Backup restore, a horrible experience

Mattie

Verified User
Joined
Jun 1, 2008
Messages
123
Edit:
I was a bit frustrated when posting this as a lot of things wouldn't work. Please do take this as positive feedback and forgive me if this sounds a bit like a rant. I DO really like DA overall :)

I have just moved to a different VPS, so I used the admin backup/transfer feature to restore my things. First of all: why don't you alert in the message sytstem them a backup is restored with DNSSEC while what is not yet installed. I never thought that I manually needed to enable it.

But allright after a lot of debugging I enabled DNSSEC and then restored the backup again.

However it does not look right:

1615116565902.png


On my old system I also had DLV records but they don't show up here? Is that something I need to do manually? And does it now also auto-renew after the backup or do I need to "register" this somehow. I'm just a bit scared when strange things happen like this.
 
Last edited:
I had to edit the title from this specific DNSSEC problem to "Backup restore, a horrible experience" as there seem to be a lot more...

- SSL was not restored, direactadmin.conf contained "ssl = 0" by default (fine) but no (server) certificates where restored
- So I needed to set ssl=1, then restart DA (no certificates)
- Manually request hostname certificate (even though they existed on my old system) with the letsencrypt script
- The I could not access my site (HSTS) and there was no SSL option to be found in the UI (thanks https://forum.directadmin.com/threads/no-ssl-option.57045/)
- And now I can enable SSL but guess what no certificates? So now I have to renew everything?

Well this is just one big clusterf...... Am I stupid or is the restore backup flow horrible horrible broken? I think that you should enable stuff like dnssec/ssl or at least alert the user that it is not disabled and therefore things are not restored. Now I am doubting if I want to restore another backup just to see if the certificates are restored with ssl=1 but then I will break my DNS again..... (and not to mention my slave DNS servers that have a higher SOA serial number now due to changes already made)

edit:
It seems ssl certificates are restored for domains that do not use the server-certificate. So now just to find out how to add additioal hosts as the first option from https://help.directadmin.com/item.php?id=645 does not result a new certificate at /usr/local/directadmin/conf/cacert.pem

edit2:
the ca.san_config way did work (i just copied the file from my old host) so assuming this auto-renews it should work...
 
Last edited:
DNS ISSUES

And another issue:

For a lot (all?) domains IPv6 DNS is not restored correctly. Either the 'OLD' ip was left (perhaps it has issues with :0000:0000:0000:1 vs ::1) or there is simply NO AAAA records restored. Why?
(edit: only AAAA records that where not my old server IP are restored)

And another question:
How can I update all my domains with a single command to 'duplicate' all records to a AAAA record? The "reset default" does not do this.

Another one: CAA records -> not restored....

I am really now manually comparing old vs new this is really a terrible experience
 
Last edited:
Not for me but for support Versions, and OS used on both?
Also you backup settings and configs ... and some more, i understand your post, ip to have same ip is often problem ( while lot of hosters you can't have same ip's on new..) , but also changes of ip.

And all settings other then default, also old defaults are ofcourse not the same as newly installed DA boxes defaults, there should be doc's or at least some detection help system so to take care have same in the end before restore.

And some more scripts (gui) needed to solve some differences old new. ( bulk dns import export scripts for example , and certs changes)
 
Yes you are right I can provide some more info (kinda of a rush to get it all working). I assumed the backup could be used to get "everything" working. I can assume some things are changed but if my host kills my VPS and has no backup I need to be able to restore it.

So perhaps this is a question for DA: what is the intention if the backup feature? If this is not "restore everything" then what do I need in additon to do this.

But here it goes:
old = Debian 9.12. not sure how DA was installed (>5years ago)
new = Debian 10.4, DA installed with "auto" option
both running the latest DA 1.61.5

The backup I have created was through DA, all users, local tar.gz everything except "domains directory" and "email data".

My flow was:
- Install DA
- Add IPv6 to the DA GUI
- rsync /home/
- Disable all services (except mysql) on old
- Create backup (as listed above)
- Restore backup on new
- rsync /home/

So in my opinion (as a DA user not really a big admin or something) that should be it. If there are things I need to do (like manually enable DNSSEC) then either it needs to be properly documented or be done automatically (or fail with an error).

Again: everything that goes wrong on my side may be user-error however I did not find any documentation on how to restore a backup that noted some of these things.

But, after a lot of hours it seems that the only thing missing are the AAAA records, I'm hoping on some automated way for this as I don't really want to manually edit each domain myself.

And now I can go and setup backup, spamd etc
 
Last edited:
Still hoping on some comment from DA on this.

I also found another issue. I have a subdomain listed as subdomain in DA but when going to it I get the "
This IP is being shared among many domains.
To view the domain you are looking for, simply enter the domain name in the location bar of your web browser."
message.

So again something that is nog working properly after the restore. I have to look into this so I don't know yet what the issue can be...

edit:
This seems to be fixed by the fix described below, not sure what exactly the problem was perhaps this one also didn't have an AAAA record that would explain the message.
 
Last edited:
DNS ISSUES

And another issue:

For a lot (all?) domains IPv6 DNS is not restored correctly. Either the 'OLD' ip was left (perhaps it has issues with :0000:0000:0000:1 vs ::1) or there is simply NO AAAA records restored. Why?
(edit: only AAAA records that where not my old server IP are restored)

And another question:
How can I update all my domains with a single command to 'duplicate' all records to a AAAA record? The "reset default" does not do this.

Another one: CAA records -> not restored....

I am really now manually comparing old vs new this is really a terrible experience
And just a comment in this. I happen to look at some posts and noticed this https://forum.directadmin.com/threa...ess-in-da-via-terminal-not-through-gui.62752/. It seems that solves at least this issue. I'm not 100% if I had this on my old VPS so it could be just me in this case. Anyhow a feature request: when adding a (first) IPv6 address perhaps ask the user if he wants to link? I never knew this existed and I only found it by accident :)

But yeah this saves me a lot of configuring so that is great!
 
I'm wondering if you manage to solve the issue on SSL restores because I just read that you only manage to fix the AAAA records that did not appear during restoration. I did restore everything is restored except SSL certificate where I got no certificate created that cause the browser displayed an invalid certificate warning. The backup SSL request was made by DA automatically using AUTO SSL. Before I did backup I have checked every domain had a valid SSL.

After I have done backup, I check the backup files it contains SSL certificate but when restored the DA did not restore the certs. The certs should be here:

/usr/local/directadmin/data/users/username/domains/*

But they are empty. I think this might be a bug. I'm gonna inspect more because haven't seen anyone raising this issue yet.
 
Last edited:
The restoration should restore the domain certificate via admin_backup but I see none

For another method, I have a workaround to do this SSL restoration using script here https://forum.directadmin.com/threa...usr-local-directadmin-data-lego-folder.64842/ (but this is just an alternative method) .... I should be able to use the DA restore tool and have my SSL certificate back with no issue

Anyone successfully restore the certificate of a user when you restore this through admin_backup? I saw a bug (from older DA) that the certificate won't be restored using the user_backup restore tool here https://www.directadmin.com/features.php?id=2368 but this shouldn't be the case with admin_backup. I tried both DA 1.63.1 - current and DA 1.63.0 - stable

EDIT:

edit:
It seems ssl certificates are restored for domains that do not use the server-certificate.

As I can tell the AUTO SSL feature is using server-certificate. Thanks for inspecting this, you saved a lot of my time.


So now just to find out how to add additioal hosts as the first option from https://help.directadmin.com/item.php?id=645 does not result a new certificate at /usr/local/directadmin/conf/cacert.pem
If you have backup the host certificate you can look into the link that I provided, the script from porallix can restore the server-wide certificate (except user domain). So you don't have to request a new SSL certificate.
 
Last edited:
HI MaXi32,

I don't really remember how I fixed it, but it certainly contained a lot of swearing :) I was lucky that my old machine was still running so I could copy files from that machine and even login into DA there as the license was not expired yet. That really helps a lot. But exact details I don't remember.

Next time I will check out the script you linked ;)
 
Back
Top