CSF Messenger and not valid certificate

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,567
I am trying to setup CSF Messenger for the first time. I got it working, but get a browser warning because it uses the hostname certificate instead of each of the user domain certificate. In csf.conf it does say that it support SNI and using each domain certificate, however that does not happen in my case, it only use the server hostname when displaying message to the blocked user.
 

jayw1

Verified User
Joined
Nov 20, 2019
Messages
157
Location
USA
MESSENGER_HTTPS_CONF = "/etc/httpd/conf.d/ssl.conf"

I suspect if you update this file to use LetsEncrypt SSL for your hostname, it may work. I think the default may be self-signed.
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,567
That is not it. As I said the problem is that the hostname certificate is used in CSF Messenger for the users domain, instead of the users domains certificate. And the hostname certificate is of course not valid for the other domains.
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,567
Bump. Still not able to solve this. When I run csf --mregen I get this:

Code:
[root@server ~]# csf --mregen
csf - MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration:

cp: cannot stat ‘/etc/csf/messenger/index.php’: No such file or directory
chown: cannot access ‘/home/csf/public_html/index.php’: No such file or directory
chmod: cannot access ‘/home/csf/public_html/index.php’: No such file or directory
cp: cannot stat ‘/etc/csf/messenger/en.php’: No such file or directory
chown: cannot access ‘/home/csf/en.php’: No such file or directory
chmod: cannot access ‘/home/csf/en.php’: No such file or directory
cp: cannot create regular file ‘/etc/apache2/conf.d/csf.messenger.conf’: No such file or directory

...Done.
[root@server ~]#
Maybe it only works on cpanel?
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,567
Thanks. I have read about it. Currently it is working for http, but not for https.

How can I change to use Messenger V1? I did not find a setting for that?
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,567
I was finally able to get it to work on CentOS 7. However not on CentOS 8 am not able to get it to work. I even sent a mail to the company behind CSF and asked if I could pay them to fix it for CentOS 8, but they are not even willing to consider it and just tell me to look in the forum.

If someone with CentOS 8 servers are willing and competent to debug CSF Messenger on DirectAdmin with CentOS 8, I would be happy to share what I did to make it work on CentOS 7. Otherwise not, as I am sitting all alone with this, and not even the developer of the software is willing to look at the bug.
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,567
I hired a external company to fix the compability bug with CSF Messenger on CentOS 8/DirectAdmin, but there is remaining bugs that needs to be fixed before this can be used on production servers. I give up. The invoice for this is going to be big. And I have worked day/night for five days. This is killing me. Now I will just forget about it all. If you are interested I have posted the patch and needed changes here: https://forum.configserver.com/viewtopic.php?f=4&t=11654 - The company behind CSF does not seem to be interested in fixing anything. They did not even let me pay them to fix the bugs, they just pointed me to the CSF forum. Not happy.
 

myH2Oservers

Verified User
Joined
Mar 13, 2006
Messages
239
Location
Netherlands
You have to configure it like this if you want to use the domain SSL certificates of each user:

MESSENGER_HTTPS_CONF = "/usr/local/directadmin/data/users/*/httpd.conf"

Can also be used if not all users have SSL enabled, then only the users that do have SSL enabled will work. Others get the normale invalid SSL warning.
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,567
As I already wrote above I was able to make it work. I already know that I need to change the path in MESSENGER_HTTPS_CONF. I posted information about it in replies at CSF forum wich they deleted: https://forum.configserver.com/viewtopic.php?f=4&t=11654 - then I have later posted a longer bug list at https://forum.configserver.com/viewtopic.php?f=4&t=11660 wich they have not deleted yet.

My guess is that you found the information about the needed change in MESSENGER_HTTPS_CONF path in the post at CSF forum wich I posted. That information was not to be found anywhere else before I posted it.
 

myH2Oservers

Verified User
Joined
Mar 13, 2006
Messages
239
Location
Netherlands
Hi Ditto, we use this setting for one year already so wrong guess ;-) my post is not related to centos versions as we only use centos 7 in production (we don't use centos 8 yet).
 
Top