Virtualbox HTTPS API w/ LE

Hello. I hope this question is simple. Everything I've tried hasn't worked so far.

I'm using the vboxweb service on my Debian machine to access a headless VirtualBox server. I want to control the VirtualBox machines using SSL.

I can set the following options in my /etc/default/virtualbox file:

(Each of these parameters above are prepended with VBOXWEB_, e.g. VBOXWEB_SSL_KEYFILE.)

SSL_KEYFILE - Server key and certificate file, PEM format
SSL_PASSWORDFILE - File name for password to server key
SSL_CACERT - CA certificate file, PEM format
SSL_CAPATH - CA certificate path
SSL_DHFILE - DH file name or DH key length in bits
SSL_RANDFILE - File containing seed for random number generator

(Source: Chapter 9. Advanced Topics )

I've created Diffie Hellman parameters (2048-bit). It's at /dh2048.pem. I've copied all my LE cert files to / and set permissions to 666. Yes, I know this is very insecure. When everything is working properly, I'll harden security.

There is no password on the cert, so I don't need that option. I don't think I need the random number seed either (do I?).



Just the two parameters above generates an error. Unfortunately, it is rather vague in the vboxweb logfile.

VirtualBox web service 5.2.12 r122591 linux.amd64 (May 9 2018 15:00:04) release log
00:00:00.001964 main Log opened 2018-07-10T01:41:34.939663000Z
00:00:00.001966 main Build Type: release
00:00:00.001970 main OS Product: Linux
00:00:00.001971 main OS Release: 4.9.0-4-amd64
00:00:00.001972 main OS Version: #1 SMP Debian 4.9.65-3+deb9u1 (2017-12-23)
00:00:00.001998 main DMI Product Name: HP EliteBook 8440p
00:00:00.002005 main DMI Product Version:
00:00:00.002050 main Host RAM: 1861MB total, 1726MB available
00:00:00.002052 main Executable: /usr/lib/virtualbox/vboxwebsrv
00:00:00.002053 main Process ID: 2038
00:00:00.002054 main Package type: LINUX_64BITS_DEBIAN_9_0
00:00:00.016667 main IPC socket path: /tmp/.vbox-vbox-ipc/ipcd
00:00:00.179423 SQPmp #### SOAP FAULT: SSL/TLS error [is internal]

Perhaps I need the following parameters. What would they be? Any ideas?


I'd be grateful for any advice. I'd really like to use my LE cert to ensure security for my VirtualBox setup. Thanks!

BTW, if I use a self-signed cert, the last line in the logfile shows success as such:

00:00:00.271077 SQPmp Socket connection successful: host =, port = 18083, SSL, master socket = 9

Sounds like it needs to be in combined PEM format

<privkey.pem contents>
<fullchain.pem contents>

Sometimes servers will refuse to use keys that are world-readable.

Not needed, used for client certificates.


Why didn’t I read that a little more closely… lol

That was exactly my problem. I concatenated those two files, restarted the service, and I’m up and running. Many thanks @_az!

Strange it actually works. The help file you mentioned says: The parameters in the table below all start with VBOXWEB_ (VBOXWEB_HOST, VBOXWEB_PORT etc.):

So it should be VBOX_WEB_SSL_KEYFILE?

@Osiris Yes, you are correct.

My apologies for stating they are prefixed with VBOX_. That is incorrect. Every parameter is prefixed with VBOXWEB_. I've corrected my original post.

Here is my config:

# will listen on all interfaces

Here are the tutorials I followed to get things started:



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.