Direct Admin URL with 2222 no SSL - ERR_SSL_PROTOCOL_ERROR

[RO3B]

Hi There I just set up my vps
However, when I add the :2222 for DA login, it will not work. I can only log in to DA with http:// not with https:.//
Is there an easy fix for this?

For example,
https://server.example.net Works
https://www.server.example.net Works
https://server.example.net:2222 NOT WORKING
With error ''
server.example.net sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR
''
but for example, if I open LiteSpeed port https://server.example.net:7080 its works with no issues.

I Have added SSL=1
I have added everything you could imagine I checked all the documentation, tutorial

I also run this command: /usr/local/directadmin/scripts/letsencrypt.sh request_single your.hostname.com 4096

Still, The problem Exists.
Please help me out

 

[Richard G]

I Have added SSL=1

I've heard talking that there might be an issue with case sensitivity.

Can you try changing this to lowercase, so ssl=1 and restart directadmin?

Please also check these settings are present:
ssl_redirect_host=server.example.net enable_ssl_sni=1 letsencrypt=1

It might be the last 2 are defaulted, but just to be sure. Ofcourse replace server.example.net with your vps hostname.

 

[RO3B]

I've heard talking that there might be an issue with case sensitivity.

Can you try changing this to lowercase, so ssl=1 and restart directadmin?

Please also check these settings are present:
ssl_redirect_host=server.example.net enable_ssl_sni=1 letsencrypt=1

It might be the last 2 are defaulted, but just to be sure. Ofcourse replace server.example.net with your vps hostname.

You are absolutely amazing it works
Last Question can i use my hostname behind cloudflare ?

 

[Ohm J]

You can't, Example exim/mail need to check reverse IPs with hostname and cloudflare don't have port :2222 open up. or possible breaks change with something else that need to check between hostname and IPs

 

[RO3B]

You can't, Example exim/mail need to check reverse IPs with hostname and cloudflare don't have port :2222 open up. or possible breaks change with something else that need to check between hostname and IPs

When i try to access to my mail.hostname.com server it's showing cert problem '' this ssl issued to server.hostname.com !!
How can i fix this ? i issued a wild card ssl certificate but it's showing issued for server.hostname.com

 

[Richard G]

How can i fix this ? i issued a wild card ssl certificate but it's showing issued for server.hostname.com

Do you also have the setting mail_sni=1 in your directadmin.conf?

Might be also something else but I'm not familiar with Cloudflare usage.

 

[RO3B]

Do you also have the setting mail_sni=1 in your directadmin.conf?

Might be also something else but I'm not familiar with Cloudflare usage.

I have disabled cloudflare and diproxied all of the icons now it directly shows the ip and everything.
And Yes I have added it manually yesterday it's working but the mail.hostname.com is showing this ssl certificate issued for server.hostname.com

 

[Richard G]

Yes I have added it manually yesterday

Also rebuild exim and dovecot? Because that's needed to after making that change if I'm correct.

You can also check at https://crt.sh/ if mail.domain.com (not mail.hostname.com) did indeed get the certificate issued correctly or not.

When i try to access to my mail.hostname.com

How exactly are you trying to access it? Via your email client?

 

[Richard G]

And Yes I have added it manually yesterday

Yesterday is was ssl=1 and enable_ssl_sni=1
Today I wrote mail_sni=1 which is a different setting and not mentioned yesterday. So I write this just to be sure you're not confusing both settings.

 

[RO3B]

Also rebuild exim and dovecot? Because that's needed to after making that change if I'm correct.

You can also check at https://crt.sh/ if mail.domain.com (not mail.hostname.com) did indeed get the certificate issued correctly or not.


How exactly are you trying to access it? Via your email client?

No Yesterday I got mail_sni=1 from the documentation and I added it manually coz I didn't find it in there.
I haven't rebuilt Exim and dovecot
Can you point out how to rebuild Exim and dovecot ??
As far as I'm concerned emails are going in the inbox but I can't access them from the email client. i can only signin via roundcube

 

[Richard G]

Can you point out how to rebuild Exim and dovecot ??

Sure, you might best to all if you didn't customize the exim.conf file:

cd /usr/local/directadmin/custombuild
./build update
./build exim
./build exim_conf
./build dovecot
./build dovecot_conf

Doublecheck that your exim.conf file is version 4.5.37 and not 38.

 

[RO3B]

Sure, you might best to all if you didn't customize the exim.conf file:

cd /usr/local/directadmin/custombuild
./build update
./build exim
./build exim_conf
./build dovecot
./build dovecot_conf

Doublecheck that your exim.conf file is version 4.5.37 and not 38.

My Exim is 4.95!!

 

[RO3B]

I Connected to Outlook the outgoing emails are working but incoming email only connects to 995 if I connect to the 993 port it's showing.
So I can't receive emails but if I open the same email using Roundcube I foud the emails that i am supposed to receive !!

 

[RO3B]

I Tried using Spark email client I choose SSL connection for both IMAP PORT 993 & SMTP PORT 587 (BOTH ARE OPENED IN THE FIREWALL)
It's showing a stable connection could not be established! so i tried choosing the option StarTTLS still showing a stable connection could not be established!

 

[RO3B]

when I try to send emails using Outlook, the emails were not sent due to syntax error on VPS, and after this my IP address ban by the Firewall

With remove ' csf.deny: 92.238.**. # lfd: (eximsyntax) Exim syntax errors from 92.238.. (GB/United Kingdom/cpc**hari2**0-cust145.**): 10 in the last 3600 secs - Fri Jun 3 01:38:50 2022

 

[Richard G]

My Exim is 4.95!!

Ehmz...

your exim.conf file is version 4.5.37 and not 38.

but I presume that will be correct.

(BOTH ARE OPENED IN THE FIREWALL)

Both incoming -and- outgoing I presume?

Exim syntax errors from 92.238..

That should be visible in one of the Exim mainlogs which syntax errors these are.
You have something like LF_EXIMSYNTAX = "10" in csf.conf, so more then 1 right?

and after this my IP address ban by the Firewall

Put your ip in both csf.allow and csf.ignore and that problem will be over.

Try in Outlook with port 110 without SSL/TLS is that also not working?

Otherwise maybe you can send me your domain by pm so I can do some checks.

 

[RO3B]

Ehmz...

but I presume that will be correct.


Both incoming -and- outgoing I presume?


That should be visible in one of the Exim mainlogs which syntax errors these are.
You have something like LF_EXIMSYNTAX = "10" in csf.conf, so more then 1 right?


Put your ip in both csf.allow and csf.ignore and that problem will be over.

Try in Outlook with port 110 without SSL/TLS is that also not working?

Otherwise maybe you can send me your domain by pm so I can do some checks.

I Already fixed the problem csf blocked my IP but ports still I can't connect to my emails via spark as it is not reading the SSL

 

[Richard G]

So you also fixed the exim syntax error? Good.

Does your mail work without SSL like I asked? So by using port 110 for pop?

 

[RO3B]

So you also fixed the exim syntax error? Good.

Does your mail work without SSL like I asked? So by using port 110 for pop?

It works on Outlook using Port 993, 465 but not any other email client that uses IMAP/SMTP AT ALL, Outlook works using pop

 

[Ohm J]

wildcard ssl not covering with hostname that use to access Directadmin Panel.

You must issued seperator.

/usr/local/directadmin/scripts/letsencrypt.sh request_single your.hostname.com 4096