Bug when adding a SSL cert

L

lonea

Verified User
Joined
Jan 3, 2009
Messages
45
I believe there is an issue with the SSL module. Basically whenever a CRT/KEY is being added to an account. DA will automatically use the www.xxx.com as the ServerName and put the xxx.com as a ServerAlias.

This will cause problem when the cert is for xxx.com as DA/httpd will continue to load the self-signed certificated for www.xxx.com when a visitor is browsing https://xxx.com

In my case. My domain was a yy.xxx.com

and DA added www.yy.xxx.com as the ServerName and ServerAlias. I had to manually change both to yy.xxx.com in order to get httpd to load the correct SSL cert.
 
Why would you buy a cert for a tld in the first place.

You can use htaccess to redirect the users where you want.
 
mr.applesauce said:
Why would you buy a cert for a tld in the first place.

You can use htaccess to redirect the users where you want.
Click to expand...

so why would you buy a cert for a subdomain ? different business have different practice of doing things

most importantly, I bought the cert for a subdomain and it is still an issue.
 
If you've bought the certificate for a subdomain then you need to install the subdomain as if it were an entirely new domain, on an entirely separate IP#.

If you don't give us real name/ip# info, then we don't have enough information to help you.

Jeff
 
If you bought a cert for yy.xxx.com, it will also be valid for www.yy.xxx.com.
Just add yy.xxx.com as a domain in DA and add the cert on the SSL page. there is no need to delete anything from the vhost.

Users going to https://yy.xxx.com will stay on that page and will get the certificate.

The only issue you could have is if you're using xxx.com as the domain and created a yy sub-domain using the control panel, because all it does is create an alias in the same vhost.
 
interfasys said:
If you bought a cert for yy.xxx.com, it will also be valid for www.yy.xxx.com.
Click to expand...
Is this true for all Certification Authorities? I don't believe it is.

It is true that when you buy a Certificate from us (currently only, not for all past Certificate purchases) for www.yy.xxx.com it will also work for yy.xxx.com, but not the other way around.

Jeff
 
jlasman said:
Is this true for all Certification Authorities? I don't believe it is.

It is true that when you buy a Certificate from us (currently only, not for all past Certificate purchases) for www.yy.xxx.com it will also work for yy.xxx.com, but not the other way around.

Jeff
Click to expand...
You're right, I assumed everybody was doing it since you can get free SSL certs with that "feature". Big players like Globalsign do as well even for their dirt cheap certs.
 
jlasman said:
If you've bought the certificate for a subdomain then you need to install the subdomain as if it were an entirely new domain, on an entirely separate IP#.

If you don't give us real name/ip# info, then we don't have enough information to help you.

Jeff
Click to expand...

That's the issue. The DA account is a subdomain itself.

Basically,

ca.domain.com

Cert is also ca.domain.com


And inside

/usr/local/directadmin/data/users/caaccount/httpd.conf

The configs are


Code: 
        ServerName www.ca.domain.com
        ServerAlias www.ca.domain.com ca.domain.com  domain.ca www.domain.ca


Even if I manually edit the httpd.conf. The conf will get rewritten again when a change is made within DA.

This is definitely a bug.
 
Its not a bug at all its how the template system works. If you want a custom template then you can create one in the custom folder.

Check help.directadmin.com and directadmin.com/versions.php on how to use the templates.
 
mr.applesauce said:
Its not a bug at all its how the template system works. If you want a custom template then you can create one in the custom folder.

Check help.directadmin.com and directadmin.com/versions.php on how to use the templates.
Click to expand...

You obviously don't get the issue here. Its not about customizing or using .htaccess as a hack to fix it.

DA should ALWAYS use the domain as a default ServerName. A www.+domain name can be completely different set of content altogether.

A www.domainname != domainname
 
Some of us would argue otherwise with you.

We'd say that DirectAdmin, since it's a hosting controlpanel, should always use www because it's defined in RFCs as the proper service name for the web service.

I've never had the problem, and in the many years since many people starting using DirectAdmin I've never seen the problem discussed on the forum.

I'm presuming that the reason I never see the problem is because I always use something like www.example.com, or secure.example.com, for my site.

However I'm not sure, since I know I've set up sites as secure.example.com, and I know when I do that, that DirectAdmin uses the name with www in the httpd.conf file. Yet the Certificates work without error.

Would you be so kind as to give very specific examples we can test?

Thanks.

Jeff
 
jlasman said:
Some of us would argue otherwise with you.

We'd say that DirectAdmin, since it's a hosting controlpanel, should always use www because it's defined in RFCs as the proper service name for the web service.

I've never had the problem, and in the many years since many people starting using DirectAdmin I've never seen the problem discussed on the forum.

I'm presuming that the reason I never see the problem is because I always use something like www.example.com, or secure.example.com, for my site.

However I'm not sure, since I know I've set up sites as secure.example.com, and I know when I do that, that DirectAdmin uses the name with www in the httpd.conf file. Yet the Certificates work without error.

Would you be so kind as to give very specific examples we can test?

Thanks.

Jeff
Click to expand...

Sent you a pm
 
I've got your PM. I'm happy to work with you privately to resolve your issue, either at my hourly rate, or if you want to purchase a Certificate from me, at my reseller rate, including installation (see my advertisement on these DirectAdmin forums here.

Or if you'd like continued help here, just post the information here. I will say though, that when I visit your site without the www prefix I see the new Certificate, properly installed.

Jeff
 
jlasman said:
Or if you'd like continued help here, just post the information here. I will say though, that when I visit your site without the www prefix I see the new Certificate, properly installed.

Jeff
Click to expand...

That's because I changed the ServerName back to without www.

But I already got a reply from DA support. They said they will check into SSL vendor and see what the standard is.

You guys could deny this as a bug until you run into a cert that separate www.domain vs domain
 
You must log in or register to reply here.
Back
Top