Page 1 of 2 12 LastLast
Results 1 to 20 of 24

Thread: Lets encrypt with multiple subdomains

  1. #1
    Join Date
    Jul 2013
    Posts
    89

    Exclamation Lets encrypt with multiple subdomains

    Hi
    i am experiencing a strange problem, i added my sub domain as main domain because i want to use domain pointers, i was using lets encrypt previously with plesk in same way and it was good .

    however in directadmin lets encrypt is not working,

    If i install license for both domain and sub-domain via direct admin only one works while other gives error of insecure connection.

    any one experience the same? or any idea how we can resolve this?

    Best Regards
    Stay blessed

  2. #2
    Join Date
    Jul 2013
    Posts
    89
    Just to add clarity , if you are using more than one domain on same client panel, only one will work with letsencrypt certificates, reason is still unknown to me. TO Directadmin Staff, Kindly create 2 to 3 domains under same user, and try to use letsencrypt on all of them, also i was using http to https redirection and i was not able to verify acme challenge as it was giving file not found error, Directadmin staff should investigate matter immediately,

    Best Regards
    Stay blessed

  3. #3
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,060
    Hello,

    Openssl version? SNI support?
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  4. #4
    Join Date
    Jul 2013
    Posts
    89
    OpenSSL 1.0.1e-fips 11 Feb 2013

    enable_ssl_sni=1
    Stay blessed

  5. #5
    Join Date
    Jul 2013
    Posts
    89
    however i enable http2 support in apache and nginx and openssl-1.0.2 was installed with them
    Stay blessed

  6. #6
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,060
    Probably if you show your real domain names (with working and broken SSL certs) we could help you further. If for any reason you don't post your domains in public please feel free to send them via PM.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  7. #7
    Join Date
    Jul 2013
    Posts
    89
    HI, i am also facing other problem, now ipad/iphones are not opening https website, but opening http without issue, that problem was never faced in Plesk panel, dont know what is wrong.

    Also kindly check your PM
    Stay blessed

  8. #8
    Join Date
    Jul 2013
    Posts
    89
    If any one got their domain working on IPHONE with lets encrypt kindly mention so that we can check what is difference if any.
    Stay blessed

  9. #9
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,060
    Tested with https://www.sslshopper.com/ssl-checker.html and https://www.ssllabs.com/ssltest/analyze.html? the both domains are working fine and they are using one SSL cert which is trusted.

    No issues found in my browser.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  10. #10
    Join Date
    Jul 2013
    Posts
    89
    Yes this is the real issue got A+ on www.ssllabs.com, compared my site with zerossl.com which is working fine on iphone and found nothing.
    Iphone is not opening any domain with https does not show any warning either but it try to load it and throw error of "server is not handling requests," while if click on bar it shows certificate error.

    It is strange, any way to resolve it?

    Regards
    Last edited by paksociety; 01-27-2017 at 10:51 AM.
    Stay blessed

  11. #11
    Join Date
    Jul 2013
    Posts
    89
    HI, at this time i am using single domain so SSL is valid for all browsers except iphone/ipad. so now priority is to resolve issue with Apple.

    Also i will setup main domain and sub-domain tomorrow to explain the problem i describe in First Post.
    Stay blessed

  12. #12
    Join Date
    Jul 2013
    Posts
    89
    HI.

    i am not able to load site with https in any apple device, from logs i can see following logs:-
    httpd:-
    333.255.8.96 - - [29/Jan/2017:19:24:53 +0500] "GET /wp-login.php HTTP/1.0" 200 1745 "-" "Mozilla/5.0 (iPad; CPU OS 10_2 like Mac OS X) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0 Mobile/14C92 Safari/602.1"
    nginx:-
    333.255.8.96 - - [29/Jan/2017:19:24:16 +0500] "GET /wp-login.php HTTP/2.0" 200 1381 "-" "Mozilla/5.0 (iPad; CPU OS 10_2 like Mac OS X) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0 Mobile/14C92 Safari/602.1"

    In both logs i found this line more than once, may be 10 times so it means ipad/any apple device tried to connect again and again but server is not allowing to connect. What can be wrong here???


    Regards
    Stay blessed

  13. #13
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    398
    HTTP2 ? sofar i see yes !

    Then >

    Apache version ?
    DUTCH GERMAN, GERMAN DUTCH

  14. #14
    Join Date
    Jul 2013
    Posts
    89
    yes https2
    Server version: Apache/2.4.25 (Unix)
    Server built: Jan 22 2017 22:41:15

    using nginx as reverse proxy:-

    nginx version: nginx/1.10.1
    Stay blessed

  15. #15
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    398
    Quote Originally Posted by paksociety View Post
    yes https2
    Server version: Apache/2.4.25 (Unix)
    Server built: Jan 22 2017 22:41:15

    using nginx as reverse proxy:-

    nginx version: nginx/1.10.1
    Then read also here all follow links and also scroll up and so on

    http://forum.directadmin.com/showthr...512#post278512

    http://forum.directadmin.com/showthread.php?t=54240

    http://forum.directadmin.com/showthr...488#post278488

    http://forum.directadmin.com/showthread.php?t=54170

    because a lot of probs with http2 and apache 2.4.25
    https://svn.apache.org/repos/asf/htt.../2.4.x/CHANGES
    DUTCH GERMAN, GERMAN DUTCH

  16. #16
    Join Date
    Jul 2013
    Posts
    89
    So it means problem is with http2?
    an upgrade will solve issue?

    Problem is only ipad/iphone shaving this issue, all other devices can open website without issue.


    Regards
    Stay blessed

  17. #17
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    398
    I dont''t know which probably problem in combi with http2 and apache 2.4.25 update.

    But there are a lot so you can read, maybe your problem is also one of these, or something else with the openssl versions used and or settings/configs.

    I only pointing out with that apache versions more http2 problems you could have.
    What? you should find out yourself, by asking posting your prob in the forums/ github for these Software so http2 and/or Apache and/or ningx and/or letsencrypt sorry.
    DUTCH GERMAN, GERMAN DUTCH

  18. #18
    Join Date
    Jul 2013
    Posts
    89
    The problem is not SSL as i tried using Comodo certificates too, result is same site is not opening with SSL. and only found above mentioned lines in logs, i have no clear direction as logs are not showing anything. i will try to downgrade to apache 2.4.23 on test server to check if it is apache related.
    Stay blessed

  19. #19
    Join Date
    Jul 2013
    Posts
    89
    @ ikkeben
    You are right, culprit is http2 , i disabled it on my test server from apache and nginx as well and now site is working is fine with apache 2.4.25,
    @Direct admin support can you look into this matter , a patch can be help as it is confirmed that with http2 enabled and SSL on apache 2.4.25 sites will not open on iphone/ipad. kindly look into this matter urgently, i was able to find this out because my users are in contat with me constantly and if any change to server affects them they discussed it with me immediately.

    @zEitEr Kindly read new replies.


    Regards
    Stay blessed

  20. #20
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    398
    HTTP2 support is not official in DA yet..
    Should be in next version.

    Still if possible to have some of the solutions (as in the apache v2.4.26 svn) as a kind of prefix/workarround should be kind if this is possible.

    Also this Alpha from DA
    https://www.directadmin.com/features.php?id=1884 should check with apache 2.4.25 and also the svn apache v2.4.26 svn version for problems with http2 .
    DUTCH GERMAN, GERMAN DUTCH

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •