]
RewriteCond %{SERVER_NAME} =www.servwer.eyethrees.net [OR]
RewriteCond %{SERVER_NAME} =server.eyethrees.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
ProxyPreserveHost On
 SSLProxyEngine On
 SSLProxyVerify None
 SSLProxyCheckPeerCN Off
 SSLProxyCheckPeerName Off
 SSLProxyCheckPeerExpire Off
        ProxyPass / "https://server.eyethrees.net:10000"
 ProxyPassReverse / "https://server.eyethrees.net:10000"
</VirtualHost>

What are the contents of /etc/miniserv.conf ?

Yes, but you will probably need to have another subdomain in order to do that.

For example, create webmail.server.eyethrees.net, and proxy that to port 20000.

1 Like

I do not have a miniserv.conf in /etc
but I do have two miniserv.conf files:

/etc/webmin/miniserv.conf

port=10000
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ssl=1
no_ssl2=1
no_ssl3=1
no_tls1=1
no_tls1_1=1
ssl_honorcipherorder=1
no_sslcompression=1
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=1
logout=/etc/webmin/logout-flag
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
ipv6=1
session=1
premodules=WebminCore
userfile=/etc/webmin/miniserv.users
keyfile=/etc/letsencrypt/live/server.eyethrees.net/privkey.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
passdelay=1
login_script=/etc/webmin/login.pl
logout_script=/etc/webmin/logout.pl
cipher_list_def=3
failed_script=/etc/webmin/failed.pl
nolog=\/stats\.cgi\?xhr\-stats\=general
logouttimes=
sudo=
pamany=
unixauth=
error_handler_403=403.cgi
error_handler_404=404.cgi
error_handler_401=401.cgi
ssl_cipher_list=EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
extracas=/etc/letsencrypt/live/server.eyethrees.net/chain.pem
certfile=/etc/letsencrypt/live/server.eyethrees.net/cert.pem
no_tls1_2=
dhparams_file=/etc/webmin/dhparams.pem
ssl_redirect=1
preroot_chris=authentic-theme
preroot=authentic-theme
root=/usr/libexec/webmin
mimetypes=/usr/libexec/webmin/mime.types
server=MiniServ/1.955

&

/etc/usermin/miniserv.conf

port=20000
addtype_cgi=internal/cgi
realm=Usermin Server
logfile=/var/usermin/miniserv.log
errorlog=/var/usermin/miniserv.error
pidfile=/var/usermin/miniserv.pid
logtime=168
ppath=
ssl=1
no_ssl2=1
no_ssl3=1
no_tls1=1
no_tls1_1=1
env_WEBMIN_CONFIG=/etc/usermin
env_WEBMIN_VAR=/var/usermin
atboot=
logout=/etc/usermin/logout-flag
listen=
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
session=1
unixauth=user
pam=usermin
premodules=WebminCore
userfile=/etc/usermin/miniserv.users
keyfile=/etc/letsencrypt/live/server.eyethrees.net/privkey.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=2
sidname=usid
preroot=authentic-theme
passdelay=1
nolog=\/stats\.cgi\?xhr\-stats\=general
root=/usr/libexec/usermin
mimetypes=/usr/libexec/usermin/mime.types
server=MiniServ/1.79102081026
sockets=
ipv6=0
ssl_cipher_list=EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
extracas=/etc/letsencrypt/live/server.eyethrees.net/chain.pem
certfile=/etc/letsencrypt/live/server.eyethrees.net/cert.pem
ssl_redirect=1
error_handler_403=403.cgi
error_handler_404=404.cgi
error_handler_401=401.cgi
no_sslcompression=
no_tls1_2=
ssl_honorcipherorder=0
dhparams_file=/etc/usermin/dhparams.pem
ssl_version=
preroot_cch=authentic-theme

It seems like you should be able to restart Webmin and port 20000 should pick up the renewed certificate.

so you're saying create a new vhost? then restart webmin?

thanks for the suggestion... it didn't work, but now i do have the subdomain setup which is nice...

i think i needed to restart the usermin service after setting it to use the same certs as webmin... at least it started working after I did that