Setting https up with LetsEncrypt on centOS 6.5, apache 2.2, DirectAdmin 1.5+ - how?

rpuls

New member
Joined
Oct 19, 2017
Messages
4
Hi, I know what you are thinking. There is plenty of similar topics already. YES I have probably read all of them in DA forum, most of them in tetsencrypt's forum. I have tried many different guides as well. After trying many different things I'm starting to realise that some of the guides might try to achieve something else than what I want, so first I'm gonna describe very detialed exactly what I'm trying to do / what I want and a detailed overview of my system configuration.

I want to provide https for my domain zitecraft-dev.cloud.tilaa.com, so that when I enter zitecraft-dev.cloud.tilaa.com/whatever it will be on a secure line, I want to use letsencrypt or certbot or something similar that can create certificates that are trusted, and auto renew them.

I dont want: to secure (gain ssl) when loggin in to directAdmin control panel (the ip 84.22.xx.xxx:2222) I don't want to buy a certificate and insert manually, I dont want to create a selfsigned certificate - unless it can be trusted for whoever visits the site and autorenewd.

My system:
Code:
OS: centOS 6.5
Apache 2.2.27
DirectAdmin 1.52.0
Exim 4.82
MySQL 5.5.31
Named 9.8.2rc1
ProFTPd 1.3.4d
sshd
dovecot 2.2.12
Php 5.4.27

Guides I have tried to follow:
https://help.directadmin.com/item.php?id=648 -> Yes, after completing all steps i can choose "free & automatic certificate from letsencrypt" but I do not gain SSL/https after choosing that option.
https://help.directadmin.com/item.php?id=629 -> Yes, BUT /usr/local/directadmin/conf/carootcert.pem does not exist on my system so when trying service directadmin restart stop [fail] start [ok]
https://www.mervcodes.com/setup-lets-encrypt-f..../ -> Will this even work with direct admin configurations, tried to get help on letsencrypts forum but they got confused due to the DA confs,


Step by step i tried - based on: https://support.tilaa.com/hc/en-us/articles/228652367-Install-Let-s-Encrypt-SSL-certificate
Code:
step 1: login to direct admin, go to plugins/updates request directAdmin update to 1.5+
step 2: enable letsencrypt
cmd: echo "letsencrypt=1" >> /usr/local/directadmin/conf/directadmin.conf	
step 3:
cmd:	echo "enable_ssl_sni=1" >> /usr/local/directadmin/conf/directadmin.conf
cmd: service directadmin restart
output	stopping DirectAdmin: [ok]
		starting DirectAdmin: [ok]

cmd: cd /usr/local/directadmin/custombuild
cmd:	./build update
cmd	./build rewrite_confs
output	unable to detect your server IP. please enter it:
cmd 	84.22.xx.xxx
output	stopping httpd: [ok]
		starting httpd:

step 4.0: install script					
cmd: cd /usr/local/directadmin/scripts
cmd:	./letsencrypt.sh request your.hostname.com 4096

Step 5: enable SSL in DA
cmd	cd /usr/local/directadmin/conf
cmd	sed -i 's/SSL=0/SSL=1/' directadmin.conf			
cmd	echo "carootcert=/usr/local/directadmin/conf/carootcert.pem" >> directadmin.conf
cmd	echo "force_hostname=your.hostname.com" >> directadmin.conf
cmd 	echo "ssl_redirect_host=your.hostname.com" >> directadmin.conf			
cmd	service directadmin restart
output	[OK]
		[OK]

This also didn't work, I looked in the directadmin.conf
carootcert=/usr/local/directadmin/conf/carootcert.pem would cause a problem since /usr/local/directadmin/conf/carootcert.pem was never created
cacert=/usr/local/directadmin/conf/cacert.pem doesn't make sense to me since no cacer.pem was ever created
cakey=/usr/local/directadmin/conf/cakey.pem doesn't make sense to me since no cakey.pem was ever created

Question: Is this a guide to setup SSL between me and the directadmin control panel? because that is not very clear when I read the guide, and it is not what I'm trying to achieve.


Other thoughts
Shouldn't i have to setup a virtual host some how? in that case will i have to do this in the DA control panel? or?
Which file is the actual configuration of these following:
Code:
locate httpd.conf
/etc/httpd/httpd.conf
/etc/httpd/httpd.conf_2.0
/etc/httpd/original/httpd.conf
/usr/local/directadmin/custombuild/configure/ap1/conf/httpd.conf
/usr/local/directadmin/custombuild/configure/ap2/conf/httpd.conf
/usr/local/directadmin/custombuild/configure/ap2/conf/httpd.conf_2.0
/usr/local/directadmin/data/templates/httpd.conf
/usr/local/directadmin/data/users/admin/httpd.conf

I have opened /etc/httpd/httpd.conf for curiousity (not sure if its the right one) its says:
#######################################################################################
# Do not change anything in included files, because they are rewritten by DirectAdmin #
#######################################################################################
.
.
.
# Virtual hosts
Include conf/extra/httpd-vhosts.conf

Thanks
If anyone can help me resolve this, I will write a full guide on how to set it up for dummies (like me) with do's and dont's based on all other guide available, and troubleshooting whith all issues I have encountered. The more I browsed the more it is clear to me that setting up SSL is not easy unless you have either decent experience with apache, letsencrypt, multiple linux verions, etc.
 
Hello,

Did you type commands

Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request your.hostname.com 4096

as they are shown? Or you replaced your.hostname.com with a real hostname? If your hostname is zitecraft-dev.cloud.tilaa.com then you should type

Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [COLOR=#333333]zitecraft-dev.cloud.tilaa.com [/COLOR]4096

And what output of the command you have?


p.s. The same way you should use your real hostname in other commands instead of your.hostname.com.
 
And by the way if you really have Apache 2.2, then it would mean you have custombuild 1.x, and it might not support Let's Encrypt. I'm not sure here, so please anybody who still runs Custombuild 1.x share your experience with it.
 
Thanks.

Well, never tried that command
Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request your.hostname.com 4096
Will give that a shot next wednesday when i can be issued more certificates from LE.

And btw yes i typed in my real host name ofc ;)

Since centOS 6.5 can (by it self) update apache further i'm stuck with 2.2. would you suggest that i try to install apache 2.4 from another repo and then my custom build should support it ?

Thanks a lot.
Rasmus
 
wait a minute. i was confused

Well, never tried that command
Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request your.hostname.com 4096

Rasmus

Wait a minut i confused myself there. I did run that command yes and the output was an error at first,
but then i went into the DA controlpanel, requested the certificate from there (free & automatic citificate with letsencrypt)
I put the email in ticked my host name zitec......com and deselected www.zitec.....com which then says success

back in the command line i ran
Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request your.hostname.com 4096
again, now with no error. so i proceeded to step 5 from my guide.

cmd cd /usr/local/directadmin/conf
cmd sed -i 's/SSL=0/SSL=1/' directadmin.conf
check that SSL=1 (vim directadmin.conf) first line

Code:
echo "carootcert=/usr/local/directadmin/conf/carootcert.pem" >> directadmin.conf
echo "force_hostname=zitecraft-dev.cloud.tilaa.com" >> directadmin.conf		
echo "ssl_redirect_host=zitecraft-dev.cloud.tilaa.com" >> directadmin.conf
service directadmin restart

it restarts with ok, ok (first time). nothing have changed however, if i new try to go to the DA control panel it refuses to connect.
i remember from some log file that it complains about missing .pem file. if i toggle SSL=0 again, i can connect to DA control panel
over th IP again.

with the vim ecitor i opened the directadmin.conf file and noticed that there location where the cetificates should be doesn't exist
in my server directories. So lestencrypt never placed the certificated where they are suppesed to be ?

corootcert.pem does not exists at all neither the directory og the .pem file. same gose for the path to the cert and key specified in the directadmin.conf...

could this be because custombuild doesnt work on apache 2.2 ?

Regards Rasmus.

ps. i cannot run the command again to reproduce the error output since i now get another error, "too many certificates issued" so i will have to wait until nex wednesday for that. :/
 
You create a cert for Directadmin with the commands:

Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request your.hostname.com 4096

Apache 2.2 won't stop directadmin from creating a cert for Directadmin itself.

If you have Apache 2.2 it might mean that either you run custombuild 1.x or apache is installed from rpm.

Code:
./build version
will show what version of custombuild you have.

If you run apache 2.2 installed from CentOS repo I hardly can help you in terms of these forums, as it will take too much time for learning how you run things. So you might need to migrate to Apache installed by CustomBuild.
 
Back
Top