- Joined
- Feb 27, 2003
- Messages
- 9,158
Create a Support Ticket and include the exact message from the result so we can manually check the A record.
John
John
DirectAdmin 1.50.0 has been released
- Thread starter DirectAdmin Support
- Start date
@nielsh I changed the letsencrypt script to add all subdomains and domainpoiter + domainpointer subdomains.
Just put this script in scripts/custom and you should be able to most of the things you need.
https://github.com/ictabc/directadmin
Still needs a lot of clean up, it now copies the certificates when you run update-mail-certificates.sh. Need to fix that so it creates symlink to the original file.
Axel
I don't think you can use symlinks because of different permissions for Dovecot/Exim and your webserver. But I could be wrong.
Tell me about the license you've added. Do you think it's okay to take scripts from DirectAdmin (which is a proprietary, closed-source application) and redistribute those publicly? My question is not meant as criticism, I'm just curious if you think this is okay, and why.
That's why I still need to figure out if it will work with symlinks. Would make things much easier, but this works. For me at least, and lots of people I heard about this functionality, so posted it on github.
And the license is something that I needed to select when creating this repository. Not a lawyer, so selected the least restrictive one I new about, could be wrong. Don't know if there are restrictions on changing the scripts, probably not. Just hope this functionality will be added to the official scripts. As I said it works for me, and trying to help others. And maybe people can fix/simplify things, not really a programmer...
And the license is something that I needed to select when creating this repository. Not a lawyer, so selected the least restrictive one I new about, could be wrong. Don't know if there are restrictions on changing the scripts, probably not. Just hope this functionality will be added to the official scripts. As I said it works for me, and trying to help others. And maybe people can fix/simplify things, not really a programmer...
Hi, I have never used letsencrypt=2, it has been always 1.
Is there a way to use Let's Encrypt with Varnish Caching running on port 80. Apache on port 8080.
Varnish is running in front of Apache.
Varnish Caching is common used for Magento.
I'm running CentOS 7.x.
DA v1.50
Varnish 4.0.3
Apache/2.4.18
[root@vps2 ~]# cd /usr/local/directadmin/scripts/
[root@vps2 scripts]# ./letsencrypt.sh request srv1.domain.com 4096
Setting up certificate for a hostname: srv1.domain.com
Getting challenge for srv1.domain.com from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Invalid response from http://srv1.domain.com/.well-known/acme-challenge/ZsEbltpVWrk-2S9_kQxuwddOljzVgekEC555HzsoxXX [xxx.xxx.xxx.xxx]: 404. Exiting...
For more information about Varnish in front of Apache see this page:
http://www.2daygeek.com/varnish-cache-installation-configuration-centos-rhel/
I think there must be a forwarding .vcl for '/.well-known/acme-challenge/'.
Here is a setup for Let's Encrypt in combination with Varnish and Hitch:
http://info.varnish-software.com/blog/five-steps-to-secure-varnish-with-hitch-and-lets-encrypt
Thanks in advance.
Varnish is running in front of Apache.
Varnish Caching is common used for Magento.
I'm running CentOS 7.x.
DA v1.50
Varnish 4.0.3
Apache/2.4.18
[root@vps2 ~]# cd /usr/local/directadmin/scripts/
[root@vps2 scripts]# ./letsencrypt.sh request srv1.domain.com 4096
Setting up certificate for a hostname: srv1.domain.com
Getting challenge for srv1.domain.com from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Invalid response from http://srv1.domain.com/.well-known/acme-challenge/ZsEbltpVWrk-2S9_kQxuwddOljzVgekEC555HzsoxXX [xxx.xxx.xxx.xxx]: 404. Exiting...
For more information about Varnish in front of Apache see this page:
http://www.2daygeek.com/varnish-cache-installation-configuration-centos-rhel/
I think there must be a forwarding .vcl for '/.well-known/acme-challenge/'.
Here is a setup for Let's Encrypt in combination with Varnish and Hitch:
http://info.varnish-software.com/blog/five-steps-to-secure-varnish-with-hitch-and-lets-encrypt
Thanks in advance.
ZipperZapper
Verified User
- Joined
- Nov 30, 2015
- Messages
- 142
I tried this, and it seems to work for the DirectAdmin interface. But if I try to connect with my mail server, I still get the old cert. Is it supposed to change the cert in Exim, or should I do that manually?
Are you sure that domain is set as the hostname of the server? Please check:
Code:
hostname
Richard G
Verified User
Looks like I found a bug, I'm not sure.
When creating a new domain, only this is created:
Missing:
awstats
logs
private_html
stats
Is this a bug or is something else causing this?
When creating a new domain, only this is created:
Missing:
awstats
logs
private_html
stats
Is this a bug or is something else causing this?
private_html vil only be created if you activate ssl for the domain, I guess you did not tick the box for ssl when creating the domain?
Regarding logs, awstats and stats, they will be generated for the first time after the tally has run a little after midnight.
Regarding logs, awstats and stats, they will be generated for the first time after the tally has run a little after midnight.
Richard G
Verified User
Ah I thought they were all created by default, I indeed did not tick the box for ssl, since we don't use ssl.
Thank you.
Thank you.
ZipperZapper
Verified User
- Joined
- Nov 30, 2015
- Messages
- 142
Yes, it is. And it created a cert for hostname, mail.hostname, ftp.hostname, smtp.hostname and pop.hostname and www.hostname. I saw the script doing that and it worked fine for the DirectAdmin interface. That one uses the new cert and when I open that cert in the browser I can see all those names.
But when I try to add my mailaccount to Outlook and using one of those URL's, I get a cert-error and when I open the cert I can see it's the old one from StartSSL, which is valid for www.hostname and hostname only. So in some way Exim still has the old one in place. Should I change something manually?
ZipperZapper
Verified User
- Joined
- Nov 30, 2015
- Messages
- 142
Weird. /etc/exim.conf is pointing to /etc/exim.cert and the content of exim.cert seems to be the same as /usr/local/directadmin/conf/cacert.pem so it should be working fine.
Oh, well, it actually IS working now. It's a mystery. Well, thanks!
Oh, well, it actually IS working now. It's a mystery. Well, thanks!
Last edited:
Just wanted to help others that may have run into the same problem I did... since I've been spending the last 2 days trying to get LetsEncrypt working.
CentOS running DirectAdmin with nginx as server.
I had successfully setup a 3rd party Lets Encrypt script on my DirectAdmin box before a DirectAdmin plugin (or native support) was added. I had that working here: /opt/lescript but wasn't ideal since the process was manual.
I tried going through the guide located here: http://www.directadmin.com/features.php?id=1828 once I found out DirectAdmin native support was added. I also tried using this guide: https://raymii.org/s/articles/Lets_Encrypt_Directadmin_Now_Built_In.html
I first got it working (after lots of re-building and editing) with letsencrypt=2... However I ran into the issue where it was trying to (unsuccessfully) validate ftp.domain.com, pop.domain.com, etc. Saw this thread and found that others had the same issue and rather than setup Domain Pointers, alter the DNS, etc. I opted to try to get letsencrypt=1 working since that seemed to be the ideal setup anyway.
For the life of me I couldn't get the rewrites to work. Even though the .well-known rewrite was successfully added to /etc/nginx/webapps.conf
I finally came across the following question, which wasn't my exact issue... but got me poking around in the right area... which led to the solution.
While I had nothing in the '/usr/local/directadmin/custombuild/custom' DIR but a proftpd DIR (with a file inside named 'configure.proftpd')...
I *DID* have nginx configure files in '/usr/local/directadmin/data/templates/custom' which were interfering.
In the '/usr/local/directadmin/data/templates/custom' dir I had the following files:
nginx_server.conf nginx_server_secure.conf nginx_server_secure_sub.conf nginx_server_sub.conf
After moving them to another directory, so they'd be ignored, I re-ran ./build rewrite-confs and all was well in the world.
I'm not sure why those files existed (and why it hasn't been brought up by others that I could tell)... but it was messing up my nginx config (and causing my domains to ignore /etc/nginx/webapps.conf). The files in the directory were created back in July of 2013, so its possible its from an old setup or something... or maybe this was the directory used before /usr/local/directadmin/custombuild/custom/nginx*/conf/
So if you are using nginx, using letsencrypt=1, and getting a 404 for .well-known, make sure you don't have templates in the /usr/local/directadmin/data/templates/custom like I did.
Thanks,
Brian
CentOS running DirectAdmin with nginx as server.
I had successfully setup a 3rd party Lets Encrypt script on my DirectAdmin box before a DirectAdmin plugin (or native support) was added. I had that working here: /opt/lescript but wasn't ideal since the process was manual.
I tried going through the guide located here: http://www.directadmin.com/features.php?id=1828 once I found out DirectAdmin native support was added. I also tried using this guide: https://raymii.org/s/articles/Lets_Encrypt_Directadmin_Now_Built_In.html
I first got it working (after lots of re-building and editing) with letsencrypt=2... However I ran into the issue where it was trying to (unsuccessfully) validate ftp.domain.com, pop.domain.com, etc. Saw this thread and found that others had the same issue and rather than setup Domain Pointers, alter the DNS, etc. I opted to try to get letsencrypt=1 working since that seemed to be the ideal setup anyway.
For the life of me I couldn't get the rewrites to work. Even though the .well-known rewrite was successfully added to /etc/nginx/webapps.conf
I finally came across the following question, which wasn't my exact issue... but got me poking around in the right area... which led to the solution.
While I had nothing in the '/usr/local/directadmin/custombuild/custom' DIR but a proftpd DIR (with a file inside named 'configure.proftpd')...
I *DID* have nginx configure files in '/usr/local/directadmin/data/templates/custom' which were interfering.
In the '/usr/local/directadmin/data/templates/custom' dir I had the following files:
nginx_server.conf nginx_server_secure.conf nginx_server_secure_sub.conf nginx_server_sub.conf
After moving them to another directory, so they'd be ignored, I re-ran ./build rewrite-confs and all was well in the world.
I'm not sure why those files existed (and why it hasn't been brought up by others that I could tell)... but it was messing up my nginx config (and causing my domains to ignore /etc/nginx/webapps.conf). The files in the directory were created back in July of 2013, so its possible its from an old setup or something... or maybe this was the directory used before /usr/local/directadmin/custombuild/custom/nginx*/conf/
So if you are using nginx, using letsencrypt=1, and getting a 404 for .well-known, make sure you don't have templates in the /usr/local/directadmin/data/templates/custom like I did.
Thanks,
Brian
Last edited:
I installed letts encypt for the hostname srv1.mydomain.com everything seems to work
but when i create a user certificate for the user and they go to https://mydomain.com:2222 is gives a invalid certificate (https:mydomain.com gives a valid certificate)
and now when a user types domain.com:2222 they get a redirect to the server ip https://87.**.14.145:222 with a invalid certificate
is there a way to fix this so they see https:mydomain.com:2222 with a valid certificate?
but when i create a user certificate for the user and they go to https://mydomain.com:2222 is gives a invalid certificate (https:mydomain.com gives a valid certificate)
and now when a user types domain.com:2222 they get a redirect to the server ip https://87.**.14.145:222 with a invalid certificate
is there a way to fix this so they see https:mydomain.com:2222 with a valid certificate?
Last edited:
The SSL certificate also includes the www. variant by default. Sometimes I don't have that, eg. app.mydomain.com exists, but not www.app.mydomain.com. I also don't need that, so perhaps make it a checkbox to include that variant? (And also other aliases)
Make sure you have in directadmin.conf the following:
ssl_redirect_host=mydomain.com
servername=mydomain.com
force_hostname=mydomain.com
The problem is the user trying to access without SSL which forwards to SSL with IP.
Hope this works for you!
Does Directadmin re-creates combined cert on renewal? It was not created on at least 2 servers with Apache and Nginx+Apache on a board causing the error:
Code:
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/directadmin/data/users/username/domains/example.com.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)nginx: configuration file /etc/nginx/nginx.conf test failed