Owncloud server using Webmin for system administration error


#1

Hi,
I have successfully installed a Letsencrypt certificate for an owncloud server using the auto --apache method. I am running a Debian 8 system and use Webmin to administer the system.
The Owncloud web service is functioning correctly under HTTPS. However, I am now not able to gain access to my webmin web interface. Firefox throws up a warning of an untrusted cert (the default webmin one) and does not give the option to add an exemption. The lets encrypt certificate that is installed for the owncloud service is for hostname.domainname.co.uk.
The Webmin access is from a URL with the same name above with :port number.
I am not sure what to do to get the Webmin access back. Do I need to replace the default Webmin self signed certificate with a copy of the lets encrypt one?
Any ideas on how to resolve the issue would be greatly received.


#2

ownCloud has an option to enable/disable HSTS from the admin UI. If that’s enabled, and you’re accessing webmin via the same domain name, you’ll need a valid cert for webmin too (which can be the same one you’re using with owncloud), as the HSTS setting will prevent the self signed cert from working. Alternatively you could disable HSTS (by setting the max-age to 0) or try accessing webmin via another domain name or IP address.


#3

Hi jmorahan,

Thank you for taking the time to respond to my query. I am not sure what you mean by the owncloud UI. The administrator page of the web interface does not show the HSTS option that you suggest. Is it part of the owncloud config file that needs editing?
I am also confused by the suggestion of accessing Webmin using a different IP address / domain name. How could that work? Surely the IP address / domain name has to point to the server that I have the issue with.

You will no doubt guess that I am not very experienced with server administration and particularly the strange and weird world of SSL.


#4

Hmm, I’m sure I saw that option in owncloud before, but I can’t find it now. Maybe it was removed in the latest version.

What I meant about the IP address was that if your IP address is 1.2.3.4 you could access webmin at https://1.2.3.4:port with the self signed cert.

However, the best solution would be to configure webmin to use your Let’s Encrypt certificate, as you suggested originally.


#5

Ok, I have resolved the issue.
For anyone with a similar problem you can do the following:
SSH into your server and edit the /etc/webmin/miniserv.conf file. Change the line ssl=1 to a 0 and save out the file.
Then type /etc/init.d/webmin restart to restart the webmin service and you should then be able to access the webmin UI using http.
Next, from the webmin UI go to webmin configuration / ssl encryption / upload certificate tab where you can then copy and paste the three elements of your letsencrypt certificate into the fields. Click save and you are done. Log out or close the web page and log back in with HTTPS enabled
Hope that helps anyone with the same problem