zEitEr
Super Moderator
Probably it's high time to release it, as there will be many reports on the issue soon.
DirectAdmin 1.50.0 has been released
- Thread starter DirectAdmin Support
- Start date
zEitEr
Super Moderator
You'd better not to wait but solve the issue now:
Change Directadmin settings to renew cert every 60 days (it will be a default value with new directadmin version):
or change creation time to a value on far past:
and make Directadmin to renew all the certs:
Then create a script:
with the following content:
and run it as root:
With it you will get all the Let's Encrypt certs updated with correct cert.combined, run:
and/or
to make sure that everything is fine and restart both of them (or any depending on what server you use).
Change Directadmin settings to renew cert every 60 days (it will be a default value with new directadmin version):
Code:
echo "letsencrypt_renewal_days=60" >> /usr/local/directadmin/conf/directadmin.confor change creation time to a value on far past:
Code:
for file in `ls -1 /usr/local/directadmin/data/users/*/domains/*.cert.creation_time`; do echo -n 100 > $file; done;and make Directadmin to renew all the certs:
Code:
echo "action=rewrite&value=letsencrypt" >> /usr/local/directadmin/data/task.queue && /usr/local/directadmin/dataskqThen create a script:
Code:
touch /usr/local/directadmin/scripts/custom/recreate_ssl_combined.sh
chmod 700 /usr/local/directadmin/scripts/custom/recreate_ssl_combined.shwith the following content:
Code:
#!/bin/bash
#
# Written by Alex S Grebenschikov $ www.poralix.com ([email protected])
# A script to re-create combined cert for domains with Let's Encrypt SSL Certs.
#
for san in `ls -1 /usr/local/directadmin/data/users/*/domains/*.san_config`;
do
domain=`basename ${san}`;
dirname=`dirname ${san}`;
domain=${domain%.san_config};
if [ -e "${dirname}/${domain}.cert.creation_time" ] && [ -e "${dirname}/${domain}.cert" ] && [ -e "${dirname}/${domain}.key" ];
then
echo "[OK] Found $domain";
cat "${dirname}/${domain}.cert" "${dirname}/${domain}.cacert" > "${dirname}/${domain}.cert.combined";
fi;
done;
exit 0;and run it as root:
Code:
/usr/local/directadmin/scripts/custom/recreate_ssl_combined.shWith it you will get all the Let's Encrypt certs updated with correct cert.combined, run:
Code:
apachectl -tand/or
Code:
nginx -tto make sure that everything is fine and restart both of them (or any depending on what server you use).
Last edited:
zEitEr
Super Moderator
It's fixed in a pre-release binary which is available through the client area on www.directadmin.com. I really hope they will release a fixed version very soon.
And still it's quite easy to request a new cert in Directadmin at user level for one-two domains.
And still it's quite easy to request a new cert in Directadmin at user level for one-two domains.
zEitEr
Super Moderator
Renewal function works fine for the exception of creating combined/bundle cert for nginx. You can ignore this fact if you don't have Nginx.
This is on an NGINX server alright. But I'm not entirely sure what you mean with combined/bundle certs. Are these LE certs where you have added additional domains manually and then resubmitted the certificate request?
zEitEr
Super Moderator
If you see error like this:
https://forum.directadmin.com/showthread.php?t=52723&p=272938#post272938
Here is a solution:
https://forum.directadmin.com/showthread.php?t=52723&p=272947#post272947
Or install pre-release binary of Directadmin which has a fix.
ZipperZapper
Verified User
- Joined
- Nov 30, 2015
- Messages
- 142
A week ago I received an automatic email from Directadmin that my cert had been automatically renewed, so I tought "yes, it works". But I never realized it said it renewed the cert, but never really did it. So I hit a big SSL-error this morning, because my cert expired. Fixed it quickly by creating a new one in the interface, but it's a nasty bug.
Am I correct I have to perform all the steps as mentioned in this post or is there new information available?
Am I correct I have to perform all the steps as mentioned in this post or is there new information available?
zEitEr
Super Moderator
Nginx restart is required since a cert renewal.
Directadmin is smart enough and does a test of the nginx configuration, if a test fails directadmin won't force to restart nginx. If directadmin would not check nginx configuration and force restarting, then nginx would not simply start and you would get you web-server down.
If you see an old cert in a browser, when you are 100% sure that the cert was renewed...
If a site with a newly subdomain or domain shows a blank page with "Nginx is functioning normally" instead of expected content... then it would mean that nginx was not restarted.
Actually you have 3 options:
1. install pre-release binary
2. manual renew through directadmin interface per domain
3. for bulk updates use the guide in the post #203
Directadmin is smart enough and does a test of the nginx configuration, if a test fails directadmin won't force to restart nginx. If directadmin would not check nginx configuration and force restarting, then nginx would not simply start and you would get you web-server down.
If you see an old cert in a browser, when you are 100% sure that the cert was renewed...
If a site with a newly subdomain or domain shows a blank page with "Nginx is functioning normally" instead of expected content... then it would mean that nginx was not restarted.
Actually you have 3 options:
1. install pre-release binary
2. manual renew through directadmin interface per domain
3. for bulk updates use the guide in the post #203
Wanabo
Verified User
Thanks zEitEr your post #203 saved my day! After I restarted apache and nginx all websites where down.
Desperately I followed your guide and all is working ok now.
Lets hope DA will update soon.
Below my post about it somewhere else on the forum.
Desperately I followed your guide and all is working ok now.
Lets hope DA will update soon.Below my post about it somewhere else on the forum.
http://forum.directadmin.com/showthread.php?t=53233&p=273056#post273056
First time using SSL and Let's Encrypt with DirectAdmin. It's been 90 days, but my certificates aren't auto-renewing.
I also can't recreate the certificates manually anymore either.
Anything I can do to fix this?
I also can't recreate the certificates manually anymore either.
Code:
Getting challenge for <mydomain>.com from acme-server...
/usr/local/directadmin/scripts/letsencrypt.sh: 319: /usr/local/directadmin/scripts/letsencrypt.sh: cannot create /var/www/html/.well-known/acme-challenge/: Is a directory
/usr/local/directadmin/scripts/letsencrypt.sh: 322: [: -ne: unexpected operator
Waiting for domain verification...
rm: cannot remove `/var/www/html/.well-known/acme-challenge/': Is a directory
Challenge is . Details: . Exiting...Anything I can do to fix this?
I fixed this by changing line 300 in /usr/local/directadmin/scripts/letsencrypt.sh from
Code:
CHALLENGE="`echo "${RESPONSE}" | egrep -o '{[^{]*\"type\":\"http-01\"[^}]*'`"
Code:
CHALLENGE="`echo "${RESPONSE}" | tr '\n' ' '| grep -Pzo '\"type\": \"http-01\",([\s\S]+)\"\s+}'`"I'm not sure if this is the "correct" way to do it, but it works. I have no idea why the first one doesn't.
My server is running Debian Wheezy, if it makes any difference.
I also had to change letsencrypt=1 to letsencrypt=2 in /usr/local/directadmin/conf/directadmin.conf to get it working.
zEitEr
Super Moderator
@neobim,
Fixed in the new pre-release binary
change:
to
in /usr/local/directadmin/scripts/letsencrypt.sh
Fixed in the new pre-release binary
Code:
Compile time: May 20 2016 at 19:14:59change:
Code:
CHALLENGE="`echo "${RESPONSE}" | egrep -o '{[^{]*\"type\":\"http-01\"[^}]*'`"to
Code:
CHALLENGE="`echo "${RESPONSE}" | awk '/\"type\": \"http-01\"/,/}/'`"in /usr/local/directadmin/scripts/letsencrypt.sh
Last edited:
zEitEr
Super Moderator
That's John and Martynas who fixed the issue, not me. I've just shared what they wrote to me when I reported the same issue via tickets.
donkeyKICK
Verified User
- Joined
- Jul 24, 2007
- Messages
- 403
So, how do I get the updated script?