Admin SSL shows only server Domain and 1 other Domain not all Domains

grandm1961

grandm1961

Verified User
Joined
Nov 30, 2020
Messages
37
Location
Wijhe
Hello, I have my server running and it all looks appareantly fine. Except when i checkout if SSL for instance for imap.domain.com it always shows the wrong ssl Certificate from another Domain. I have checked my admin SSL and it shows my server.domain.eu and all the other from 1 Domain but not all the other Domains. So how do i get all the other Domains in admin SSL so when one checks something either in mail or otherwise the right ssl is showing and not that from another Domain made by a reseller.

I have made a mistake somewhere but i can't seem to fix it. i have in my direcyadmin admin_ssl_cert_per_vh=1 but it still doesn't work.
Is there a way that all the Domains are going into admin SSL for direcyadmin, exit and httpd?
 
I guess he means https://[da-domain.xy]:2222/evo/admin/ssl (Menu Servermanager - AdminSSL) where the admin can view all users SSL certs.
 
johannes said:
I guess he means https://[da-domain.xy]:2222/evo/admin/ssl (Menu Servermanager - AdminSSL) where the admin can view all users SSL certs.
Click to expand...

I don't have that menu item. The is a new default install that I am looking at. When I manually go to it in the address it says something about the feature being disabled. Says contact the administrator. Well that would be me.
 
Dont know where to enable. Basically it lists all user certs.

admin ssl.jpg



and the settings:

settings.jpg


... and under "View Certificates" it gives details about the DA, exim and httpd/lightspeed certificates.
 
Last edited:
grandm1961 said:
Except when i checkout if SSL for instance for imap.domain.com
Click to expand...
I had that exact same issue too if that is what you mean. This is because imap is still not enabled by default in Directadmin. So first you have to customize some file to get imap added automatically to DNS or you have to add it manually.

However, this still won't take care about an imap SSL certificate. For that you have to add imap in your directadmin.conf file.
So change:
letsencrypt_list=www:mail:ftp:pop:smtp
to
letsencrypt_list=www:mail:ftp:pop:smtp:imap
and restart directadmin. And then you should be able to get the imap SSL.

For just all domains, use the tips already given above.
 
IMG_1172.jpeg

IMG_1173.jpeg Here are two screenshots taken from the server in admin SSL it is in Dutch but as you can see in the first screenshot you can see to look at the certicates that are used for directadmin, exim and httpd. In the second screenshot you can 2 domainnames. Bloomlife is from a customer and server.duraweb.eu is my server. Above it also says you can add key and certicate and bundled certificate. Why is the only domain shown that of a customer and not the rest????
 
Richard G said:
I had that exact same issue too if that is what you mean. This is because imap is still not enabled by default in Directadmin. So first you have to customize some file to get imap added automatically to DNS or you have to add it manually.

However, this still won't take care about an imap SSL certificate. For that you have to add imap in your directadmin.conf file.
So change:
letsencrypt_list=www:mail:ftp:pop:smtp
to
letsencrypt_list=www:mail:ftp:pop:smtp:imap
and restart directadmin. And then you should be able to get the imap SSL.

For just all domains, use the tips already given above.
Click to expand...
IMG_1174.jpeg

As you can see in my screenshot it was already present in my directadmin.conf and still if i check through https://imap.domain.com it still shows only the one of bloomlife and not the ssl from the true domain.
 
I'm Dutch too als you can see, so no issues there.

Something is definately going wrong, but I don't know why.
First of all, we have to seperate what you are seeing in Admin SSL and what is really happening on the websites.

So when I look at the duraweb.eu website, everything is fine when checking the certificate on the site itself. Well allmost everything.

The seem for the customer domain. I see you created several certificates, manually choosen and wildcard, all valid to june 13th and 14th this year.
You can check that at the crt.sh website. So there is no need to keep requesting new certificates.

However, only 1 thing is wrong. On Duraweb there is no certificate for imap. But you are using Cloudflare DNS. So question is if you have added the imap record correctly in cloudflare, same like it is for the customer domain?
Because as far as I can see on both the websites and the website certificates, everything lookes fine on the side of Letsencrypt and websites themselfs. So it looks as the issue is only playing in Directadmin.
And ofcourse it seems for your duraweb the imap record is missing in Cloudflare or maybe proxied or something. I don't know I don't work with Cloudflare, but it looks like LE can't see it. While it could see it for the customer domain. So there must be a difference somewhere.

As for the display in Admin SSL in Directadmin, that is indeed a bit odd. Maybe it has to do which resolver you use. Not sure about that.
Could also be something else, maybe @fln can enlighten you on that or what can be wrong?
Or maybe send in a ticket for it.

However, be asured that you can not check via https://imap.domain.com as imap is an A record for mail, it is not a real subdomain, so you can not visit it like a subdomain that way, it will always give you an ssl error this way. But via an e-mail client it should be fine.
 
I see that doorpakkers and schootenvan also has a valid working ssl cert, so i guess there is an issue in the viewer (?)
The thing that does consurn me is the fact that you run your server from home on your KPN connection.

Did you maybe put a filter in the search ? When you click on show search.
 
Ah wait, the page you look at is the page Directadmin uses for it services, this is not the page that shows all active domains and if they use SSL.

This page for me only shows myserver.domain.com (example).

If you want to see if SSL is running for your clients etc you have to click the button "Certificaten bekijken"
 
ericosman said:
I see that doorpakkers and schootenvan also has a valid working ssl cert, so i guess there is an issue in the viewer (?)
The thing that does consurn me is the fact that you run your server from home on your KPN connection.

Did you maybe put a filter in the search ? When you click on show search.
Click to expand...
No i did not put a filter and yes i run it from home, i only host a few websites not much anyway. I do it because i was not happy with the webhoster doorpakkers was on and just this week i host my own mail as well. The webhoster i was with for my mail and my own hostname that i do myself so if i move somewhere else all i have to do is swap ip adresses. But where i had my mail i used to pay €21 a year but now they wanted me to pay €19 a month. Well F them i do it myself.
 
grandm1961 said:
Well F them i do it myself.
Click to expand...
And right you are!
So can you confim that things are working as expected and correctly on the sites and certificates and it's only the DA display which displays it incorrectly? Like I stated in post #11?
If yes the you could send in a ticket about that so it gets fixed.
 
Richard G said:
And right you are!
So can you confim that things are working as expected and correctly on the sites and certificates and it's only the DA display which displays it incorrectly? Like I stated in post #11?
If yes the you could send in a ticket about that so it gets fixed.
Click to expand...
Yes, and for cloudflare i changed 1 thing from full strict to full and turned the origin certificates off and all websites that do a check for mail are all working as it should. Also mail-tester gives a 10/10. But in directadmin bloomlife stays in it, bit in the admin ssl for exim and httpd as well within directadmin. Why that is I don’t know, if it is a bug or what. But all websites are getting a 10/10 and all the tests of checking ssl get all a green light or a A
 
You must log in or register to reply here.
Back
Top