Webmail on subdomain with Let's Encrypt SSL

[factor]

What webserver do you have?
The one you did is for apache.

 

[factor]

No webmail selection available in Let's Encrypt Certificate Entries

in the user panel of the domain, you have to select the Webmail entry.

 

[hakabe]

in the user panel of the domain, you have to select the Webmail entry.

Thanks for replying!

I tried that, but there's no Webmail entry available. Also, the config made all my websites to go down.

So I did as posted in the original post - the tutorial at https://help.directadmin.com/item.php?id=92 and the rest I followed step-by-step. After getting fails (Debug mode. Level 10 dataskq: command: action=rewrite&value=httpd), there's few things I started thinking:

1. The configs are almost identical to the one in tutorial. Why make another config?
2. Does spamming almost identical configs twice make my sites crash? I mean there's the tutorial one and and this.
3. I am seeing: httpd: Syntax error on line 215 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf/extra/directadmin-vhosts.conf: Syntax error on line 113 of /usr/local/directadmin/data/users/admin/httpd.conf: </VirtualHost>[/COLOR] without matching <VirtualHost>[/COLOR] section. -Why is there a COLOR option? Does the script find ssl enabled domains based on color?

Oh well, time to call it for today and start poking again tomorrow.

 

[factor]

but there's no Webmail entry available

if you don't see it. you might not have an A Record in DNS for webmail and or haven't set the letsencrypt list up with webmail in the directadmin.conf

Version 1.50.1 | Directadmin Docs

DirectAdmin Knowledge Base

www.directadmin.com

OPTIONS in the directadmin.conf,
letsencrypt_list=www:mail:ftpop:smtp:webmail <<< add here
letsencrypt_list_selected=www:webmail <<< add here. whatever you put here will be automatically seleted in the user area..

1. The configs are almost identical to the one in tutorial. Why make another config?

by using a custom config
/usr/local/directadmin/data/templates/custom/virtual_host2.conf.CUSTOM.4.post
It won't get overwritten by

 ./build rewrite_conf

[/COLOR]

I think you copied/pasted from the website and got HTML tags in the config

 

[hakabe]

if you don't see it. you might not have an A Record in DNS for webmail and or haven't set the letsencrypt list up with webmail in the directadmin.conf

Version 1.50.1 | Directadmin Docs

DirectAdmin Knowledge Base

www.directadmin.com

OPTIONS in the directadmin.conf,
letsencrypt_list=www:mail:ftpop:smtp:webmail <<< add here
letsencrypt_list_selected=www:webmail <<< add here. whatever you put here will be automatically seleted in the user area..


by using a custom config
/usr/local/directadmin/data/templates/custom/virtual_host2.conf.CUSTOM.4.post
It won't get overwritten by

 ./build rewrite_conf

I think you copied/pasted from the website and got HTML tags in the config

Thanks, I'll try these.

And to be clear, these COLOR codes should not be added either? And if not, why is there such added in the code snippet?

Code:
letsencrypt_list=www:mail:ftpop:smtp:webmail
If you want to apply it by default, add the following line to the directadmin.conf to:
Code:
letsencrypt_list_selected=www:webmail

 

[hakabe]

Ok, so after removing the extra COLOR etc scrap the forum software yielded, I was able to create the certificate successfully. The https:://webmail.domain.com works as intended. However, the https redirect does not work (http://webmail.domain.com only reports "too many redirects"). So the this HOWTO is missing the adequate http to https redirect.

.htaccess redirect did not work for my setup.

I did the rewrite rule by editing the virtual_host2.conf.CUSTOM.4.post.

<VirtualHost |IP|:|PORT_80| |MULTI_IP|>
ServerName webmail.|DOMAIN|
Redirect / https://webmail.|DOMAIN|

It works for me, but the best practice would include the "if" cond for ^/((?!.well-known) so when requesting a new certificate, it would to use http when matching .well-known folder request.

Edit: I wish all the automatic smileys, color tags etc would be removed from the BBS to avoid config errors.

 

[Richard G]

Edit: I wish all the automatic smileys, color tags etc would be removed from the BBS to avoid config errors.

Smilies are nice on a forum. You might want to learn to use code tags for codes as are present on all forum systems.

 

[edthenet]

The guide based on https://help.directadmin.com/item.php?id=92 worked and wanted subdomain ssl. However following this guide step-by-step, I was unable to get it working.

I'm getting:
"Debug mode. Level 10

dataskq: command: action=rewrite&value=httpd"

No webmail selection available in Let's Encrypt Certificate Entries

You probably didn't add the RedirectMatch line

<VirtualHost |IP|:|PORT_80| |MULTI_IP|>
ServerName webmail.|DOMAIN|
ServerAdmin |ADMIN|
RedirectMatch 301 ^/((?!.well-known).*)$ http://webmail.|DOMAIN|/$1
DocumentRoot /var/www/html/roundcube
CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
</VirtualHost>

 

[edthenet]

OK, I have done it all (i think)

• I have added webmail into the NDS settings
• I have added webmail into apache and nginx files
• The webmail.domain.xxx redirection is working
• I have generated new SSL certificates with LetsEncrypt
• I have rewritten the configs
• I have set de ssl=1 variable

I do however still get the ssl certificate from the server instead of the domain. Since i want to use HSTS this is a mayor issue.
Can someone tell what i have to do now?