DirectAdmin 1.53.1 has been released

staff_nowa

Verified User
Joined
Mar 10, 2018
Messages
71
Something is not good after update DA I have strange issue.

0. DA 1.52 updated to 1.53
1. I have web site without SSL
2. Request let's encrypt
3. Receive SSL key
4. config file not receive option ssl=ON still ssl=OFF.
5. Change to ssl=ON
6. ./build rewrite_confs All ok. Without steps 5, 6 it does not work
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
If you use a console script /usr/local/directadmin/scripts/letsencrypt.sh for a domain which is not configured in Directadmin to use SSL, the script won't enable SSL for such a domain even after a cert from Let's Encryot is issued. It's how it's working.
 

staff_nowa

Verified User
Joined
Mar 10, 2018
Messages
71
I request certificate from DirectAdmin control panel.

If you use a console script /usr/local/directadmin/scripts/letsencrypt.sh for a domain which is not configured in Directadmin to use SSL, the script won't enable SSL for such a domain even after a cert from Let's Encryot is issued. It's how it's working.
 

jet1972

Verified User
Joined
Jul 8, 2011
Messages
169
After enabling encryption on our daily scheduled backup, we got the following error message on all users:

Error Compressing the backup file /backup/admin/backup/home.tar.gz : /bin/tar: .pki: Cannot open: Permission denied
/bin/tar: Exiting with failure status due to previous errors

Encryption of /backup/admin.root.admin.tar.gz has failed: Error opening /backup/admin.root.admin.tar.gzadwZtO for writing: Permission denied
encrypt_file: error writing password to temp file.

The backups are saved on a secondary drive mounted as /backup
I have similar problem on Debian 7:

Encryption of /home/admin/admin_backups/admin.root.admin.tar.gz has failed: Permission denied.
Error while encrypting /home/admin/admin_backups/admin.root.admin.tar.gz:
File successfully removed


I have the directory permissions correctly set and I use the default location for the backups.

How to fix this?
 
Last edited:

jet1972

Verified User
Joined
Jul 8, 2011
Messages
169
Any news on the backup encryption issue?

Is it some kind of depency issue?

(Its working OK on an another Debian 7 server)
 

yourweb

Verified User
Joined
Jul 6, 2010
Messages
13
Is verzameling.org (46.249.37.37) on the same server as ns1.ispnoc.eu (46.249.53.249) and ns2.ispnoc.net (178.18.95.146) ? For wildcard certs to work, DNS needs to be hosted on the same server as domain.
Just to hook into this. If you have a setup where the DNS is being transferred using AXFR, it means that there is a delay between the sync. Would it possible to include a delay for a check until the AXFR has been completed?
 

Wanabo

Verified User
Joined
Jan 19, 2013
Messages
166
Letsencrypt wildcard ssl does not work for me. After adding dns_ttl=1 to directadmin.conf I have the wildcard option.
But requesting a certificate with or without wildcard checkbox checked results in an error.
Removing dns_ttl=1 and then requesting a certificate goes OK.

I have submitted these problems with my webhoster and he is escalating the issue. I assume here at DA via the ticket system.

Problems with dns_ttl=1:

Wildcard checked:
Code:
Found wildcard domain name and http-01 challenge type, switching to dns-01 validation.
Requesting new certificate order...
Processing authorization for verzameling.org...
DNS challenge test fail for _acme-challenge.verzameling.org IN TXT "23QUEmCcWsbDaFq4tabcufAn2jpo56IcQZ9TZfflRWY", retrying...
Retry failed, trying again in 15s...
and 18 times more ....
Retry failed, trying again in 15s...
DNS validation failed. Exiting...
Wildcard NOT checked:
Code:
Cannot Execute Your Request

Details

Requesting new certificate order...
Processing authorization for base.gebruikers-groep.be...
Challenge is valid.
some more subdomains
Processing authorization for telenet.gebruikers-groep.be...
Challenge is valid.
Processing authorization for www.gebruikers-groep.be...
Challenge is valid.
Generating 4096 bit RSA key for gebruikers-groep.be...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/someuser/domains/gebruikers-groep.be.key.new"
Generating RSA private key, 4096 bit long modulus
............................................................................................................++
...................................................++
e is 65537 (0x10001)
Unable to find certificate. Something went wrong. Printing response...
Error finalizing order :: Unable to meet CA SCT embedding requirements
The company I rent my servers from managed to make wildcard ssl to work with their dns cluster. (in stead of dns managed by direct admin)

I successfully requested an wildcard ssl cert. But a couple of days later I receive a mail from expiry@letsencrypt.org containing: "Your certificate (or certificates) for the names listed below will expire in 20 days (on 19 Nov 19 21:32 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors."

But the names listed in that mail are from the old certificate containing mail.domain.com pop.domain.com etc.
The wildcard domain is valid until Jan 6 18:45:27 2020 GMT.

So my guess is that switching to dns_ttl=1 (wildcard cert), requesting a new cert the old certs are not removed or is not communicated correctly to Letsencrypt.

Perhaps a bug.

Any suggestions?
 
Top