Page 5 of 12 FirstFirst ... 34567 ... LastLast
Results 81 to 100 of 236

Thread: DirectAdmin 1.50.0 has been released

  1. #81
    Join Date
    Apr 2015
    Posts
    142
    No, I didn't apply the bugfix yet. I have to read further back in this thread I guess. I did manage to get the server-wide authentication to work by providing the 5th parameter "/var/www/html" to the script. A new problem arises though, NGINX barfs "SSL_CTX_use_PrivateKey_file" because apparently the resulting pem file has been messed up (wrong order of key/cert?). I'll have to figure this out, but I'll apply the bug fix first. Thanks!

    PS. Darn, I indeed see Martynas mentioning the exact issue I'm reporting here. Duh!
    Last edited by zmippie; 02-22-2016 at 02:26 AM.

  2. #82
    Join Date
    Apr 2015
    Posts
    142
    Quote Originally Posted by vancanneyt View Post
    To add SSL to domain pointers i did this to make it work (hope this is the good way):
    Well... I don't think it's the right way. I end up with NGINX failing to accept the new certificate after adding an extra SAN:

    Code:
    nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/directadmin/data/users/user/domains/domain.com.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
    nginx: configuration file /etc/nginx/nginx.conf test failed
    Key and certs were all updated after manually running the (patched) script, but invalid, it seems. I'd love to hear from Martynas if what we are after is at all provided for in the script.

  3. #83
    Join Date
    Dec 2012
    Posts
    77
    I'm using Apache where it worked without issues. Could be Nginx problem

  4. #84
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,128
    Quote Originally Posted by zmippie View Post
    Well... I don't think it's the right way. I end up with NGINX failing to accept the new certificate after adding an extra SAN:

    Code:
    nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/directadmin/data/users/user/domains/domain.com.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
    nginx: configuration file /etc/nginx/nginx.conf test failed
    Key and certs were all updated after manually running the (patched) script, but invalid, it seems. I'd love to hear from Martynas if what we are after is at all provided for in the script.
    It's a good way of doing that, but it wasn't planned for 1.5 To fix the cert/key mismatch just do:
    Code:
    cat /usr/local/directadmin/data/users/user/domains/domain.com.key /usr/local/directadmin/data/users/user/domains/domain.com.cert > /usr/local/directadmin/data/users/user/domains/domain.com.cert.combined
    service nginx restart
    DA 1.50.1 will create domain.com.cert.combined automatically when letsencrypt.sh is manually run from console (DA 1.50.0 creates it only when letsencrypt.sh is ran from DA interface).
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  5. #85
    Join Date
    May 2008
    Location
    The Netherlands
    Posts
    1,190
    I played with the let's encrypt feature also. When selecting let's encrypt at SSL management, you need to enter all the company and address info like normal, however that info can't be used to let's encrypt, only the e-mail address field should be left there (and maybe pre-fill in the address belonging to the DA account). That way you can enable it with a few clicks.

    Also on http://www.directadmin.com/features.php?id=1828 it lists the rate limits; they are probably based on an outdated article. See a more recent article at https://community.letsencrypt.org/t/...s-encrypt/6769
    ~ Arieh

  6. #86
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,128
    The most actual limit seems to still be the same:
    Quote Originally Posted by http://www.directadmin.com/features.php?id=1828
    Rate limit on certificates per Domain is now 5 per 7 days
    About the fields in SSL management, I think John left them there in case anyone would like to use the same CSR for normal certs, however, only John knows the real answer When called from SSH, letsencrypt.sh doesn't ask you to fill any information.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  7. #87
    Join Date
    May 2008
    Location
    The Netherlands
    Posts
    1,190
    The other limit though: "Rate limit on registrations per IP is now 10 per 3 hours" which is now 500 per 3 hours.

    I suppose with a few javascript lines the fields can be hidden when LE is selected.

    The filled in e-mail isn't being used either I see: EMAIL="${USER}@${DOMAIN}"
    Last edited by Arieh; 02-22-2016 at 05:41 AM.
    ~ Arieh

  8. #88
    Join Date
    Feb 2016
    Location
    Bat Cave
    Posts
    41
    Code:
            rm -f "${WELLKNOWN_PATH}/${CHALLENGE_TOKEN}"
    
            if [ "${CHALLENGE_STATUS}" = "valid" ]; then
                    echo "Challenge is valid."
            else
                    echo "Challenge is ${CHALLENGE_STATUS}. Details: ${CHALLENGE_DETAIL}. Exiting..."
                    exit 1
            fi
    I removed the rm part to check if the tokens are even generated in /.well-known/acme-challenge/, they were there as chmoded 644 files with a string of 88 signs. The error makes no sense at all since the file is reachable for the world during the check, after which it gets removed and then it echoes an error about not being able to connect The error messages aren't helpful enough.

  9. #89
    Join Date
    Apr 2015
    Posts
    142
    Quote Originally Posted by smtalk View Post
    It's a good way of doing that, but it wasn't planned for 1.5
    OK, got it. It's nice to be ahead of the curve every once in a while

    Quote Originally Posted by smtalk View Post
    To fix the cert/key mismatch just do:
    I only *just* figured that out myself and then read your answer. It seems like today is one of those days that I'm actually not ahead of the curve, rather, slightly behind all the time...

    Thanks Martynas.

    Quote Originally Posted by Arieh View Post
    The filled in e-mail isn't being used either I see: EMAIL="${USER}@${DOMAIN}"
    I noticed that too, and was wondering what happens to the email address in the CSR form. I guess it just goes lost.

  10. #90
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,128
    Quote Originally Posted by Arieh View Post
    The filled in e-mail isn't being used either I see: EMAIL="${USER}@${DOMAIN}"
    Why it isn't?

    Code:
    if [ "${CSR_CF_FILE}" != "" ] && [ -s ${CSR_CF_FILE} ]; then
            if grep -q -m1 '^emailAddress' ${CSR_CF_FILE}; then
                    EMAIL="`grep '^emailAddress' ${CSR_CF_FILE} | awk '{print $3}'`"
            fi
    elif [ "${CSR_CF_FILE}" = "" ] && [ -s ${SAN_CONFIG} ]; then
            if grep -q -m1 '^emailAddress' ${SAN_CONFIG}; then
                    EMAIL="`grep '^emailAddress' ${SAN_CONFIG} | awk '{print $3}'`"
            fi
    fi
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  11. #91
    Join Date
    Feb 2013
    Posts
    7
    Quote Originally Posted by Webgangster View Post
    I have enabled the SSL functie (Lets Encrypt), but there is no checkbox on the page with 'Free & automatic certificate from Let's Encrypt'.
    In Users\ssl.htm is no text shown.

    -----------

    |*if LETSENCRYPT="1"|
    <br><input type=radio name=request value="letsencrypt" disabled>Free & automatic certificate from <a class='listtitle' target=_blank href="https://letsencrypt.org/">Let's Encrypt</a></td>
    |*endif|
    Nobody with the same problem?

    DA runs version 1.5
    Lets Encrypt = 1
    No radio button on de SSL page / Template is not updates

  12. #92
    Join Date
    Sep 2015
    Location
    Arnhem, NL
    Posts
    430
    Quote Originally Posted by Webgangster View Post
    Nobody with the same problem?

    DA runs version 1.5
    Lets Encrypt = 1
    No radio button on de SSL page / Template is not updates
    letsencrypt=1?

    Did you restart DA after the config change?

  13. #93
    Join Date
    May 2008
    Location
    The Netherlands
    Posts
    1,190
    Quote Originally Posted by smtalk View Post
    Why it isn't?

    Code:
    if [ "${CSR_CF_FILE}" != "" ] && [ -s ${CSR_CF_FILE} ]; then
            if grep -q -m1 '^emailAddress' ${CSR_CF_FILE}; then
                    EMAIL="`grep '^emailAddress' ${CSR_CF_FILE} | awk '{print $3}'`"
            fi
    elif [ "${CSR_CF_FILE}" = "" ] && [ -s ${SAN_CONFIG} ]; then
            if grep -q -m1 '^emailAddress' ${SAN_CONFIG}; then
                    EMAIL="`grep '^emailAddress' ${SAN_CONFIG} | awk '{print $3}'`"
            fi
    fi
    You're right of course.

    In that case it should hide all other fields except email. And the server-side check modified.
    ~ Arieh

  14. #94
    Join Date
    Feb 2016
    Location
    Bat Cave
    Posts
    41
    Webgangster, have you rewritten your confis?
    Code:
    ./build rewrite_configs
    {"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Could not connect to http://example.com/.well-known/acme-challenge/FIPXfnUYnP-0dRB9b3x7ayjS1Hrqoupfl2oHpyOClCc"},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/7RQNPzjQiks1-DadrPVrP6xQgiXWEcW2zc_VD51Cj8U/18860782","token":"FIPXfnUYnP-0dRB9b3x7ayjS1Hrqoupfl2oHpyOClCc","keyAuthorization":"FIPXfnUYnP-0dRB9b3x7ayjS1Hrqoupfl2oHpyOClCc.5DN7NgwFmPM3Qe94l4n6PFWZoW1Yx3bDH19GIEiGVxA","validationRecord":[{"url":"http://example.com/.well-known/acme-challenge/FIPXfnUYnP-0dRB9b3x7ayjS1Hrqoupfl2oHpyOClCc","hostname":"example.com","port":"80","addressesResolved":["181.xx.278.xxx"],"addressUsed":"181.xx.278.xx"}]}
    I'm on a dead end

  15. #95
    Join Date
    Feb 2013
    Posts
    7
    Quote Originally Posted by Erulezz View Post
    letsencrypt=1?

    Did you restart DA after the config change?

    Yes, i have restared DA after the config change.

    Quote Originally Posted by HolyDiver View Post
    Webgangster, have you rewritten your confis?
    Code:
    ./build rewrite_configs

    I'm on a dead end
    Yes, i have rewrites the configs, no effect.
    If i run 'grep well /etc/httpd/conf/extra/httpd-alias.conf', there is nothing shown.

  16. #96
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,128
    Quote Originally Posted by Webgangster View Post
    Nobody with the same problem?

    DA runs version 1.5
    Lets Encrypt = 1
    No radio button on de SSL page / Template is not updates
    Please change your skin to enhanced if it's set to any other. Please also check:
    Code:
    /usr/local/directadmin/directadmin c | grep letsencrypt
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  17. #97
    Join Date
    Feb 2013
    Posts
    7
    Quote Originally Posted by smtalk View Post
    Please change your skin to enhanced if it's set to any other. Please also check:
    Code:
    /usr/local/directadmin/directadmin c | grep letsencrypt
    Thanks, its return a 0.
    letsencrypt=1 moved to line 2, DA restarted and it works now!

  18. #98
    Join Date
    Apr 2009
    Posts
    2,420
    Quote Originally Posted by Arieh View Post
    In that case it should hide all other fields except email. And the server-side check modified.
    +1 for that. I wanted to hide all the other fields in my custom skin under a link by using css, and unless that link is clicked (it could be called "advanced configuration other then letsencrypt") it will only show letsenrypt needed stuff. So to bad all the other fields are still needed, even though they actually are not ...

  19. #99
    Join Date
    Feb 2016
    Location
    Bat Cave
    Posts
    41
    Should port 443 be open on apache when requesting letsencrypt.sh?

  20. #100
    Join Date
    Jul 2013
    Posts
    198
    Quote Originally Posted by zEitEr View Post
    I faced the same. A cert will be generated for www.srv1.myserver.com and srv1.myserver.com. So just add an A-type record for www in srv1.myserver.com zone on your authoritative NS servers.
    Strange isnt it ?

    so i have to add www.srv1 A record to my DNS ?

Page 5 of 12 FirstFirst ... 34567 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •