Sentora, SSL, Webmin

[worksmarter]

After discovering Webmin is compatible with Sentora, I decided to go that route for updates and firewall control, but I have hit a snag.

Installed Sentora - everything working fine, did not yet set up SSL for the panel.

Installed Webmin - everything working fine using its default self-signed cert. Address the same as above except for the port specification of :10000.

Use let'sEncrypt to secure the Sentora panel then -->

Sentora working properly and under SSL.
Webmin unreachable entirely.

I am not sure what to do. Writing this I am asking myself if I need to add more "stuff" (for Webmin) in the Global Sentora entry to cover Webmin on port 10000?

Honestly, I have zero direction at this point, hopefully someone can help since it would appear this is not the first time this has been attempted. Any help appreciated as I did not expect this failure.

[worksmarter]

OK, so I can reach Webmin via the machine's local IP:

Code:

https://xxx.xxx.xxx.xxx

...and it seems to be behaving fine. I am pretty sure I need to associate the Let'sEncrypt SSL from Sentora to Webmin via the Webmin SSL module, but have no direction in doing so and fear if I do something wrong I will no longer be able to reach Webmin or Sentora.

Guidance appreciated.

[worksmarter]

From Webmin's "Upload Certificate" option, I entered my data from the Let'sEncrypt certificate that was already generated for Sentora on the same URL address. This all looks right now, but simply does not work any differently than before I imported everything. Thoughts anyone?

[TGates]

My settings: (No custom Sentora settings at all)
Webmin Configuration>SSL Settings>

1. SSL Enabled
   
2. Private Key file: /etc/letsencrypt/live/cp.domain.com/privkey.pem
   
3. Certificate File: Separate: /etc/letsencrypt/live/cp.domain.com/cert.pem
   
4. Redirect non-SSL requests to SSL mode? Yes
   
5. SSL Protocol version: Detect Automatically
   
6. SSL Reject all; except TLSv1.2
   
7. Allow Compressed: Yes
   
8. Force Use server cipher order: No
   
9. Allowed SSL ciphers: Detect Automatically
   

Webmin Configuration>Let's Encrypt>

1. Hostnames for cert: cp.domain.com
   
2. Apache Root directory for validation file: Apache virtual host matching hostname
   
3. Copy new key and certificate to Webmin? Yes
   
4. SSL key size:  Default
   
5. Months between automatic renewal: Only renew manually
   

Did not 'Upload Certificate'.

[worksmarter]

This is not working for me yet and Webmin keeps changing the data in the Let'sEncrypt tab to:

Code:

Website root directory for validation file
to
Other directory --> /etc/sentora/panel/

and to be clear, I am not supposed to click on either of the radio buttons - at the bottom of the Let'sEncrypt page?

Is it possible I need to go into Sentora and make either the root domain or the root and the control panel subdomain that comes before it (like cp.domain) in Sentora?

Your post was so concise, I thought for sure it would work for me. Dang!

Have a meeting to go to - will return later. Many thanks.

Douglas

---

This is a domain or DNS thing, for if I put the local IP/URL into my Windows host file, it works and does not complain about the cert being self-signed and also says the certificate is from Let'sEncrypt...

[TGates]

Hmmm, well, here is my /etc/webmin/miniserv.conf:

Code:

port=10000
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ppath=
ssl=1
no_ssl2=1
no_ssl3=1
no_tls1=1
no_tls1_1=1
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=1
logout=/etc/webmin/logout-flag
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
session=1
premodules=WebminCore
userfile=/etc/webmin/miniserv.users
keyfile=/etc/letsencrypt/live/cp.domain.com/privkey.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
passdelay=1
cipher_list_def=1
sudo=1
no_sslcompression=
ssl_honorcipherorder=0
certfile=/etc/letsencrypt/live/cp.domain.com/cert.pem
no_tls1_2=
ssl_redirect=1
extracas=
logouttimes=
preroot_root=authentic-theme
root=/usr/share/webmin
mimetypes=/usr/share/webmin/mime.types
server=MiniServ/1.831

[worksmarter]

Thank you so much Tom for posting the miniserv file as well as your prior help. In doing so you made me think about what I said myself:

This is a domain or DNS thing, for if I put the local IP/URL into my Windows host file, it works and does not complain about the cert being self-signed and also says the certificate is from Let'sEncrypt...

Wouldn't you know a browser cannot connect through a hardware firewall and router unless the dang fool port is open and routed!!!

Sorry to have wasted your time trying to help me but I thank you for it. This is just yet another example of when sometimes I don't see the forest for all of the trees in front of me! Thanks again all is working as it should.

Anyone reading this, other than walking away with, "Don't do what I did..." I can assure you installation and operation of Webmin along side of Sentora works fine and is not melodramtic at all, just remember to open the port(s) for it.