DirectAdmin 1.50.0 has been released

how did u get that location config? and from where?
ive rebuilt config so many times by now and dont see that alias anywhere and still cant generate new certificate
 
I followed zEitEr's instructions (clear nginx confs, try to validate, rebuild confs, try validating again) but letsencrypt refuses to work. Both apache as nginx have aliases for .well-known and the DNS settings are correct. Even when trying with SSH, I'm stuck with this:

Code: 
root@server:~# /usr/local/directadmin/scripts/letsencrypt.sh request example.com 4096
Getting challenge for tekkenzone.net from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Could not connect to http://example.com/.well-known/acme-challenge/E8aOlQiwbDB0bE8obJW1tXdm1VoY-gIxjN0w3UPbVSs. Exiting...

Code: 
66.133.109.36 - - [21/Feb/2016:19:11:56 +0100] "GET /.well-known/acme-challenge/E8aOlQiwbDB0bE8obJW1tXdm1VoY-gIxjN0w3UPbVSs HTTP/1.0" 200 379 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
 
Only for phpMyAdmin and Roundcube, no custom templates for Apache or Nginx. I'll check once more if the .htacces in public_html isn't messing up something
 
Thanks for the update, works great so far. What is the recommended ciphersuite we can use now for DirectAdmin? I saw the the current SSL cipherlists page hasn't been updated. :)
 
To add SSL to domain pointers i did this to make it work (hope this is the good way):
Code: 
nano /usr/local/directadmin/data/users/username/domains/domain.com.cert.san_config
for each domain add the non www and www to the line: subjectAltName so it could look like this:
Code: 
subjectAltName=DNS:example.com,DNS:www.example.com,DNS:example.net,DNS:www.example.net
Then execute renewal through the DirectAdmin script:
Code: 
./letsencrypt.sh renew example.com 4096
which outputs:
Code: 
Getting challenge for example.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.example.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for example.net from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.example.net from acme-server...
Waiting for domain verification...
Challenge is valid.
Generating 4096 bit RSA key for poollicht.be...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/username/domains/example.com.key.new"
Generating RSA private key, 4096 bit long modulus
................++
...................++
Certificate for example.com has been created successfully!
And that should make it work for your domain pointers if you want to have SSL on them as well.
 
my conf looks exactly like that too
domain.com.cert.san_config

still doesnt generate certificate
[root@server scripts]# ./letsencrypt.sh renew domain.me 2048
Getting challenge for domain.me from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Invalid response
404. Exiting...

can anyone help me please
 
Last edited:
Frej said:
my conf looks exactly like that too
domain.com.cert.san_config

still doesnt generate certificate

ssl_certificate /etc/nginx/ssl.crt/server.crt.combined;
ssl_certificate_key /etc/nginx/ssl.key/server.key;

can anyone help me please
Click to expand...

These are server-level certificates (for your hostname). To generate these, you should start letsencrypt.sh manually:
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]your.hostname.com [/B]4096

To manually generate a certificate for any of your domains with letsencrypt=1 set in directadmin.conf (you'd need to enable SSL for the domain in DA this way):
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]domain.com [/B]4096 "" /var/www/html/
 
Active8 said:
What is the bug exactly ? everything seems fine here, is it mandatory to apply this patch ?
Click to expand...

I think DA does not pass /var/www/html as the 5th argument to the letsencrypt.sh script if letsencrypt=1 is used in directadmin.conf (not confirmed yet). If you have no alias setup in httpd-alias.conf, it'd work, however, it should fail with an alias.
 
ye i checked directory
ssl_certificate /usr/local/directadmin/data/users/admin/domains
ssl_certificate_key /usr/local/directadmin/data/users/admin/domains


couldnt find the new certificate


but if i want to use =1 how would i get those cert when my domains are on /home/users

trying generating new cert

[root@server scripts]# ./letsencrypt.sh renew domain.me 2048
Getting challenge for domain.me from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Invalid response
404. Exiting...

smtalk said:
These are server-level certificates (for your hostname). To generate these, you should start letsencrypt.sh manually:
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]your.hostname.com [/B]4096

To manually generate a certificate for any of your domains with letsencrypt=1 set in directadmin.conf (you'd need to enable SSL for the domain in DA this way):
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]domain.com [/B]4096 "" /var/www/html/
Click to expand...
 
Last edited:
using=1
still cant generate new ssl

same error
i did this
cd /usr/local/directadmin/custombuild
./build update
./build rewrite_confs


[root@server scripts]# ./letsencrypt.sh renew domain.me 2048
Getting challenge for domain.me from acme-server...
Waiting for domain verification...

Challenge is invalid. Details: Invalid response from
403. Exiting...
 
Last edited:
only file i see in /usr/local/directadmin/custombuild/custom is
configure.nginx, ye i tried ur second commands still cant generate cert
#!/bin/sh
./configure \
"--add-module=/root/ngx_pagespeed-release-1.10.33.2-beta" \
"--with-cc=/opt/rh/devtoolset-2/root/usr/bin/gcc" \
"--with-http_v2_module" \
"--user=nginx" \
"--group=nginx" \
"--prefix=/usr" \
"--sbin-path=/usr/sbin" \
"--conf-path=/etc/nginx/nginx.conf" \
"--pid-path=/var/run/nginx.pid" \
"--http-log-path=/var/log/nginx/access_log" \
"--error-log-path=/var/log/nginx/error_log" \
"--with-ipv6" \
"--without-mail_imap_module" \
"--without-mail_smtp_module" \
"--with-http_ssl_module" \
"--with-http_realip_module" \
"--with-http_stub_status_module" \
"--with-http_gzip_static_module" \
"--with-http_dav_module" \
"--with-cc-opt='-D FD_SETSIZE=32768'"
 
If I navigate with my browser to example.com/.well-known/ or example.com/.well-known/acme-challenge/, is it normal it returns a 403 Forbidden? Could that interfere with the process?

(Using letsencrypt=1)
 
smtalk said:
These are server-level certificates (for your hostname). To generate these, you should start letsencrypt.sh manually:
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]your.hostname.com [/B]4096

To manually generate a certificate for any of your domains with letsencrypt=1 set in directadmin.conf (you'd need to enable SSL for the domain in DA this way):
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request [B]domain.com [/B]4096 "" /var/www/html/
Click to expand...

Can you please tell me the difference between the domain certificate and de server-level certificate ? im confused

I have set up now as:

hostname: srv1.myserver.com
I did generate for this domain (in user mode in DA) myserver.com a SSL certificate is this not sufficient ? the main website myserver.com is working with teh new generated SSL, must i do the server-level certificate as you meant before ?
 
smtalk said:
There seems to be a bug with DA 1.50 and letsencrypt=1 option, to fix it, pelase use:
Code: 
perl -pi -e 's|DOCUMENT_ROOT=\$5|DOCUMENT_ROOT=/var/www/html|' /usr/local/directadmin/scripts/letsencrypt.sh
Click to expand...

Tried this one, still get a 404 on .well-known? I checked /etc/nginx/webapps.conf and the alias seems to be there. I do use custom nginx-templates, but they all include webapps.conf so it should be good?

I get the feeling WordPress is messing things up here, because I tried another site (with a Piwik install) and there were no problems there. Going to investigate this more now.
 
You must log in or register to reply here.
Back
Top