SSL Certificate - Error - Perl execution failed

I noticed on an Ubuntu 18.04 LTS server I have running Virtualmin Pro: when I went to Server Configuarion -> SSL Certificate I was confronted with a Perl error. I was already in the process of spinning up a 20.04 LTS server (also with Virtualmin Pro), so upon completion, I checked it there too. After adding a site and checking " Apache SSL website enabled?" I was confronted with the following error; (Additionally when I tried requesting a new Let'sEncrypt cert, or updating a cert in general, it said it was successful, but no change certs were still self-signed). The error is:

HTTP/1.0 500 Perl execution failed Server: MiniServ/1.954 Date: Mon, 24 Aug 2020 06:52:46 GMT Content-type: text/html; Charset=utf-8 Connection: close Error - Perl execution failed Modification of non-creatable array value attempted, subscript -1 at /usr/share/webmin/virtual-server/feature-ssl.pl line 919.

*** I checked all of my servers with Virtualmin, and all suffer the same issue, I looked for hours, but this doesn't seem to have been reported ***

System hostname (Redacted) Operating system Ubuntu Linux 20.04.1 Webmin version 1.954 Usermin version 1.803 Virtualmin version 6.11.pro Pro

Status: 
Active

Comments

For Reference It's - $rv[$#rv] .= $l."\n"; - in the following:

sub cert_file_split
{
local ($file) = @_;
local @rv;
my $lref = &read_file_lines($file, 1);
foreach my $l (@$lref) {
        if ($l =~ /^-----BEGIN/) {
                push(@rv, $l."\n");
                }
        elsif ($l =~ /\S/) {
                $rv[$#rv] .= $l."\n";
                }
        }
return @rv;
}
Ilia's picture
Submitted by Ilia on Tue, 08/25/2020 - 15:10

Hi,

Thanks for contacting us.

Where did you install your certificates from? Did you manually edit your certificates? Can you post an example of certificate from under domain's home? We will take a look.

Here's an example of a cert:

-----BEGIN CERTIFICATE----- MIIDZDCCAkygAwIBAgIUUgIK60mLk8Wd8PwTkDGFJIjh7BgwDQYJKoZIhvcNAQEL BQAwNzETMBEGA1UEAwwKKi50ZXN0LmNvbTEgMB4GCSqGSIb3DQEJARYRdGVzdC5j b21AdGVzdC5jb20wHhcNMjAwODI2MDEwNzUzWhcNMjUwODI1MDEwNzUzWjA3MRMw EQYDVQQDDAoqLnRlc3QuY29tMSAwHgYJKoZIhvcNAQkBFhF0ZXN0LmNvbUB0ZXN0 LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJZPqhTlm7IM9XKJ htpmspncXQIf0Pao7TfhrJbqqCinZstC3KS/dZ52FGc2iIMnaNce+X4F8wasMdDo WC2+NIhPTaaypcNa+QTvFbUa3dZdTVi/uF1lua56+blG1HDV89SfqzWruG3hiQJ3 DOfOaaembssNMzOfrPney0fpXB/W3CP+1BsIGIFf0ERcn0ubfJkx2u0NVCcp9cOf l9n5Zpng2/trUZoCYApfHfEuXlOEDA0MUDS1nkYkYkdZFNVsrHwUputhaDIy3dxR cS6jmpkSdZoMH7+SbbNpAz57Q837lvB9GqhafBtsEhQCL2BByxesqVebt4389sg0 ajoaxw0CAwEAAaNoMGYwEwYDVR0RBAwwCoIIdGVzdC5jb20wHQYDVR0OBBYEFFcx gmOTuT2r/umqHwyXjXUArbKeMB8GA1UdIwQYMBaAFFcxgmOTuT2r/umqHwyXjXUA rbKeMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADlUpnrDAxmm ghUwJC2Ol46RGPA1aPxJPPBiW1aCpP6FawPoGXmPnZRePpd/WDaTOh34vasbZofd k4KgRh1tdd8b7Iufh6wJkxSmjTZgJgW/LytqqwmkwoVm8r8texsFIazDTnOmm2E8 B1AA/n+Za8WqE5+0f/NsH9HIL7AFzHtQIjvX/BycNiLKXiKcXTsELFa7JAoOU72K ZftpwsUtOLQHtlm44DCyjl4xoEq5mg1ikigAiCMmCG+NF1rbXYxfscarN0JYbAmh x7MVN4PXARk59+W/mSeKOU1HerwBdx+tMT/t6aGvcUKAnbYMoNtIDBy+v/Iz6M3R i8fDHcPac6E= -----END CERTIFICATE-----

It happens when you check the "Setup SSL website too?" checkbox whether It is upon creation or after the initial creation. It doesn't matter whether it's a self-signed cert, a Let'sEncrypt Cert, or utilize a "know good" OV or EV cert from a CA manually, when you click on "SSL Sertificate" it displays the error... I've tried them all (unmodified)... It used to be fine, I'm not sure when it stopped working (with what update), I just noticed it when I created a new site last week on a Ubuntu Linux 18.04.1 (with Webmin 1.954 and now 1.955 and Virtualmin 6.12 Pro) box. I even spun up a new 20.04 box (with latest Webmin & Virtualmin Pro) and both exhibit the same problem.

Additionally, none of the existing LetsEcrypt Certs can renew. Any New Cert or update Requests from LetsEcrypt say successful, but get lost somewhere and never written to disk. Perms are not an issue

Here's a new site creation output:

Creating administration group example.com .. .. done Creating administration user example.com .. .. done

Creating aliases for administration user .. .. done

Adding administration user to groups .. .. done

Creating home directory .. .. done

Creating mailbox for administration user .. .. done

Adding new DNS zone .. .. done

Adding to email domains list .. .. done

Adding default mail aliases .. .. done

Adding DKIM records to DNS domain example.com .. .. added successfully

Adding new virtual website .. .. done

Adding webserver user www-data to server's group .. .. done

Performing other Apache configuration .. .. done

Setting up scheduled Webalizer reporting .. .. done

Creating SSL certificate and private key .. .. done

Adding new SSL virtual website .. .. done

Setting up log file rotation .. .. done

Creating MySQL login .. .. done

Creating MySQL database example_com .. .. done

Setting up spam filtering .. .. done

Setting up virus filtering .. .. done

Creating status monitor for website .. .. done

Creating status monitor for SSL website .. .. done

Creating status monitor for SSL certificate .. .. done

Setting up AWstats reporting .. .. done

Setting up password protection for AWstats .. .. done

Adding DAV directives to website configuration .. .. done

Adding DAV account for server administrator .. .. done

Overriding proxying for path /dav/ .. .. done

Creating Webmin user .. .. done

Saving server details .. .. done

Re-starting DNS server .. .. done

Applying web server configuration .. .. done

Re-starting Webmin .. .. done

Re-starting Usermin .. .. done

Re-loading Webmin .. .. done

Requesting a certificate for example.com, www.example.com, mail.example.com, admin.example.com, webmail.example.com from Let's Encrypt .. HTTP/1.0 500 Perl execution failed Server: MiniServ/1.955 Date: Wed, 26 Aug 2020 03:33:33 GMT Content-type: text/html; Charset=utf-8 Connection: close

Error - Perl execution failed Modification of non-creatable array value attempted, subscript -1 at /usr/share/webmin/virtual-server/feature-ssl.pl line 919.

Ilia's picture
Submitted by Ilia on Wed, 08/26/2020 - 09:53

Thanks for provided info. Can you please attach the following file from your system -

/etc/dovecot/dovecot.conf

Note: To attach a file, rename it to *.txt first, then click on Edit link at the top of this page and then upload and leave a comment, and finally hit Save button at the bottom of a popped up modal window.

I think I figured out the problem... I was able to replicate it 3 out of 3 times each way; 3 successes and 3 failures overnight... When downloading the install script from "https://www.virtualmin.com/download.html", then upgrading to Pro by entering in Serial and Key manually it works perfectly... HOWEVER, If you run the install script from the links on "Software Licences" page (https://www.virtualmin.com/user/#######/serial), not only is the install and post-install setup wizard experience different, but the nasty Perl (above) exception appears immediately upon enabling the "SSL Website" feature checkbox on any site... I think the links on the software licensing page need to be updated to point to the new script; or whatever generates the install.sh w/ the license activated needs to be updated

Scratch that... after updating the certs in Webmin, Postfix and Dovecot, the Perl error reappeared... It is dovecot, I just set the cert and key back to the default and no Per Error in "Server Configuration->SSL Certificate", but he install scripts are still different

UGH!!! It appears to be the Bag Attributes... I removed all but the contents between and including the begin and end, applied the config and all is good.

Ilia's picture
Submitted by Ilia on Thu, 08/27/2020 - 07:11

It appears to be the Bag Attributes... I removed all but the contents between and including the begin and end, applied the config and all is good.

What do you mean by "bag attributes"? What exactly did you remove?

When I exported (from IIS on Server 2016) the new cert I got recently, I must've chosen the wrong options which attached the bag attributes (below) before the "---- BEGIN" line. here is an example of what I removed from the wildcard cert I am using ( I edited the details )... all I did is remove the following from the top of the cert file:

Bag Attributes localKeyID: 01 00 00 00 friendlyName: *.domain.com subject=C = US, postalCode = (99999), ST = (State), L = (City), street = (Address), O = (Organization), OU = IT, CN = *.domain.com

issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Organization Validation Secure Server CA

I've checked in a fix for that "Perl execution failed Modification of non-creatable array value attempted" , which can happen if the cert file isn't in the expected format.