CA Certificate not work

[nservices]

Hi,
i install new CA Certificate for domain and its write:
Success!
Details
CA Certificate is ok. Your site should be secure within a few minutes.

but even after more then hour, the CA not function.

what i need to do ?

Regards,
Nservices.

 

[program5]

Did You restarted httpd service ?
What makes You think it doesnt work ?

 

[nobaloney]

We need more information to really help you.

What's the Main IP# of the server? What's the IP# dedicated to the domain name?

Is the domain under the admin login's user panel?

What's the domain name?

Jeff

 

[nservices]

Details

domain: www.flymarket.co.il
main ip: 80.179.242.244
domain ip: 80.179.242.247
domain is not under admin

 

[nobaloney]

Check the DirectAdmin interface to make sure that SSL is enabled, that the IP# is correct, and that the fields in the domain's SSL interface in DirectAdmin have the correct contents.

If all of these check out then you might want to have someone look into your system for you.

Jeff

 

[nservices]

i already check this things

its look like directadmin use main server certificate and not user domain certificate.

please let me know what to do.

Regards,
Nservices.

 

[floyd]

If you are not comfortable using ssh to diagnose the problem and manually editing the httpd.conf file then you need to get somebody to look at your server for you.

 

[nservices]

Hi floyd, am not feel uncomfortable to do that

and its not problem to solve this problem for this current domain via httpd.conf.

but this problem is in all my users accounts and domains
and i don't want to start configure manually the SSL
for my users domains

i just want configure DirectAdmin to set users use theirs SSL CA

Regards,
Nservices.

 

[nobaloney]

Nservices,

Obviously there's a problem somewhere in your setup, or this shouldn't be happening.

Just as obviously you haven't figured out how to fix it.

And also as obviously, no one is going to be able to fix it without logging into your system.

I second Floyd's suggestion that you may need someone to look at your server for you. Perhaps you should hire someone.

Jeff

 

[floyd]

and its not problem to solve this problem for this current domain via httpd.conf

Then you must know something I don't. The user's httpd.conf file is where SSL is configured.

First check to make sure that the ip is not shared.

When you go to the SSL settings you should see the private key that you generated using DirectAdmin and the Certificate that was given to you.

Make sure key matches what was generated previously and the key matches what was given to you.

If you are using a intermediate certificate make sure that matches the next page when you click "Click Here to paste a CA Root Certificate"

The certificates are stored in /usr/local/directadmin/data/users/username/domains

The settings are store in /usr/local/directadmin/data/users/username/httpd.conf

Check httpd.conf to make sure the settings are pointing to the correct files in /usr/local/directadmin/data/users/username/domains

 

[nservices]

Re:

Hi floyd,
yes, i know that user's httpd.conf file is where SSL is configured.

but,
i think (and fix me if this is a mistake)
that if am configure dedicated ip for domain
and am install CA Cart according to DA SSL Guide
its should to insert the correct user SSL setting to httpd.conf automatically
(its not sense let starting users modifay thy httpd.conf for CA Cart installation).

Regards,
Nservices.

 

[floyd]

I will wait for you to comment on the rest of my post.

 

[nservices]

Re: rest

First check to make sure that the ip is not shared.

checked - ip is dedicated

When you go to the SSL settings you should see the private key that you generated using DirectAdmin and the Certificate that was given to you.

Done.

Make sure key matches what was generated previously and the key matches what was given to you.

Done.

If you are using a intermediate certificate make sure that matches the next page when you click "Click Here to paste a CA Root Certificate"

am using COMODO Free SSL (now i want to check Rapid free ssl, i well check it and let you know latter)

The certificates are stored in /usr/local/directadmin/data/users/username/domains

The settings are store in /usr/local/directadmin/data/users/username/httpd.conf

Check httpd.conf to make sure the settings are pointing to the correct files in /usr/local/directadmin/data/users/username/domains

checked - looks good

<VirtualHost 80.179.242.247:443>
	SSLEngine on
	SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
	SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
	SSLCACertificateFile /usr/local/directadmin/data/users/flymarket/domains/flymarket.co.il.cacert
	ServerName www.flymarket.co.il
	ServerAlias www.flymarket.co.il flymarket.co.il 
	ServerAdmin [email protected]
	DocumentRoot /home/flymarket/domains/flymarket.co.il/private_html
	ScriptAlias /cgi-bin/ /home/flymarket/domains/flymarket.co.il/public_html/cgi-bin/
	UseCanonicalName OFF
	SuexecUserGroup flymarket flymarket
	CustomLog /var/log/httpd/domains/flymarket.co.il.bytes bytes
	CustomLog /var/log/httpd/domains/flymarket.co.il.log combined
	ErrorLog /var/log/httpd/domains/flymarket.co.il.error.log
	<Directory /home/flymarket/domains/flymarket.co.il/private_html>
		Options +Includes -Indexes
		php_admin_flag engine ON
		<IfModule !mod_php6.c>
			php_admin_flag safe_mode OFF
		</IfModule>
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'
		php_admin_value open_basedir /home/flymarket/:/tmp:/usr/local/lib/php/
	</Directory>
</VirtualHost>

 

[nobaloney]

The file locations are probably incorrect. Is, or was, your IP#, 80.179.242.247, your Server IP#? If so, then note that the Server IP# cannot be used as a dedicated IP#; it can only be used as a shared IP#.

If you know what you're doing and if you know that you want to use the server.crt, then make sure the server.crt, the server.key and the flymarket.co.il.cacert, all are from the same Certificate installation session (the locations are shown in your httpd.conf snippet, above).

But something tells me you want to use the Certificate and private key also located in the /usr/local/direcactadmin/data/users/flymarket/domains/ directory. If so, then change the code in your user-specifc httpd.conf file, and either try to figure out why the file is wrong, or not.

Generally this happens if you try to install a Certificate on the main IP# for the server, which is really something you shouldn't do.

Jeff

 

[nservices]

How its happen, and what i need to do ?

Hi, this is not my server or shared ip
my server (shared) ip is 80.179.242.244

the above part of httpd.conf is "clean" so, its created as is by directadmin.

Please see screenshot from IP Manager. (Attached)

1. why directadmin create the httpd.conf without server ip configure ?
2. i want that by default, ssl configure for new user (shared and dedicated ip), is to use server cart but if user configure private ssl cart or ca ssl cart, he can use is on Certificate and private key located in the /usr/local/direcactadmin/data/users/username/domains/ directory.
3. i don't want to handle with users ssl configure if users want ssl, its should happen automatically via directadmin panel (for users with dedicated ip and ssl access
4. where i need to check ? , apache, openssl, or directadmin configure ?

Regards,
Nservices.

 

[nobaloney]

why directadmin create the httpd.conf without server ip configure ?

I don't know why it's not working for you. Neither, apparently, does anyone else reading here. No one else appears to have the problem.

i want that by default, ssl configure for new user (shared and dedicated ip), is to use server cart but if user configure private ssl cart or ca ssl cart, he can use is on Certificate and private key located in the /usr/local/direcactadmin/data/users/username/domains/ directory.

Which is what should be happening.

i don't want to handle with users ssl configure if users want ssl, its should happen automatically via directadmin panel (for users with dedicated ip and ssl access

It should.

where i need to check ? , apache, openssl, or directadmin configure ?

See my previous list.

Neither I, nor apparently anyone else, sees where the problem may be. It evidently will require someone to log into your system to do some analysis. You may want to contact DirectAdmin Support if they'll do that for you, or hire a third-party contractor to do that for you.

For the moment I'll leave the thread open in case someone else comes up with some ideas.

Jeff

 

[nservices]

Re:

Hi,
questions:

I don't know why it's not working for you. Neither, apparently, does anyone else reading here. No one else appears to have the problem.

• Somebody please upload good httpd.conf file with dedicated ip settings, so I can see how it is built.
• Where are the default settings for httpd.conf stored, and if am can change httpd.conf settings so that it will begin to all users I create further ?

ctopuser user full httpd.conf attached (ssl installed but not work:

# Auto generated apache config file by DirectAdmin version 1.33.0
# Modifying this file is not recommended as any changes you make will be
# overwritten when the user makes any changes to his/her website

# Frontpage requires these parameters in every httpd.conf file or else
# it won't work.
ServerRoot /etc/httpd

<VirtualHost 80.179.242.246:80>

	ServerName www.ctop.co.il
	ServerAlias www.ctop.co.il ctop.co.il 
	ServerAdmin [email protected]
	DocumentRoot /home/ctopuser/domains/ctop.co.il/public_html
	ScriptAlias /cgi-bin/ /home/ctopuser/domains/ctop.co.il/public_html/cgi-bin/
	UseCanonicalName OFF
	SuexecUserGroup ctopuser ctopuser
	CustomLog /var/log/httpd/domains/ctop.co.il.bytes bytes
	CustomLog /var/log/httpd/domains/ctop.co.il.log combined
	ErrorLog /var/log/httpd/domains/ctop.co.il.error.log

	<Directory /home/ctopuser/domains/ctop.co.il/public_html>
		Options +Includes -Indexes
		php_admin_flag engine ON
		<IfModule !mod_php6.c>
			php_admin_flag safe_mode OFF
		</IfModule>
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'
		php_admin_value open_basedir /home/ctopuser/:/tmp:/usr/local/lib/php/
	</Directory>
</VirtualHost>

<VirtualHost 80.179.242.246:443>
	SSLEngine on
	SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
	SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
	SSLCACertificateFile /usr/local/directadmin/data/users/ctopuser/domains/ctop.co.il.cacert

	ServerName www.ctop.co.il
	ServerAlias www.ctop.co.il ctop.co.il 
	ServerAdmin [email protected]
	DocumentRoot /home/ctopuser/domains/ctop.co.il/private_html
	ScriptAlias /cgi-bin/ /home/ctopuser/domains/ctop.co.il/public_html/cgi-bin/
	UseCanonicalName OFF
	SuexecUserGroup ctopuser ctopuser
	CustomLog /var/log/httpd/domains/ctop.co.il.bytes bytes
	CustomLog /var/log/httpd/domains/ctop.co.il.log combined
	ErrorLog /var/log/httpd/domains/ctop.co.il.error.log
	<Directory /home/ctopuser/domains/ctop.co.il/private_html>
		Options +Includes -Indexes
		php_admin_flag engine ON
		<IfModule !mod_php6.c>
			php_admin_flag safe_mode OFF
		</IfModule>
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'
		php_admin_value open_basedir /home/ctopuser/:/tmp:/usr/local/lib/php/
	</Directory>
</VirtualHost>

same user configurations file: ctopuser/domains/ctop.co.il.conf

SSLCACertificateFile=/usr/local/directadmin/data/users/ctopuser/domains/ctop.co.il.cacert
UseCanonicalName=OFF
bandwidth=unlimited
cgi=ON
defaultdomain=yes
domain=ctop.co.il
ip=80.179.242.246
open_basedir=ON
php=ON
quota=unlimited
safemode=OFF
ssl=ON
suspended=no
username=ctopuser

 

[nservices]

look like same problem...

http://www.directadmin.com/forum/showthread.php?t=26935

 

[floyd]

Jeff already told you the file locations are incorrect.

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

Absolutely wrong. You need to put in the correct file locations.

This is also a different domain than you told us before.

I know you need help. But you cannot expect to know this without knowing some basics first. It can take a long time to learn.

 

[nservices]

Re:

Jeff already told you the file locations are incorrect.

Absolutely wrong. You need to put in the correct file locations.

This is also a different domain than you told us before.

I know you need help. But you cannot expect to know this without knowing some basics first. It can take a long time to learn.

1. Jeff speak about cart location and am asking about httpd.conf default setting for users file, i know how change the location, but, I want to get to a situation where the DA system sets it alone when a user installs CA Carts
2. yes, its different domain, but its same problem, in all users accounts.