2

Webmin stopped working again today in Stretch. It is not actually the first time. (last time Webmin stopped working after upgrade to Stretch )

This time round, it does give a timeout error in Safari, but while opening it up in Firefox I have got back the error ssl_error_rx_record_too_long.

When running webmin by hand in the system, I also get back a cryptic error as the certificate file is present in the system:

$sudo /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
Failed to open SSL cert  at /usr/share/webmin/miniserv.pl line 4154.

What is happening?

Community
  • 1
Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227

1 Answers1

2

Having a look back at the certificate, it is obvious it has only 512 bits, and it is expired.

$sudo openssl x509 -noout  -in /etc/webmin/miniserv.pem -text
...
Not After : Feb 10 14:11:38 2016 GMT
...
Public-Key: (512 bit)
...

I also found an article mentioning Firefox does not support certs smaller than 1024 bits since 2014 here.

From that link, I also followed their steps to regenerate a new 2048-bit webmin certificate,and I decided to give it a go. 

file=/etc/webmin/miniserv.pem
openssl req -x509 -newkey rsa:2048 -keyout $file  -out $file \
 -days 3650 -nodes -subj \
 "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" 
openssl x509 -x509toreq -in $file -signkey $file >> $file
/etc/init.d/webmin restart

After restarting Webmin, we were able to use it again.

Apparently, the restrictions against smaller certificates are now also in Debian 9 too.

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227