DirectAdmin 1.706

I've been testing 1.706 using the alpha channel to fix incorrect cipher suites (ticket #71601). That was indeed fixed, but it's missing from the changelog. It removes old ciphers that shouldn't be loading anymore and it has effect on a domain's score on https://internet.nl for example.

Because I couldn't find much documentation and it's now missing from the changelog, I would like to ask (again, now publicly) to add it to the changelog and improve the documentation.

The ACME management for SSL is nice and I've used it for a few domains already. When do you plan to enable it for all domains? If not how can we enable it ourselves for all domains (new and existing)?
 
Where is the csf changelog to be found again?

The ChangeLog can be found in /etc/csf/changelog.txt or in https://files.directadmin.com/services/csf-15.08.tar.gz:

Code:
15.08 - Removed csget update script. 
            Removed Upgrade section from the plugin GUI

Meanwhile https://github.com/poralix/da-csf/commit/810017b0fe6bb09d19c5f848ba156beb51afe284 :

Code:
        modified:   ConfigServer/DisplayUI.pm
        modified:   changelog.txt
        modified:   install.cpanel.sh
        modified:   install.cwp.sh
        modified:   install.cyberpanel.sh
        modified:   install.directadmin.sh
        modified:   install.generic.sh
        modified:   install.interworx.sh
        modified:   install.vesta.sh
        modified:   version.txt
 
Yes it does:
1783952792741.png
 
The warning:

The ACME system is disabled. Please enable it to manage TLS certificates automatically.

seems a bit confusing.

2026-07-14_173710_poralix.png

Can we have it rephrased to something less ambiguous please. For now it makes me and probably other users think a domain is not protected by a certificate and/or an existing one won't be renewed.

And another thing. The commonly used command:

Bash:
/usr/local/directadmin/scripts/letsencrypt.sh request domain.com

does not issue a new certificate as well as the command
Code:
letsencrypt.sh renew domain.com
does not renew an existing one. Even if I change the key-type in CLI. Getting this:

Bash:
2026/07/14 18:07:23  info executing task            task=action=rewrite&domain=poralix.example.net&value=letsencrypt
2026/07/14 18:07:23 debug flushing unbound dns zone acme-mode=domain domain=poralix.example.net hostname=poralix.example.net output=ok removed 3 rrsets, 2 messages and 0 key entries
 user=myuser zone=poralix.example.net
2026/07/14 18:07:24 debug domain should be able to solve DNS challenge acme-mode=domain domain=poralix.example.net hostname=poralix.example.net reason=ns_record_match user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=www.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=mail.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=ftp.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=pop.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=smtp.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=webmail.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24  info finished task             duration=484.06929ms task=action=rewrite&domain=poralix.example.net&value=letsencrypt

How can we request/renew certificates in a console?

The only command is working is

Code:
/usr/local/directadmin/scripts/letsencrypt.sh server_cert [<domain>]

Thank you
 
The warning:



seems a bit confusing.

View attachment 9804
Can we have it rephrased to something less ambiguous please. For now it makes me and probably other users think a domain is not protected by a certificate and/or an existing one won't be renewed.

And another thing. The commonly used command:

Bash:
/usr/local/directadmin/scripts/letsencrypt.sh request domain.com

does not issue a new certificate as well as the command
Code:
letsencrypt.sh renew domain.com
does not renew an existing one. Even if I change the key-type in CLI. Getting this:

Bash:
2026/07/14 18:07:23  info executing task            task=action=rewrite&domain=poralix.example.net&value=letsencrypt
2026/07/14 18:07:23 debug flushing unbound dns zone acme-mode=domain domain=poralix.example.net hostname=poralix.example.net output=ok removed 3 rrsets, 2 messages and 0 key entries
 user=myuser zone=poralix.example.net
2026/07/14 18:07:24 debug domain should be able to solve DNS challenge acme-mode=domain domain=poralix.example.net hostname=poralix.example.net reason=ns_record_match user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=www.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=mail.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=ftp.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=pop.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=smtp.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24 debug DNS name skipped because it is already covered by a valid certificate acme-mode=domain dnsName=webmail.poralix.example.net domain=poralix.example.net user=myuser
2026/07/14 18:07:24  info finished task             duration=484.06929ms task=action=rewrite&domain=poralix.example.net&value=letsencrypt

How can we request/renew certificates in a console?

The only command is working is

Code:
/usr/local/directadmin/scripts/letsencrypt.sh server_cert [<domain>]

Thank you
The "ACME system" refers to the updated automatic TLS certificate system.
Legacy auto-renewal is still functional, and can be seen in the certificate list by the green "Auto-renew" text, despite the ACME system being disabled. Note that legacy auto-renewal will eventually be deprecated and removed with future DA releases.

The letsencrypt.sh script has been updated to enable the ACME system for a domain. For example, running the following:
Bash:
letsencrypt.sh request domain.com
# or
letsencrypt.sh renew domain.com # behaves identically to request
enables the ACME system for the domain and ensures domain.com is covered by a TLS certificate and is automatically renewed in the future whenever needed. If a valid certificate already exists, nothing is done (even if the key type differs, though this may change in future DA releases).
 
The "ACME system" refers to the updated automatic TLS certificate system.
Legacy auto-renewal is still functional, and can be seen in the certificate list by the green "Auto-renew" text, despite the ACME system being disabled. Note that legacy auto-renewal will eventually be deprecated and removed with future DA releases.

Thank you for your efforts and clarification. It is not me who you would need to teach. It is a feedback from regular users who does not know anything about directadmin help pages and forums. And they got confused with the warning. Hence I posted it here.

The letsencrypt.sh script has been updated to enable the ACME system for a domain.

I personally don't like the behaviour of the new script. I understand I'm not the decision maker here as well as no way an influencer. You just removed any way to control certificates creation in favour of a fully automated process. The things are now just "take the things as how they are". Why? What benefits will we get from it? I don't see any as of yet
 
I don't like this new changed... Just keep old letsencrypt.sh working same as before and introduce new thing like "letsencrypt.sh --modern ...",

no one can keep learning that's already should work but need to re-update his document in later again and again.
 
Back
Top