Hi, I know what you are thinking. There is plenty of similar topics already. YES I have probably read all of them in DA forum, most of them in tetsencrypt's forum. I have tried many different guides as well. After trying many different things I'm starting to realise that some of the guides might try to achieve something else than what I want, so first I'm gonna describe very detialed exactly what I'm trying to do / what I want and a detailed overview of my system configuration.
I want to provide https for my domain zitecraft-dev.cloud.tilaa.com, so that when I enter zitecraft-dev.cloud.tilaa.com/whatever it will be on a secure line, I want to use letsencrypt or certbot or something similar that can create certificates that are trusted, and auto renew them.
I dont want: to secure (gain ssl) when loggin in to directAdmin control panel (the ip 84.22.xx.xxx:2222) I don't want to buy a certificate and insert manually, I dont want to create a selfsigned certificate - unless it can be trusted for whoever visits the site and autorenewd.
My system:
Guides I have tried to follow:
https://help.directadmin.com/item.php?id=648 -> Yes, after completing all steps i can choose "free & automatic certificate from letsencrypt" but I do not gain SSL/https after choosing that option.
https://help.directadmin.com/item.php?id=629 -> Yes, BUT /usr/local/directadmin/conf/carootcert.pem does not exist on my system so when trying service directadmin restart stop [fail] start [ok]
https://www.mervcodes.com/setup-lets-encrypt-f..../ -> Will this even work with direct admin configurations, tried to get help on letsencrypts forum but they got confused due to the DA confs,
Step by step i tried - based on: https://support.tilaa.com/hc/en-us/articles/228652367-Install-Let-s-Encrypt-SSL-certificate
This also didn't work, I looked in the directadmin.conf
carootcert=/usr/local/directadmin/conf/carootcert.pem would cause a problem since /usr/local/directadmin/conf/carootcert.pem was never created
cacert=/usr/local/directadmin/conf/cacert.pem doesn't make sense to me since no cacer.pem was ever created
cakey=/usr/local/directadmin/conf/cakey.pem doesn't make sense to me since no cakey.pem was ever created
Question: Is this a guide to setup SSL between me and the directadmin control panel? because that is not very clear when I read the guide, and it is not what I'm trying to achieve.
Other thoughts
Shouldn't i have to setup a virtual host some how? in that case will i have to do this in the DA control panel? or?
Which file is the actual configuration of these following:
I have opened /etc/httpd/httpd.conf for curiousity (not sure if its the right one) its says:
#######################################################################################
# Do not change anything in included files, because they are rewritten by DirectAdmin #
#######################################################################################
.
.
.
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
Thanks
If anyone can help me resolve this, I will write a full guide on how to set it up for dummies (like me) with do's and dont's based on all other guide available, and troubleshooting whith all issues I have encountered. The more I browsed the more it is clear to me that setting up SSL is not easy unless you have either decent experience with apache, letsencrypt, multiple linux verions, etc.
I want to provide https for my domain zitecraft-dev.cloud.tilaa.com, so that when I enter zitecraft-dev.cloud.tilaa.com/whatever it will be on a secure line, I want to use letsencrypt or certbot or something similar that can create certificates that are trusted, and auto renew them.
I dont want: to secure (gain ssl) when loggin in to directAdmin control panel (the ip 84.22.xx.xxx:2222) I don't want to buy a certificate and insert manually, I dont want to create a selfsigned certificate - unless it can be trusted for whoever visits the site and autorenewd.
My system:
Code:
OS: centOS 6.5
Apache 2.2.27
DirectAdmin 1.52.0
Exim 4.82
MySQL 5.5.31
Named 9.8.2rc1
ProFTPd 1.3.4d
sshd
dovecot 2.2.12
Php 5.4.27
Guides I have tried to follow:
https://help.directadmin.com/item.php?id=648 -> Yes, after completing all steps i can choose "free & automatic certificate from letsencrypt" but I do not gain SSL/https after choosing that option.
https://help.directadmin.com/item.php?id=629 -> Yes, BUT /usr/local/directadmin/conf/carootcert.pem does not exist on my system so when trying service directadmin restart stop [fail] start [ok]
https://www.mervcodes.com/setup-lets-encrypt-f..../ -> Will this even work with direct admin configurations, tried to get help on letsencrypts forum but they got confused due to the DA confs,
Step by step i tried - based on: https://support.tilaa.com/hc/en-us/articles/228652367-Install-Let-s-Encrypt-SSL-certificate
Code:
step 1: login to direct admin, go to plugins/updates request directAdmin update to 1.5+
step 2: enable letsencrypt
cmd: echo "letsencrypt=1" >> /usr/local/directadmin/conf/directadmin.conf
step 3:
cmd: echo "enable_ssl_sni=1" >> /usr/local/directadmin/conf/directadmin.conf
cmd: service directadmin restart
output stopping DirectAdmin: [ok]
starting DirectAdmin: [ok]
cmd: cd /usr/local/directadmin/custombuild
cmd: ./build update
cmd ./build rewrite_confs
output unable to detect your server IP. please enter it:
cmd 84.22.xx.xxx
output stopping httpd: [ok]
starting httpd:
step 4.0: install script
cmd: cd /usr/local/directadmin/scripts
cmd: ./letsencrypt.sh request your.hostname.com 4096
Step 5: enable SSL in DA
cmd cd /usr/local/directadmin/conf
cmd sed -i 's/SSL=0/SSL=1/' directadmin.conf
cmd echo "carootcert=/usr/local/directadmin/conf/carootcert.pem" >> directadmin.conf
cmd echo "force_hostname=your.hostname.com" >> directadmin.conf
cmd echo "ssl_redirect_host=your.hostname.com" >> directadmin.conf
cmd service directadmin restart
output [OK]
[OK]
This also didn't work, I looked in the directadmin.conf
carootcert=/usr/local/directadmin/conf/carootcert.pem would cause a problem since /usr/local/directadmin/conf/carootcert.pem was never created
cacert=/usr/local/directadmin/conf/cacert.pem doesn't make sense to me since no cacer.pem was ever created
cakey=/usr/local/directadmin/conf/cakey.pem doesn't make sense to me since no cakey.pem was ever created
Question: Is this a guide to setup SSL between me and the directadmin control panel? because that is not very clear when I read the guide, and it is not what I'm trying to achieve.
Other thoughts
Shouldn't i have to setup a virtual host some how? in that case will i have to do this in the DA control panel? or?
Which file is the actual configuration of these following:
Code:
locate httpd.conf
/etc/httpd/httpd.conf
/etc/httpd/httpd.conf_2.0
/etc/httpd/original/httpd.conf
/usr/local/directadmin/custombuild/configure/ap1/conf/httpd.conf
/usr/local/directadmin/custombuild/configure/ap2/conf/httpd.conf
/usr/local/directadmin/custombuild/configure/ap2/conf/httpd.conf_2.0
/usr/local/directadmin/data/templates/httpd.conf
/usr/local/directadmin/data/users/admin/httpd.conf
I have opened /etc/httpd/httpd.conf for curiousity (not sure if its the right one) its says:
#######################################################################################
# Do not change anything in included files, because they are rewritten by DirectAdmin #
#######################################################################################
.
.
.
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
Thanks
If anyone can help me resolve this, I will write a full guide on how to set it up for dummies (like me) with do's and dont's based on all other guide available, and troubleshooting whith all issues I have encountered. The more I browsed the more it is clear to me that setting up SSL is not easy unless you have either decent experience with apache, letsencrypt, multiple linux verions, etc.