ssl cerificate

arash_fa · Jul 6, 2019

hi

i made a ssl certificate by refering to "SSL Certificates" link in directadmin menu.

i check "Free & automatic certificate from Let's Encrypt" radio box.

then press SAVE button and get success message in message box after 2 minute and everything is OK Apparently.

but my domain has notif as "Your connection is not private" and

Issued to : localhost

Issued by : localhost

this domain: https://smart-app.in

please help me to improwing this problem.

////Forgive me for weakness in English////

galuh82 · Jul 6, 2019

Have you tried restarting the web server?

arash_fa · Jul 7, 2019

galuh82 said:
Have you tried restarting the web server?

yes apache and nginx then reboot server

arash_fa · Jul 7, 2019

galuh82 said:
Have you tried restarting the web server?

yes . nginx and apache then reboot server

galuh82 · Jul 7, 2019

you can check your ssl on https://www.sslshopper.com/ssl-checker.html?hostname=https://smart-app.in/

Common name: localhost
Organization: none Org. Unit: none
Location: Sometown, Someprovince, US
Valid from June 24, 2019 to November 8, 2046
Serial Number: 13632858605647617849 (0xbd31a4abfec0df39)
Signature Algorithm: sha256WithRSAEncryption
Issuer: localhost

may be you have to recreate your ssl.

arash_fa · Jul 7, 2019

my dns server is dns.he.net .

i installed letencrypt by build in ssh only

what should i do for config it

smtalk · Jul 7, 2019

letsencrypt.sh from command line does not enable the cert for the website, it just installs/creates it. I'd suggest going to "SSL Certificates" and making the LE cert active there

Thank you!

NetworkPanda · Jul 7, 2019

smtalk said:
letsencrypt.sh from command line does not enable the cert for the website, it just installs/creates it. I'd suggest going to "SSL Certificates" and making the LE cert active there Thank you!

Can this be done automatically from CLI/SSH?

For accounts transferred from other control panels, especially if they have many addon domains, it takes a lot of time to go there to enable Let’s Encrypt for them for each domain separately.

Also, the backup restore tool should restore existing existing SSL certificates automatically, if they exist in the backup created in other panel. If this functionality is added, it will save us and our customers a lot of time.

galuh82 · Jul 7, 2019

NetworkPanda said:
Can this be done automatically from CLI/SSH?

For accounts transferred from other control panels, especially if they have many addon domains, it takes a lot of time to go there to enable Let’s Encrypt for them for each domain separately.

Also, the backup restore tool should restore existing existing SSL certificates automatically, if they exist in the backup created in other panel. If this functionality is added, it will save us and our customers a lot of time.

I strongly agree with this, the cert is copied automatically when restoring an account. paid ssl or default from autossl cpanel.

smtalk · Jul 8, 2019

NetworkPanda said:
Also, the backup restore tool should restore existing existing SSL certificates automatically, if they exist in the backup created in other panel. If this functionality is added, it will save us and our customers a lot of time.

Not sure why no one reported it before

Checking right now, thanks! If anything else noticed - please post it.

NetworkPanda · Jul 8, 2019

smtalk said:
Not sure why no one reported it before Checking right now, thanks! If anything else noticed - please post it.

Thank you, we hope it gets solved soon, as it is the only issue remaining before we start ordering new licenses and transferring customer accounts. Everything else we checked with DirectAdmin works fine.
If you need any details or some cpmove test files with SSL certificates included in them, for your tests, please let me know

smtalk · Jul 8, 2019

cpmove would be great, but I think I know why it's behaving so.. DirectAdmin doesn't have an ability to manage SSL certs just for the add-on domain or subdomain, they're all included to the main domain cert (LE can be used for this). However, if we add all of them to the list of domains to issue a new LE cert, we might be hitting a rate-limit. Some people said Comodo had no limits for their endpoint, I'm going to try to talk to them on this

(if they're willing to open their 'endpoint' for us)

Please let us know any issues with conversion. We're going to improve its speeds, but we're really willing to solve issues people notice, and improve the script accordingly.

Thank you!

NetworkPanda · Jul 9, 2019

smtalk said:
cpmove would be great, but I think I know why it's behaving so.. DirectAdmin doesn't have an ability to manage SSL certs just for the add-on domain or subdomain, they're all included to the main domain cert (LE can be used for this). However, if we add all of them to the list of domains to issue a new LE cert, we might be hitting a rate-limit. Some people said Comodo had no limits for their endpoint, I'm going to try to talk to them on this (if they're willing to open their 'endpoint' for us)

Please let us know any issues with conversion. We're going to improve its speeds, but we're really willing to solve issues people notice, and improve the script accordingly.

Thank you!

Thank you for your reply.

If SSL certificates are included in the cPanel backup file for the main domain, I think DirectAdmin should be fixed to be able to use and install them, like cPanel does when it restores an account (and like DirectAdmin does when it restores a DirectAdmin backup file). If it does so, it will not need to request new SSL certificates from Let's Encrypt, so it will not cause rate-limiting issues. Also, some users have their own (paid) certificates that must be installed and used (some of them may complain if we ask them to re-install their certificates manually and meanwhile their web sites will show SSL errors). Thanks again!

NetworkPanda · Jul 9, 2019

NetworkPanda said:
Thank you for your reply. If SSL certificates are included in the cPanel backup file for the main domain, I think DirectAdmin should be fixed to be able to use and install them, like cPanel does when it restores an account (and like DirectAdmin does when it restores a DirectAdmin backup file). If it does so, it will not need to request new SSL certificates from Let's Encrypt, so it will not cause rate-limiting issues. Also, some users have their own (paid) certificates that must be installed and used (some of them may complain if we ask them to re-install their certificates manually and meanwhile their web sites will show SSL errors). Thanks again!

Update: We have made this to work (DirectAdmin to use existing SSL certificate .crt and .key files from the cpmove backup file when restoring an account). Basically, after an account is restored, we check inside the cpmove file, the homedir/ssl/certs and homedir/ssl/keys directories for the most recent versions of the files, we copy them to /usr/local/directadmin/data/users/username/ and configure the /usr/local/directadmin/data/users/username/httpd.conf file to use them. After a restart of the httpd service, the web sites work fine with the SSL, with the certificates that were already included in the cpmove file, without the need to request and issue new certificates.

smtalk · Jul 9, 2019

NetworkPanda said:
Thank you for your reply. If SSL certificates are included in the cPanel backup file for the main domain, I think DirectAdmin should be fixed to be able to use and install them, like cPanel does when it restores an account (and like DirectAdmin does when it restores a DirectAdmin backup file). If it does so, it will not need to request new SSL certificates from Let's Encrypt, so it will not cause rate-limiting issues. Also, some users have their own (paid) certificates that must be installed and used (some of them may complain if we ask them to re-install their certificates manually and meanwhile their web sites will show SSL errors). Thanks again!

It should copy main domain certs, if it doesn't - that's a bug. Would you mind sharing cpmove file for a test?

ditto · Jul 9, 2019

smtalk said:
cpmove would be great, but I think I know why it's behaving so.. DirectAdmin doesn't have an ability to manage SSL certs just for the add-on domain or subdomain, they're all included to the main domain cert (LE can be used for this). However, if we add all of them to the list of domains to issue a new LE cert, we might be hitting a rate-limit. Some people said Comodo had no limits for their endpoint, I'm going to try to talk to them on this (if they're willing to open their 'endpoint' for us)

Please let us know any issues with conversion. We're going to improve its speeds, but we're really willing to solve issues people notice, and improve the script accordingly.

Thank you!

Just don't remove the option to have Let's Encrypt as default for all domains. We do not want to use Comodo, and we _only_ want to use Let's Encrypt.

Generally, I think DirectAdmin developers should take a pause for thought, there is no need to try to make a cPanel clone. Everybody from cPanel want everything to be the same as before, but give them some time to get used to DirectAdmin before to many drastically changes are made.

smtalk · Jul 9, 2019

NetworkPanda said:
we copy them to /usr/local/directadmin/data/users/username/ and configure the /usr/local/directadmin/data/users/username/httpd.conf file to use them. After a restart of the httpd service, the web sites work fine with the SSL

This is a bad practice, as you get httpd.conf files overridden. Please do the changes in domains/domain.com.conf if you'd like to set SSL cert/key/cacert from CLI, then a simple "./build rewrite_confs" will generate httpd.conf with it. However, as I said - if main domain is not getting the cert restored, this would be considered a bug

NetworkPanda · Jul 9, 2019

smtalk said:
This is a bad practice, as you get httpd.conf files overridden. Please do the changes in domains/domain.com.conf if you'd like to set SSL cert/key/cacert from CLI, then a simple "./build rewrite_confs" will generate httpd.conf with it. However, as I said - if main domain is not getting the cert restored, this would be considered a bug

Thank you for your advice! Indeed the cpanel_to_da.sh script or the DirectAdmin restore interface only copies the .cacert file from the cpmove file, but the .cert and .key files are lost.

It seems we have been able to fix this with a custom shell script we created, that runs before restoring the account and after your cpanel_to_da.sh code. It finds the most recent SSL certificate and key files for each domain (primary and addon) in the cpmove-*/homedir/ssl directory and copies them to each domain in the DirectAdmin backup file. Then when this backup file is restored, all HTTPS sites included in the account, work immediately without SSL errors.

We will run a few more tests and will send you the script and a cpmove file in the next couple of days.

smtalk · Jul 9, 2019

SSL issue has been solved in 0.0.12 (will be uploaded by default shortly), it seems they've changed the SSL path lately

To see current version you run:

Code:

cd /usr/local/directadmin/custombuild
./build versions | grep -i cpanel

To fetch the latest right now to use with DA 1.57.4 or pre-release binaries:

Code:

wget -O /usr/local/directadmin/scripts/cpanel_to_da/cpanel_to_da.sh https://custombuild.eu/cpanel/cpanel_to_da.sh

It detects if it's Let's Encrypt, and if it is - setups auto-renewal too.

Thank you for the report!

NetworkPanda · Jul 9, 2019

smtalk said:
SSL issue has been solved in 0.0.12 (will be uploaded by default shortly), it seems they've changed the SSL path lately To see current version you run:

Code:

cd /usr/local/directadmin/custombuild ./build versions | grep -i cpanel

To fetch the latest right now to use with DA 1.57.4 or pre-release binaries:

Code:

wget -O /usr/local/directadmin/scripts/cpanel_to_da/cpanel_to_da.sh https://custombuild.eu/cpanel/cpanel_to_da.sh

It detects if it's Let's Encrypt, and if it is - setups auto-renewal too.

Thank you for the report!

Thank you for your great and fast work! It is remarkable how fast you fix things, much faster than some other panel that all these years needed weeks or months to implement the smallest fixes or new features (if they ever implemented them) and now they ask their customers to pay $$$$ per month!

ssl cerificate

New member

Verified User

New member

New member

Verified User

New member

Administrator

Verified User

Verified User

Administrator

Verified User

Administrator

Verified User

Verified User

Administrator

Verified User

Administrator

Verified User

Administrator

Verified User