DirectAdmin 1.50.0 has been released

Frej

Verified User
Joined
Jun 15, 2008
Messages
156
how did u get that location config? and from where?
ive rebuilt config so many times by now and dont see that alias anywhere and still cant generate new certificate
 

HolyDiver

Verified User
Joined
Feb 21, 2016
Messages
50
I followed zEitEr's instructions (clear nginx confs, try to validate, rebuild confs, try validating again) but letsencrypt refuses to work. Both apache as nginx have aliases for .well-known and the DNS settings are correct. Even when trying with SSH, I'm stuck with this:

Code:
root@server:~# /usr/local/directadmin/scripts/letsencrypt.sh request example.com 4096
Getting challenge for tekkenzone.net from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Could not connect to http://example.com/.well-known/acme-challenge/E8aOlQiwbDB0bE8obJW1tXdm1VoY-gIxjN0w3UPbVSs. Exiting...
Code:
66.133.109.36 - - [21/Feb/2016:19:11:56 +0100] "GET /.well-known/acme-challenge/E8aOlQiwbDB0bE8obJW1tXdm1VoY-gIxjN0w3UPbVSs HTTP/1.0" 200 379 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,163
Location
GMT +7.00
Do you have custom templates?

Code:
ls -1 /usr/local/directadmin/custombuild/custom/nginx*/conf/
 

HolyDiver

Verified User
Joined
Feb 21, 2016
Messages
50
Only for phpMyAdmin and Roundcube, no custom templates for Apache or Nginx. I'll check once more if the .htacces in public_html isn't messing up something
 

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
436
Location
Arnhem, NL
Thanks for the update, works great so far. What is the recommended ciphersuite we can use now for DirectAdmin? I saw the the current SSL cipherlists page hasn't been updated. :)
 

vancanneyt

Verified User
Joined
Dec 13, 2012
Messages
84
To add SSL to domain pointers i did this to make it work (hope this is the good way):
Code:
nano /usr/local/directadmin/data/users/username/domains/domain.com.cert.san_config
for each domain add the non www and www to the line: subjectAltName so it could look like this:
Code:
subjectAltName=DNS:example.com,DNS:www.example.com,DNS:example.net,DNS:www.example.net
Then execute renewal through the DirectAdmin script:
Code:
./letsencrypt.sh renew example.com 4096
which outputs:
Code:
Getting challenge for example.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.example.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for example.net from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.example.net from acme-server...
Waiting for domain verification...
Challenge is valid.
Generating 4096 bit RSA key for poollicht.be...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/username/domains/example.com.key.new"
Generating RSA private key, 4096 bit long modulus
................++
...................++
Certificate for example.com has been created successfully!
And that should make it work for your domain pointers if you want to have SSL on them as well.
 

Frej

Verified User
Joined
Jun 15, 2008
Messages
156
my conf looks exactly like that too
domain.com.cert.san_config

still doesnt generate certificate
[root@server scripts]# ./letsencrypt.sh renew domain.me 2048
Getting challenge for domain.me from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Invalid response
404. Exiting...

can anyone help me please
 
Last edited:

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,792
Location
LT, EU
my conf looks exactly like that too
domain.com.cert.san_config

still doesnt generate certificate

ssl_certificate /etc/nginx/ssl.crt/server.crt.combined;
ssl_certificate_key /etc/nginx/ssl.key/server.key;

can anyone help me please
These are server-level certificates (for your hostname). To generate these, you should start letsencrypt.sh manually:
Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]your.hostname.com [/B]4096
To manually generate a certificate for any of your domains with letsencrypt=1 set in directadmin.conf (you'd need to enable SSL for the domain in DA this way):
Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]domain.com [/B]4096 "" /var/www/html/
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,792
Location
LT, EU
What is the bug exactly ? everything seems fine here, is it mandatory to apply this patch ?
I think DA does not pass /var/www/html as the 5th argument to the letsencrypt.sh script if letsencrypt=1 is used in directadmin.conf (not confirmed yet). If you have no alias setup in httpd-alias.conf, it'd work, however, it should fail with an alias.
 

Frej

Verified User
Joined
Jun 15, 2008
Messages
156
ye i checked directory
ssl_certificate /usr/local/directadmin/data/users/admin/domains
ssl_certificate_key /usr/local/directadmin/data/users/admin/domains


couldnt find the new certificate


but if i want to use =1 how would i get those cert when my domains are on /home/users

trying generating new cert

[root@server scripts]# ./letsencrypt.sh renew domain.me 2048
Getting challenge for domain.me from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Invalid response
404. Exiting...

These are server-level certificates (for your hostname). To generate these, you should start letsencrypt.sh manually:
Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]your.hostname.com [/B]4096
To manually generate a certificate for any of your domains with letsencrypt=1 set in directadmin.conf (you'd need to enable SSL for the domain in DA this way):
Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]domain.com [/B]4096 "" /var/www/html/
 
Last edited:

Frej

Verified User
Joined
Jun 15, 2008
Messages
156
using=1
still cant generate new ssl

same error
i did this
cd /usr/local/directadmin/custombuild
./build update
./build rewrite_confs


[root@server scripts]# ./letsencrypt.sh renew domain.me 2048
Getting challenge for domain.me from acme-server...
Waiting for domain verification...

Challenge is invalid. Details: Invalid response from
403. Exiting...
 
Last edited:

Frej

Verified User
Joined
Jun 15, 2008
Messages
156
only file i see in /usr/local/directadmin/custombuild/custom is
configure.nginx, ye i tried ur second commands still cant generate cert
#!/bin/sh
./configure \
"--add-module=/root/ngx_pagespeed-release-1.10.33.2-beta" \
"--with-cc=/opt/rh/devtoolset-2/root/usr/bin/gcc" \
"--with-http_v2_module" \
"--user=nginx" \
"--group=nginx" \
"--prefix=/usr" \
"--sbin-path=/usr/sbin" \
"--conf-path=/etc/nginx/nginx.conf" \
"--pid-path=/var/run/nginx.pid" \
"--http-log-path=/var/log/nginx/access_log" \
"--error-log-path=/var/log/nginx/error_log" \
"--with-ipv6" \
"--without-mail_imap_module" \
"--without-mail_smtp_module" \
"--with-http_ssl_module" \
"--with-http_realip_module" \
"--with-http_stub_status_module" \
"--with-http_gzip_static_module" \
"--with-http_dav_module" \
"--with-cc-opt='-D FD_SETSIZE=32768'"
 

HolyDiver

Verified User
Joined
Feb 21, 2016
Messages
50
If I navigate with my browser to example.com/.well-known/ or example.com/.well-known/acme-challenge/, is it normal it returns a 403 Forbidden? Could that interfere with the process?

(Using letsencrypt=1)
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
262
These are server-level certificates (for your hostname). To generate these, you should start letsencrypt.sh manually:
Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]your.hostname.com [/B]4096
To manually generate a certificate for any of your domains with letsencrypt=1 set in directadmin.conf (you'd need to enable SSL for the domain in DA this way):
Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]domain.com [/B]4096 "" /var/www/html/
Can you please tell me the difference between the domain certificate and de server-level certificate ? im confused

I have set up now as:

hostname: srv1.myserver.com
I did generate for this domain (in user mode in DA) myserver.com a SSL certificate is this not sufficient ? the main website myserver.com is working with teh new generated SSL, must i do the server-level certificate as you meant before ?
 

ZipperZapper

Verified User
Joined
Nov 30, 2015
Messages
111
There seems to be a bug with DA 1.50 and letsencrypt=1 option, to fix it, pelase use:
Code:
perl -pi -e 's|DOCUMENT_ROOT=\$5|DOCUMENT_ROOT=/var/www/html|' /usr/local/directadmin/scripts/letsencrypt.sh
Tried this one, still get a 404 on .well-known? I checked /etc/nginx/webapps.conf and the alias seems to be there. I do use custom nginx-templates, but they all include webapps.conf so it should be good?

I get the feeling WordPress is messing things up here, because I tried another site (with a Piwik install) and there were no problems there. Going to investigate this more now.
 
Top