DirectAdmin 1.50.0 has been released

Let's Encrypt Erorr;' Setting up DA with an SSL certificate

Very pleased with the new function to create SSL certificate per domain.
That's working great for me!

Now i'm trying to change the SSL cert for directadmin to the new SSL cert.
Following this guid:

http://help.directadmin.com/item.php?id=15

Only i get the following error:

Code: 
{"type":"urn:acme:error:invalidEmail","detail":"DNS problem: SERVFAIL looking up MX for DOMAIN"}.

Does anyone know how to solve this?
 
I've been able to successfully create Let's encrypt certificates for a couple of sites but now I'm running into a problem:

Getting challenge for xxx.nl from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Invalid response from http://xxx.nl/.well-known/acme-challenge/vZZT2WNdqCL2seGuPuzVToEqAU8dMmeeSEG7IhB-KU4 [141.138.xxx.xxx]: 404. Exiting...

The user the domain belongs to has multiple domains and one domain already has an let's encrypt certificate. Could that be a reason?
I can still add a certificate on another user without any problems. Only this domain seems to have troubles
 
Last edited:
It must be a DNS issue. Make sure www and non-www DNS addresses point to the same IP.
 
May you PM me the domain name? Or just open a ticket in tickets.directadmin.com.
 
Hello,

I had this problem too with nginx. I found out that out of the box the directory /var/www/html/.well-known didn't had the right ownership, so i had to chown webapps:webapps it. Furtermore i had to do a "chmod 755 /var/www/html/.well-known" and its subdir.
Now its working from within DA to do it with the GUI
 
Hi all!
I'm using apache on DA.
I used the alpha install (DA 1.49?) to test Let's Encrypt and it worked in a broken way (it generated the certificates but It didn't use them in httpd.conf, instead it used self-signed certs in httpd.conf and I manually corrected httpd.conf every time). Now the 1.50 DA was released, I updated to it. and when I tried generating new certs with Let's Encrypt, it throws me the same invalid work error other people have in this thread. OK, I followed some guides in here and I found my problem. I have http to https redirection all of my domains and when Let's Encrypt is trying to validate my domain with the .well-known directory, it re-directs it to https and it will not be able to access .well-known directory. Could someone give some advice on getting this working somehow?

Best Regards,
E. Kivit
 
vancanneyt said:
To add SSL to domain pointers i did this to make it work (hope this is the good way):
Code: 
nano /usr/local/directadmin/data/users/username/domains/domain.com.cert.san_config
for each domain add the non www and www to the line: subjectAltName so it could look like this:
Code: 
subjectAltName=DNS:example.com,DNS:www.example.com,DNS:example.net,DNS:www.example.net
Then execute renewal through the DirectAdmin script:
Code: 
./letsencrypt.sh renew example.com 4096
which outputs:
Code: 
Getting challenge for example.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.example.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for example.net from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.example.net from acme-server...
Waiting for domain verification...
Challenge is valid.
Generating 4096 bit RSA key for poollicht.be...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/username/domains/example.com.key.new"
Generating RSA private key, 4096 bit long modulus
................++
...................++
Certificate for example.com has been created successfully!
And that should make it work for your domain pointers if you want to have SSL on them as well.
Click to expand...

Hi.
I've done what you said. But I want to renew certificate, I get this error:
Code: 
Cannot find /home/user_account/domains/user_account.com/public_html/.well-known/acme-challenge. Create this path, ensure it's chowned to the User.
I has been set letsencrypt = 1 in directadmin.conf
 
It's cool we can use Letsencrypt to also manage the hostname certificate for exim/ftp/dovecot/DA itself - is there a way to make that a multidomain cert? e.g. I'd like it to include the server hostname, but also mail/mailserver.<hostname> and ftp.<hostname>. Then DA can use that multi domain certificate automatically for exim/ftp/dovecot/DA itself as a multi-domain.
 
nielsh said:
It's cool we can use Letsencrypt to also manage the hostname certificate for exim/ftp/dovecot/DA itself - is there a way to make that a multidomain cert? e.g. I'd like it to include the server hostname, but also mail/mailserver.<hostname> and ftp.<hostname>. Then DA can use that multi domain certificate automatically for exim/ftp/dovecot/DA itself as a multi-domain.
Click to expand...

That would really be a killer feature to have. Maybe you should also post this as a separate feature request on the Forum: Feedback & Feature Requests?
 
ekivit said:
Hi all!
I'm using apache on DA.
I used the alpha install (DA 1.49?) to test Let's Encrypt and it worked in a broken way (it generated the certificates but It didn't use them in httpd.conf, instead it used self-signed certs in httpd.conf and I manually corrected httpd.conf every time). Now the 1.50 DA was released, I updated to it. and when I tried generating new certs with Let's Encrypt, it throws me the same invalid work error other people have in this thread. OK, I followed some guides in here and I found my problem. I have http to https redirection all of my domains and when Let's Encrypt is trying to validate my domain with the .well-known directory, it re-directs it to https and it will not be able to access .well-known directory. Could someone give some advice on getting this working somehow?

Best Regards,
E. Kivit
Click to expand...

Please use letsencrypt=1 instead of letsencrypt=2 in directadmin.conf.
 
When I try to create a TLS certificate for the hostname I get the following error message:
Code: 
[root@srv1 custombuild]# cd /usr/local/directadmin/scripts
[root@srv1 scripts]# ./letsencrypt.sh request srv1.domain.com 4096
Setting up certificate for a hostname: srv1.domain.com
Getting challenge for srv1.domain.com from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: DNS problem: SERVFAIL looking up A for srv1.domain.com. Exiting...

Apache is listening on port 8080
Varnish is listening on port 80
Certificate requests for user domains just works fine.

What can be cause this fault?

Below the results of 'cat /var/named/srv1.domain.com.db':
Code: 
[root@srv1 ~]# cat /var/named/srv1.domain.com.db

$TTL 14400
@       IN      SOA     ns1.domain.com.      hostmaster.srv1.domain.com. (
                                                2016031401
                                                14400
                                                3600
                                                1209600
                                                86400 )

srv1.domain.com.	14400	IN	NS	ns1.domain.com.
srv1.domain.com.	14400	IN	NS	ns2.domain.com.

ftp	14400	IN	A	xxx.xxx.xxx.xxx
localhost	14400	IN	A	127.0.0.1
mail	14400	IN	A	xxx.xxx.xxx.xxx
pop	14400	IN	A	xxx.xxx.xxx.xxx
smtp	14400	IN	A	xxx.xxx.xxx.xxx
srv1	14400	IN	A	xxx.xxx.xxx.xxx
srv1.domain.com.	14400	IN	A	xxx.xxx.xxx.xxx
webmail	14400	IN	A	xxx.xxx.xxx.xxx
www	14400	IN	A	xxx.xxx.xxx.xxx

srv1.domain.com.	14400	IN	MX	10 mail

_dmarc	14400	IN	TXT	"v=DMARC1; p=none; sp=none; rua=mailto:[email protected]"
srv1.domain.com.	14400	IN	TXT	"v=spf1 a mx ip4:xxx.xxx.xxx.xxx ip6:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx ~all"


[root@srv1 ~]#
 
Need help for subdomain

I installed DA in Server's Hostname (?): subdomain.domain.com
NS1: ns1.domain.com
NS2: ns2.domain.com

So, i try to run subdomain.domain.com with SSL by Let's Encrypt. But when i run
Code: 
./letsencrypt.sh request subdomain.domain.com 4096
it's show error:
Code: 
Challenge is invalid. Details: DNS problem: NXDOMAIN looking up A for www.subdomain.domain.com. Exiting...

What should i do ?
 
I think you should create a seperate zone for the sub.hostname.com in DA at 'DNS Administration' first.
 
You must log in or register to reply here.
Back
Top