DirectAdmin 1.53.1 has been released

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,158
Hello!

We're please to announce the release of DirectAdmin 1.53.1.

Full release details are here:
https://www.directadmin.com/versions.php?version=1.531000

There are several new features and bug-fixes in this release:

Some new features


Some bug fixes


Enjoy!

John
 
Thank you! Great news about Let's Encrypt wildcard support! I have not tested it yet, but hope I can ask a question in advance of updating my servers. If I install Let's Encrypt wildcard certificate for a domain, and then create a subdomain directly as a domain pointer alias, will that subdomain I created as a domain pointer alias have a valid certificate? If not, please consider this a feature request.
 
Thank you. I have tested Let's Encrypt wildcard on my domains. Worked for others but did not work for my .pw domain. Generating a non-wildcard certificate works fine for the .pw domain but generating a wildcard generates me the following error:

Found wildcard domain name and http-01 challenge type, switching to dns-01 validation.
Requesting new certificate order...
Processing authorization for cheazey.pw...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
DNS challenge test fail for _acme-challenge.cheazey.pw IN TXT "-EILjTXkKFQfU0yFvHVrLryXo6_lWrr4gloMhHKe_qM", retrying...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Retry failed, trying again in 15s...
grep: invalid option -- 'j'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
DNS validation failed. Exiting...
 
Thank you! Great news about Let's Encrypt wildcard support! I have not tested it yet, but hope I can ask a question in advance of updating my servers. If I install Let's Encrypt wildcard certificate for a domain, and then create a subdomain directly as a domain pointer alias, will that subdomain I created as a domain pointer alias have a valid certificate? If not, please consider this a feature request.

If you create a normal 'subdomain' under the domain, it will automatically get that certificate.
If you create an alias under domain.com, the domainpointer.com or pointer.domain.com as a Domain Alias (key-word: alias), the pointer.domain.com will be secured, but domainpointer.com would not be.
The "pointer" version of the domain pointer (non-alias) would have it's own VirtualHost so that case is different.. but going on memory, I believe it might fall under the same category, as if my memory is correct, it's using the domain's main certfiicate too.. so again pointer.domain.com would be secured, but domainpointer.com would not be (a new LE request would be needed)

Aside from that, creating "full" domains as sub.domain.com or otherdomain.com would not be secured, since they have their own SSL Management control area.

------

@Cheazey: please create a ticket, as we'd need more info, possibly to check the box:
https://tickets.directadmin.com

John
 
I've enabled dns_tls=1 but I'm not seeing any wildcard setting. Does this mean DA detects wildcard support isn't possible due to the used DNS settings?
 
After enabling encryption on our daily scheduled backup, we got the following error message on all users:

Error Compressing the backup file /backup/admin/backup/home.tar.gz : /bin/tar: .pki: Cannot open: Permission denied
/bin/tar: Exiting with failure status due to previous errors

Encryption of /backup/admin.root.admin.tar.gz has failed: Error opening /backup/admin.root.admin.tar.gzadwZtO for writing: Permission denied
encrypt_file: error writing password to temp file.

The backups are saved on a secondary drive mounted as /backup
 
I've enabled dns_tls=1 but I'm not seeing any wildcard setting. Does this mean DA detects wildcard support isn't possible due to the used DNS settings?

Did you restart DA? After that there should be a checkbox for wildcard on your ssl cert page.
 
Did you restart DA? After that there should be a checkbox for wildcard on your ssl cert page.
Yes. I added dns_tls=1 to directadmin.conf, restarted DA, rechecked to see if dns_tls was still set, but I don't see any checkbox on the SSL cert page.

Edit: if I toggle the radio buttons from "Free & automatic certificate from Let's Encrypt" to "Create A Certificate Request" back and forth, then the checkbox suddenly does pop up. Probably just my browser/cache acting up.
 
Last edited:
Letsencrypt wildcard ssl does not work for me. After adding dns_ttl=1 to directadmin.conf I have the wildcard option.
But requesting a certificate with or without wildcard checkbox checked results in an error.
Removing dns_ttl=1 and then requesting a certificate goes OK.

I have submitted these problems with my webhoster and he is escalating the issue. I assume here at DA via the ticket system.

Problems with dns_ttl=1:

Wildcard checked:
Code:
Found wildcard domain name and http-01 challenge type, switching to dns-01 validation.
Requesting new certificate order...
Processing authorization for verzameling.org...
DNS challenge test fail for _acme-challenge.verzameling.org IN TXT "23QUEmCcWsbDaFq4tabcufAn2jpo56IcQZ9TZfflRWY", retrying...
Retry failed, trying again in 15s...
and 18 times more ....
Retry failed, trying again in 15s...
DNS validation failed. Exiting...

Wildcard NOT checked:
Code:
Cannot Execute Your Request

Details

Requesting new certificate order...
Processing authorization for base.gebruikers-groep.be...
Challenge is valid.
some more subdomains
Processing authorization for telenet.gebruikers-groep.be...
Challenge is valid.
Processing authorization for www.gebruikers-groep.be...
Challenge is valid.
Generating 4096 bit RSA key for gebruikers-groep.be...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/someuser/domains/gebruikers-groep.be.key.new"
Generating RSA private key, 4096 bit long modulus
............................................................................................................++
...................................................++
e is 65537 (0x10001)
Unable to find certificate. Something went wrong. Printing response...
Error finalizing order :: Unable to meet CA SCT embedding requirements
 
Last edited:
Letsencrypt wildcard ssl does not work for me. After adding dns_ttl=1 to directadmin.conf I have the wildcard option.
But requesting a certificate with or without wildcard checkbox checked results in an error.
Removing dns_ttl=1 and then requesting a certificate goes OK.

I have submitted these problems with my webhoster and he is escalating the issue. I assume here at DA via the ticket system.

Problems with dns_ttl=1:

Wildcard checked:
Code:
Found wildcard domain name and http-01 challenge type, switching to dns-01 validation.
Requesting new certificate order...
Processing authorization for verzameling.org...
DNS challenge test fail for _acme-challenge.verzameling.org IN TXT "23QUEmCcWsbDaFq4tabcufAn2jpo56IcQZ9TZfflRWY", retrying...
Retry failed, trying again in 15s...
and 18 times more ....
Retry failed, trying again in 15s...
DNS validation failed. Exiting...

Wildcard NOT checked:
Code:
Cannot Execute Your Request

Details

Requesting new certificate order...
Processing authorization for base.gebruikers-groep.be...
Challenge is valid.
some more subdomains
Processing authorization for telenet.gebruikers-groep.be...
Challenge is valid.
Processing authorization for www.gebruikers-groep.be...
Challenge is valid.
Generating 4096 bit RSA key for gebruikers-groep.be...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/someuser/domains/gebruikers-groep.be.key.new"
Generating RSA private key, 4096 bit long modulus
............................................................................................................++
...................................................++
e is 65537 (0x10001)
Unable to find certificate. Something went wrong. Printing response...
Error finalizing order :: Unable to meet CA SCT embedding requirements

Is verzameling.org (46.249.37.37) on the same server as ns1.ispnoc.eu (46.249.53.249) and ns2.ispnoc.net (178.18.95.146) ? For wildcard certs to work, DNS needs to be hosted on the same server as domain.
 
Is verzameling.org (46.249.37.37) on the same server as ns1.ispnoc.eu (46.249.53.249) and ns2.ispnoc.net (178.18.95.146) ? For wildcard certs to work, DNS needs to be hosted on the same server as domain.

No I guess not. In DA I control DNS records via DA DNS Management, but the nameservers are provided by my webhoster.
I red the remark: "only for DA controlled DNS" but thought I controll DNS records via DA DNS Management, nameservers weren't mentioned.

I can make my own nameserver aliases though. Would that help?

How can I use your DNS service whitelabel?

Create the domain in DirectAdmin
Create two A records:
ns1 A 46.249.37.254
ns2 A 178.18.95.146
Create two AAAA records (for IPv6)
ns1 AAAA 2a00:1ca8:e:4:0:0:e78:fa0f
ns2 AAAA 2a02:348:63:5f92:0:0:0:1
Wait 2-3 minutes so the nameserver can update the settings.
Update the nameserver of mynameserver.com with your registrar with the new nameservers and the IP’s. If you don’t know how to do this or if you don’t have an option to update these settings contact the registrar.
Once you’ve done that you can use ns1.mynameserver.com and ns2.mynameserver.com for all your other domains.
 
Regarding /home/*/tmp folders that are now used by php-fpm sessions, are these also included in the backup? nvm, just found the excluded folders list, it's not

Also: if I remember correctly the config files (./build rewrite_confs) were automatically updated after a DA update, but that was not the case with this update. Am I remembering it wrong or it is recommended to manually do ./build rewrite_confs after an DA update? And is the /home/*/tmp folder for every user automatically created now if it doesn't exist with ./build rewrite_confs?
 
Last edited:
I'm seeing many people referring to
Code:
dns_tls=1
This setting does not exist.. not sure where it's coming from.

The setting for wildcards is:
Code:
dns_ttl=1
If I've made a typo somewhere, let me know.. as it's dns_ttl and not dns_tls :)

Regarding /home/user/tmp, no it's not in the backup. It's one of the several skipped folders.

The ./build rewrite_confs is used if you need to re-write the configs. For the ~/tmp method, yes, it could be done to get it immediately.
Else it would just happen the next time a User's httpd.conf or php-fpmXX.conf file is rewritten, via other methods (like adding a subdomain, etc).

John
 
I have been testing wildcard certificates now, and it seems to work very well. I only have one small feature request:

I am using the Enhanced skin: When a wildcard certificate is already installed, and after coming back to the SSL page at ../CMD_SSL?domain=domain.com and clicking "Free & automatic certificate from Let's Encrypt", then the checkbox for "Wildcard" is not already checked. When wildcard certificate is alreday installed, it would be nice if the checkbox could stay checked afterwards also. Could this be implemented?
 
Any information regarding backup encryption not working correctly?
 
What exactly is not working correctly? It's working on my end since a pre-release....
 
I have been testing wildcard certificates now, and it seems to work very well. I only have one small feature request:

I am using the Enhanced skin: When a wildcard certificate is already installed, and after coming back to the SSL page at ../CMD_SSL?domain=domain.com and clicking "Free & automatic certificate from Let's Encrypt", then the checkbox for "Wildcard" is not already checked. When wildcard certificate is alreday installed, it would be nice if the checkbox could stay checked afterwards also. Could this be implemented?

Added. Checkbox will be pre-checked if the current cert host list contains "*."

John
 
What exactly is not working correctly? It's working on my end since a pre-release....

I posted the error earlier in this topic, but here it is again:

Error Compressing the backup file /backup/admin/backup/home.tar.gz : /bin/tar: .pki: Cannot open: Permission denied
/bin/tar: Exiting with failure status due to previous errors

Encryption of /backup/admin.root.admin.tar.gz has failed: Error opening /backup/admin.root.admin.tar.gzadwZtO for writing: Permission denied
encrypt_file: error writing password to temp file.
 
That's probably a permission issue, check:
Code:
ls -lad /backup
ls -lad /backup/admin
as it needs to be writable by admin, but a+x as well, as sub-folders are created, owned by the User, to run tar as that User. So something like:
Code:
chown admin:admin /backup/admin
chmod 711 /backup /backup/admin
Beyond that, test on a default path, like /home/admin/admin_backups.

John
 
Back
Top