Cannot Access hostname:2222 from https, but can from http

W

watergold

Verified User
Joined
Apr 18, 2021
Messages
5
Hello,

I have been having an issue where if I try to access the directadmin panel from http://hostname:2222, it works fine, but https does not work. The exact error code is ERR_CONNECTION_RESET.

I have followed the instructions for installed an SSL certificate via Let's Encrypt, which said the certificate was successfully installed. The servername value in directadmin.conf is also set to the correct value.

I also noticed that if I go to https://hostname, it says that I have a self-signed SSL certificate, even though Let's Encrypt is stating that the SSL installation is successful.

Thank you for your help and best regards.
 
You also have to create a certificate for your hostname:

Check directadmin.conf for:
enable_ssl_sni=1
ssl=1
ssl_redirect_host=server.yourdomain.com

And in /usr/local/directadmin/custombuild/options.conf check that:
redirect_host=server.yourdomain.com
redirect_host_https=no

The second line is no, if you also want to use https://userdomain.com:2222 to access DA.
If you set this to yes, this will be redirected to serverdomain.
 
Hi Richard,

Thank you for your advice. I generated an SSL certificate via LE for the hostname, but there were some things you listed which I hadn't done yet.

Weirdly enough, I'm still having the same issue. If I set ssl=1 in directadmin.conf, then the directadmin service won't load, and either way https://server.hostname.com:2222 is still having the same error.

Let's Encrypt was saying that the SSL certificate was generating correctly, but it seems that the SSL certificate is absent, so I wonder if Let's Encrypt is the issue?

Best regards,
 
Hello.

LE could indeed be the issue, but since you said there were some things I listed which you hadn't done yet, I don't know which ones they were and how exactly you enabled/installed Letsencrypt.

So I presume you also have letsencrypt=1 in the directadmin.conf file.

As for the directadmin.conf values. If you changed any of them. Did you restart directadmin afterwards?
Also did you issue these commands after restarting DA?
Code: 
cd /usr/local/directadmin/custombuild
./build update
./build rewrite_confs
Because these are needed for things to work.

Do you also have a DNS record present for server.hostname.com? Because that would also be required. Normally Directadmin installs this automatically during installation, but often people remove this.

It's not really necessary, but to make things way easier, I always generate the domain of the hostname as admin in user level.
So if the hostname is for example: server.watergold.com then I create the domain watergold.com there, this makes it also easier to set nameservers there if you use your own nameservers for example. But maybe you already have done so.
 
Hello,

Thank you again, the ./build commands are another new thing. However, I tried this and still having the same issue. I've been setting ssl=0 in directadmin.conf temporarily, since enabling it causes directadmin to fail to start.

Oddly, if I go to server.name.com now, it states that there is an SSL certificate, unlike the unsecure error I was receiving before, but server.name.com:2222 is still not loading.

I checked error.log and it stated the following.

2021:04:18-11:41:21: Named::readDB (Named::swap_domains): Can't open /var/named/server.name.com.db for reading
2021:04:18-11:41:21: Named::writeDB:caller=Named::swap_domains: error writing zone for server.name.com: email='' or ns1='' is empty. Ensure the zone is not corrupted.
2021:04:18-11:41:21: Error swapping hostname zone from serverold.name.com to server.name.com: Error renaming /var/named/serverold.name.com.db to /var/named/server.name.com.db : No such file o$
Error swapping the domain text in server.name.com<br>
User added to named.conf file successfully<br>
Can't open file /var/named/server.name.com.db for reading<br>
Unable to read zone file to increase serial<br>
The email or the ns1 value is blank. Check to ensure the zone isn't corrupted<br>
Unable to write zone file to increase serial<br>
(if you don't use a local hostname zone, ignore this error)
2021:04:18-11:44:19: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-11:54:12: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-15:23:52: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-16:41:57: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-16:43:32: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-17:39:37: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-17:41:12: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-17:50:07: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-17:51:42: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-17:53:15: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-17:53:17: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
2021:04:18-17:54:10: failed to load certificate: /usr/local/directadmin/conf/cacert.pem
Click to expand...
 
Can't open /var/named/server.name.com.db for reading
Click to expand...
Seems you do not have a DNS record for your hostname. Like I stated, you need that.

I posted that in my previous answer.
Richard G said:
Do you also have a DNS record present for server.hostname.com? Because that would also be required. Normally Directadmin installs this automatically during installation, but often people remove this.
Click to expand...
Create it newly, and/or create server as A record in domain.com from server.domain.com to fix this.
 
It looks like there was a DNS zone for server.name.com in DA, but when I would click it on it it stated that /var/named/server.name.com.db was empty, so I deleted and re-generated the DNS zone. The DNS zone is set up properly, as server.name.com is an A record pointing to the server's IP address.

There's also an A record in cloudflare pointing the hostname to the appropriate IP address. I should also note that the proxy settings are off.

However, now if I go to https://server.name.com, it's stating that I'm using an unsecure self-signed certificate again, and https://server.name.com:2222 is doing the same thing that it's been doing.
 
Oooh... you're using cloudflare? You didn't mention that before.
You could try to create a new certificate for your hostname now the hostname is present in /var/named again like it should be.
It should also be in /etc/virtual as a directory.

However, I'm not used working with Cloudflare so it might be you have to use something different for that.
I can ask my friend @bdacus01 to have a look at this thread. Maybe I've overseen something.
 
It looked like after completing everything you recommended, re-issuing the certificate did fix the problem. I got rate-limited on the original hostname, so set up a new one, following the steps you described, and tried issuing a Let's Encrypt certificate. Everything is now working from https.

Thank you for all of your help, sorry for wasting your time a bit by not mentioning specifics initially. Hopefully this thread will be helpful to people having a similar issue.
 
You're welcome. Nice to hear everything is working now as it should be.
I'm sure this will be helpfull for future readers of this thread.
 
You must log in or register to reply here.
Back
Top