Page 3 of 12 FirstFirst 12345 ... LastLast
Results 41 to 60 of 236

Thread: DirectAdmin 1.50.0 has been released

  1. #41
    Join Date
    Jun 2008
    Posts
    156
    how did u get that location config? and from where?
    ive rebuilt config so many times by now and dont see that alias anywhere and still cant generate new certificate

  2. #42
    Join Date
    Feb 2016
    Location
    Bat Cave
    Posts
    38
    I followed zEitEr's instructions (clear nginx confs, try to validate, rebuild confs, try validating again) but letsencrypt refuses to work. Both apache as nginx have aliases for .well-known and the DNS settings are correct. Even when trying with SSH, I'm stuck with this:

    Code:
    root@server:~# /usr/local/directadmin/scripts/letsencrypt.sh request example.com 4096
    Getting challenge for tekkenzone.net from acme-server...
    Waiting for domain verification...
    Challenge is invalid. Details: Could not connect to http://example.com/.well-known/acme-challenge/E8aOlQiwbDB0bE8obJW1tXdm1VoY-gIxjN0w3UPbVSs. Exiting...
    Code:
    66.133.109.36 - - [21/Feb/2016:19:11:56 +0100] "GET /.well-known/acme-challenge/E8aOlQiwbDB0bE8obJW1tXdm1VoY-gIxjN0w3UPbVSs HTTP/1.0" 200 379 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

  3. #43
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,103
    Do you have custom templates?

    Code:
    ls -1 /usr/local/directadmin/custombuild/custom/nginx*/conf/
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

  4. #44
    Join Date
    Feb 2016
    Location
    Bat Cave
    Posts
    38
    Only for phpMyAdmin and Roundcube, no custom templates for Apache or Nginx. I'll check once more if the .htacces in public_html isn't messing up something

  5. #45
    Join Date
    Sep 2015
    Location
    Arnhem, NL
    Posts
    427
    Thanks for the update, works great so far. What is the recommended ciphersuite we can use now for DirectAdmin? I saw the the current SSL cipherlists page hasn't been updated.

  6. #46
    Join Date
    Jun 2008
    Posts
    156
    Quote Originally Posted by zEitEr View Post
    Do you have custom templates?

    Code:
    ls -1 /usr/local/directadmin/custombuild/custom/nginx*/conf/
    i got no custom templates... still cant generate cert

  7. #47
    Join Date
    Dec 2012
    Posts
    76
    To add SSL to domain pointers i did this to make it work (hope this is the good way):
    Code:
    nano /usr/local/directadmin/data/users/username/domains/domain.com.cert.san_config
    for each domain add the non www and www to the line: subjectAltName so it could look like this:
    Code:
    subjectAltName=DNS:example.com,DNS:www.example.com,DNS:example.net,DNS:www.example.net
    Then execute renewal through the DirectAdmin script:
    Code:
    ./letsencrypt.sh renew example.com 4096
    which outputs:
    Code:
    Getting challenge for example.com from acme-server...
    Waiting for domain verification...
    Challenge is valid.
    Getting challenge for www.example.com from acme-server...
    Waiting for domain verification...
    Challenge is valid.
    Getting challenge for example.net from acme-server...
    Waiting for domain verification...
    Challenge is valid.
    Getting challenge for www.example.net from acme-server...
    Waiting for domain verification...
    Challenge is valid.
    Generating 4096 bit RSA key for poollicht.be...
    openssl genrsa 4096 > "/usr/local/directadmin/data/users/username/domains/example.com.key.new"
    Generating RSA private key, 4096 bit long modulus
    ................++
    ...................++
    Certificate for example.com has been created successfully!
    And that should make it work for your domain pointers if you want to have SSL on them as well.

  8. #48
    Join Date
    Jun 2008
    Posts
    156
    my conf looks exactly like that too
    domain.com.cert.san_config

    still doesnt generate certificate
    [root@server scripts]# ./letsencrypt.sh renew domain.me 2048
    Getting challenge for domain.me from acme-server...
    Waiting for domain verification...
    Challenge is invalid. Details: Invalid response
    404. Exiting...

    can anyone help me please
    Last edited by Frej; 02-21-2016 at 12:47 PM.

  9. #49
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,529
    Quote Originally Posted by zEitEr View Post
    Did you change/add the location in nginx?

    recently (10-20-30 minutes ago)?
    No, it was added 11 days ago. CB 2.0 rev. 1496.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  10. #50
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,529
    Quote Originally Posted by Frej View Post
    my conf looks exactly like that too
    domain.com.cert.san_config

    still doesnt generate certificate

    ssl_certificate /etc/nginx/ssl.crt/server.crt.combined;
    ssl_certificate_key /etc/nginx/ssl.key/server.key;

    can anyone help me please
    These are server-level certificates (for your hostname). To generate these, you should start letsencrypt.sh manually:
    Code:
    cd /usr/local/directadmin/scripts
    ./letsencrypt.sh request your.hostname.com 4096
    To manually generate a certificate for any of your domains with letsencrypt=1 set in directadmin.conf (you'd need to enable SSL for the domain in DA this way):
    Code:
    cd /usr/local/directadmin/scripts
    ./letsencrypt.sh request domain.com 4096 "" /var/www/html/
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  11. #51
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,529
    Quote Originally Posted by Erulezz View Post
    Thanks for the update, works great so far. What is the recommended ciphersuite we can use now for DirectAdmin? I saw the the current SSL cipherlists page hasn't been updated.
    I'd recommend using one from https://mozilla.github.io/server-sid...fig-generator/.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  12. #52
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,529
    Quote Originally Posted by Active8 View Post
    What is the bug exactly ? everything seems fine here, is it mandatory to apply this patch ?
    I think DA does not pass /var/www/html as the 5th argument to the letsencrypt.sh script if letsencrypt=1 is used in directadmin.conf (not confirmed yet). If you have no alias setup in httpd-alias.conf, it'd work, however, it should fail with an alias.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  13. #53
    Join Date
    Jun 2008
    Posts
    156
    ye i checked directory
    ssl_certificate /usr/local/directadmin/data/users/admin/domains
    ssl_certificate_key /usr/local/directadmin/data/users/admin/domains


    couldnt find the new certificate


    but if i want to use =1 how would i get those cert when my domains are on /home/users

    trying generating new cert

    [root@server scripts]# ./letsencrypt.sh renew domain.me 2048
    Getting challenge for domain.me from acme-server...
    Waiting for domain verification...
    Challenge is invalid. Details: Invalid response
    404. Exiting...

    Quote Originally Posted by smtalk View Post
    These are server-level certificates (for your hostname). To generate these, you should start letsencrypt.sh manually:
    Code:
    cd /usr/local/directadmin/scripts
    ./letsencrypt.sh request your.hostname.com 4096
    To manually generate a certificate for any of your domains with letsencrypt=1 set in directadmin.conf (you'd need to enable SSL for the domain in DA this way):
    Code:
    cd /usr/local/directadmin/scripts
    ./letsencrypt.sh request domain.com 4096 "" /var/www/html/
    Last edited by Frej; 02-21-2016 at 12:56 PM.

  14. #54
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,529
    Quote Originally Posted by Frej View Post
    but if i want to use =1 how would i get those cert when my domains are on /home/users
    Certificates are stored in /usr/local/directadmin/data/users/, not /home/.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  15. #55
    Join Date
    Jun 2008
    Posts
    156
    using=1
    still cant generate new ssl

    same error
    i did this
    cd /usr/local/directadmin/custombuild
    ./build update
    ./build rewrite_confs


    [root@server scripts]# ./letsencrypt.sh renew domain.me 2048
    Getting challenge for domain.me from acme-server...
    Waiting for domain verification...

    Challenge is invalid. Details: Invalid response from
    403. Exiting...
    Last edited by Frej; 02-21-2016 at 01:13 PM.

  16. #56
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,529
    Frej, please see the command above for the manual generation of the certs http://forum.directadmin.com/showthr...618#post270618, first command if for hostname, the second one is for domain. Also, make sure you don't have custom configs for aliases in /usr/local/directadmin/custombuild/custom/.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  17. #57
    Join Date
    Jun 2008
    Posts
    156
    only file i see in /usr/local/directadmin/custombuild/custom is
    configure.nginx, ye i tried ur second commands still cant generate cert
    #!/bin/sh
    ./configure \
    "--add-module=/root/ngx_pagespeed-release-1.10.33.2-beta" \
    "--with-cc=/opt/rh/devtoolset-2/root/usr/bin/gcc" \
    "--with-http_v2_module" \
    "--user=nginx" \
    "--group=nginx" \
    "--prefix=/usr" \
    "--sbin-path=/usr/sbin" \
    "--conf-path=/etc/nginx/nginx.conf" \
    "--pid-path=/var/run/nginx.pid" \
    "--http-log-path=/var/log/nginx/access_log" \
    "--error-log-path=/var/log/nginx/error_log" \
    "--with-ipv6" \
    "--without-mail_imap_module" \
    "--without-mail_smtp_module" \
    "--with-http_ssl_module" \
    "--with-http_realip_module" \
    "--with-http_stub_status_module" \
    "--with-http_gzip_static_module" \
    "--with-http_dav_module" \
    "--with-cc-opt='-D FD_SETSIZE=32768'"

  18. #58
    Join Date
    Feb 2016
    Location
    Bat Cave
    Posts
    38
    If I navigate with my browser to example.com/.well-known/ or example.com/.well-known/acme-challenge/, is it normal it returns a 403 Forbidden? Could that interfere with the process?

    (Using letsencrypt=1)

  19. #59
    Join Date
    Jul 2013
    Posts
    150
    Quote Originally Posted by smtalk View Post
    These are server-level certificates (for your hostname). To generate these, you should start letsencrypt.sh manually:
    Code:
    cd /usr/local/directadmin/scripts
    ./letsencrypt.sh request your.hostname.com 4096
    To manually generate a certificate for any of your domains with letsencrypt=1 set in directadmin.conf (you'd need to enable SSL for the domain in DA this way):
    Code:
    cd /usr/local/directadmin/scripts
    ./letsencrypt.sh request domain.com 4096 "" /var/www/html/
    Can you please tell me the difference between the domain certificate and de server-level certificate ? im confused

    I have set up now as:

    hostname: srv1.myserver.com
    I did generate for this domain (in user mode in DA) myserver.com a SSL certificate is this not sufficient ? the main website myserver.com is working with teh new generated SSL, must i do the server-level certificate as you meant before ?

  20. #60
    Join Date
    Nov 2015
    Posts
    84
    Quote Originally Posted by smtalk View Post
    There seems to be a bug with DA 1.50 and letsencrypt=1 option, to fix it, pelase use:
    Code:
    perl -pi -e 's|DOCUMENT_ROOT=\$5|DOCUMENT_ROOT=/var/www/html|' /usr/local/directadmin/scripts/letsencrypt.sh
    Tried this one, still get a 404 on .well-known? I checked /etc/nginx/webapps.conf and the alias seems to be there. I do use custom nginx-templates, but they all include webapps.conf so it should be good?

    I get the feeling WordPress is messing things up here, because I tried another site (with a Piwik install) and there were no problems there. Going to investigate this more now.

Page 3 of 12 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •