How can I secure Webmin with an LE cert?

My domain is: server.eyethrees.net
My web server is: Apache v2.4.6
The OS my web server runs on is: centos-release-7-7.1908.0.el7.centos.x86_64
I can login to a root shell on my machine: yes
I’m using a control panel to manage my site: Webmin v1.94 1
The version of my client is: certbot version 1.0.0

so my webmin installation (on the standard port 10000) throws the browser privacy error and appears to not be using the same certificate that is being used when i go to port 443 (the dates are different when i view the cert from the browser)

1 Like

Please show the contents of:
[feel free to remove any private information - I don’t use Webmin - be careful what you post]
/etc/webmin/miniserv.conf

1 Like
$sudo cat /etc/webmin/miniserv.conf 
port=10000
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ssl=1
no_ssl2=1
no_ssl3=1
no_tls1=1
no_tls1_1=1
ssl_honorcipherorder=1
no_sslcompression=1
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=1
logout=/etc/webmin/logout-flag
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
ipv6=1
session=1
premodules=WebminCore
userfile=/etc/webmin/miniserv.users
keyfile=/etc/webmin/letsencrypt-key.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
preroot=authentic-theme
passdelay=1
login_script=/etc/webmin/login.pl
logout_script=/etc/webmin/logout.pl
cipher_list_def=3
failed_script=/etc/webmin/failed.pl
nolog=.*xhr.*
logouttimes=
sudo=
pamany=
unixauth=
error_handler_403=403.cgi
error_handler_404=404.cgi
error_handler_401=401.cgi
ssl_cipher_list=EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
extracas=/etc/webmin/letsencrypt-ca.pem
certfile=/etc/webmin/letsencrypt-cert.pem
no_tls1_2=
dhparams_file=/etc/webmin/dhparams.pem
ssl_redirect=1
root=/usr/libexec/webmin
mimetypes=/usr/libexec/webmin/mime.types
server=MiniServ/1.941
1 Like

It looks like you might only need to modify these values:

[backup this file before making changes]

2 Likes

modify them to… ??

From your previous post:

I would set them as follows:

keyfile=/etc/letsencrypt/live/server.eyethrees.net/privkey.pem
extracas=/etc/letsencrypt/live/server.eyethrees.net/chain.pem
certfile=/etc/letsencrypt/live/server.eyethrees.net/cert.pem

or

keyfile=/etc/letsencrypt/live/server.eyethrees.net/privkey.pem
extracas=
certfile=/etc/letsencrypt/live/server.eyethrees.net/fullchain.pem

Note: This change may require the “webmin process user” access rights to those files.
If that causes access rights problems that can’t be overcome:
You can copy the required files to a folder that Webmin does have access to.
[then modify the cert update script to copy those files whenever the cert is renewed]

2 Likes

used the first suggestion of edits
edited as root
restarted webmin and apache
and BOOM!
once again you’ve come through like a champ!
thank you thank you! THANK YOU!!!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.