DirectAdmin 1.50.1 Release Candidate

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,158
Hello,

We're pleased to announce the Release Candidate for DirectAdmin 1.50.1.

Version: 1.50.1 RC1

This is a minor bugfix release, mainly for the new LetsEncrypt feature,
but also includes various small features and changes.
The full list can be found here.

New Features:


Bug Fixes:


To try out these binaries now, please go to the pre-release section in your /clients account to download them.
Please let us know if you find any issues, and also if a particular feature is working correctly.

Thanks!

John
 
I have been using this RC since it was announced and it's been working great. LetsEncrypt is working again and its far easier now to create a certificate.

Is there a way to hide what records are added to the certificate and use a preset list for certain users? I'm afraid of some users just selecting everything since they don't understand (or know) LetsEncrypt limits and might run into problems.

Thanks!

Jose
 
You can change the default value, and selected values:
https://www.directadmin.com/features.php?id=1851
It does not use the dns to assemble the list, but the creation of the script uses curl to pre-check each selected value.

Also, setting letsencrypt_multidomain_cert=1 in the directadmin.conf will hide other domains and pointers, making it simpler.
The internal default is 2.

John
 
I already have: letsencrypt_multidomain_cert=1 set in my directadmin.conf file, yet my users will still see their domain pointers as well as all their subdomains and the predetermined list.

As a precaution I updated to the latest prerelease binaries before posting this.
 
Ah, thanks for the clarification.
I've gone over the code and 2 was only applicable to pointers for "Additional Domains".
Pointers for the main domain were always being added.
I've wrapped the main domain's pointers in an "if" for =2, uploading fix in 20 minutes.

John
 
Hello John,

I still got the same results after updating today to the latest pre release binaries.

Jose
 
Sorry, I forgot to specify that you'd need to set it to 0, eg:
Code:
l[COLOR=#333333]etsencrypt_multidomain_cert=0
which will hide other domains and pointers.
There isn't currently a way to hide subdomains, but you can alter the pre-determined list via setting if you wish.

John[/COLOR]
 
also an error here :(

Cannot Execute Your Request

Details

Generating 4096 bit RSA key for let's encrypt account...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/xxx/letsencrypt.key"
Generating RSA private key, 4096 bit long modulus
.....++
...................................++
e is 65537 (0x10001)
Account has been registered.
Getting challenge for charigift.eu from acme-server...
Error: http://xxx.xx/.well-known/acme-challenge/letsencrypt_1465596390 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
 
Test manually, eg:
Code:
echo "test" > /var/www/html/.well-known/acme-challenge/test.txt
/usr/local/bin/curl -I -X GET http://www.xxx.xx/.well-known/acme-challenge/test.txt; echo $?
to see what you get.

Ensure you've got it enabled and set to 1 (not 2) in the directadmin.conf:
Code:
cd /usr/local/directadmin
./directadmin c | grep letsencrypt=
and ensure you see the .well-known Alias in the httpd-aliases.conf
Code:
grep well-known /etc/httpd/conf/extra/httpd-alias.conf
If you don't see that alias, type:
Code:
cd /usr/local/directadmin/custombuild
./build update
./build rewrite_confs
John
 
I am also getting:-

Error: http://domain.co.uk/.well-known/acme-challenge/letsencrypt_1465633277 is not reachable. Aborting the script.

where is "letsencrypt_1465633277" coming from, there are long random strings in /var/www/html/.well-known/acme-challenge but no subdirectories or files with these names.

A file is being created upon each attempt, but the check if failed to find the files due to these damned letsencrypt subfolders

Strange this worked for the first domain I tried, but has failed ever since.
 
Last edited:
tests

Hi,

Your manual test: i do something wrong i guess because at /usr/local/bin/curl -I -X GET http://www.xxx.xx/.well-known/acme-challenge/test.txt; echo $? he says it doesnt exist

Verified letencrypt=1 (that is ok)
grep well-known /etc/httpd/conf/extra/httpd-alias.conf : did that and it didnt exist so i did your custombuild and after that it did exist.

So i tried to make a certificate but got the same error:

Getting challenge for xxx.com from acme-server...
Error: http://xxx.com/.well-known/acme-challenge/letsencrypt_1465637569 is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.

Any more suggestions would be welcome

Regards

Alex
 
echo "test" > /var/www/html/.well-known/acme-challenge/test.txt
/usr/local/bin/curl -I -X GET http://www.xxx.xx/.well-known/acme-challenge/test.txt; echo $?

gives

HTTP/1.1 200 OK
ETag: "5-575c2999-6e40eaf8230606fd"
Last-Modified: Sat, 11 Jun 2016 15:09:13 GMT
Content-Type: text/plain
Content-Length: 5
Date: Sat, 11 Jun 2016 15:09:58 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: close

cd /usr/local/directadmin
./directadmin c | grep letsencrypt=

gives

letsencrypt=1


grep well-known /etc/httpd/conf/extra/httpd-alias.conf

gives

Alias /.well-known /var/www/html/.well-known


also on my system the .well-known directory gave a directory listing so I added Options -Indexes to the .htaccess
(It does not work however with or without this addition).

Is my running litespeed causing an issue with the ./build rewrite_confs ?
 
Last edited:
OK, had a few minutes to ponder this.
Switched off BitNinja and the Firewalls and found that it always works now, so somehow the LetsEncypt IPs have got banned.

Is there a list of IPs that I should be whitelisting for this particular project?
 
I just posted a reply to the other topic about 1.50.1, didn't see this one. But I have exactly the same problem unixguru is describing here. I'm using nginx and letsencrypt=1. It worked before updating to 1.50.1 and the alias is still there:

location ^~ /.well-known {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/.well-known/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/.well-known/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}

Any ideas on how to fix this? Checked the firewall and deleted all the denied IP's, but no luck.
 
No, I don't know what BitNinja is.

I tried setting /var/www/html/.well-known to 755 like mentioned here, but still no luck.

When I look inside the acme-challenge folder, I see folder names with large strings of numbers and letters. But when using Let's Encrypt in the Directadmin interface, it tries to reach '.well-known/acme-challenge/letsencrypt_' and a string of 10 numbers after the '_'. Is that correct?

----- Edit -----

I think I found the problem by using that manual test from a few posts before:

echo "test" > /var/www/html/.well-known/acme-challenge/test.txt
/usr/local/bin/curl -I -X GET http://my.domain/.well-known/acme-challenge/test.txt; echo $?

The first time, I get:

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 12 Jun 2016 08:25:25 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://my.domain/.well-known/acme-challenge/test.txt
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

0

But when I try the test again specifically over https:


echo "test" > /var/www/html/.well-known/acme-challenge/test.txt
/usr/local/bin/curl -I -X GET https://my.domain/.well-known/acme-challenge/test.txt; echo $?

I get a better result:

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 12 Jun 2016 08:27:02 GMT
Content-Type: text/plain
Content-Length: 5
Last-Modified: Sun, 12 Jun 2016 08:26:55 GMT
Connection: keep-alive
ETag: "575d1ccf-5"
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes

0

I force redirect all my websites that do have a cert to https:

return 301 https://my.domain$request_uri;

I don't know why that wouldn't work? It did work before, so it puzzles me a bit why it fails now. The alias is correctly setup in both /etc/nginx/webapps.conf and /etc/nginx/webapps.ssl.conf:

location ^~ /.well-known {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/.well-known/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/.well-known/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}

What's going wrong here?
 
Last edited:
only domainpointers give errors

Here I only have problems with domainpointers.

When i make a certificate for the main domain, it works. But when i try to include domainpointers, it gives the error...

Regards

Alex
 
Back
Top