DirectAdmin 1.694

Xavier · Wednesday at 8:33 AM

fln said:
We are happy to announce the release of DirectAdmin 1.694.

A full release change log is here:

DirectAdmin 1.694

The update should be automatically available for all installations subscribed to the current release channel.

We appreciate all the feedback on forums and issues reported in the ticketing system.

Thanks!

Hi, I´m trying to add an email account on my domain but the "create" button is not working. Any idea what´s going on?

fln · Wednesday at 8:39 AM

@Namhost, it seems the Bind DNS service does not support HTTPS records on your server. Usually the Bind service that comes with the system is fresh enough support this record, the only exception is the RHEL 8 systems that still uses Bind 9.11.

Zerg · Wednesday at 3:02 PM

Hi,

/usr/local/directadmin/data/users/*/domains/*.key

files have

-rw------- 1 diradmin access

permissions instead of

-rw-r----- 1 diradmin access

despite having good letsencrypt.sh with

install_file 640 "${owner}" "${src_key}" "${dst_key}"

SNI in exim stopped working due to that for new domains. I have created letsencrypt_post hook to fix permissions as workaround and fixed permissions for all keys.

fln · Wednesday at 3:40 PM

Thank you @Zerg, a new build is published to fix the file permissions issue. It makes sure new files will have correct permissions and existing files with incorrect permissions will be fixed on update.

anas_xrt · Wednesday at 7:41 PM

@Namhost

I’ve successfully updated BIND to version 9.16 on AlmaLinux 8.10 without any issues. The HTTPS record is working well with the HTTP/3 configuration I set up. However, DirectAdmin did not provide a template for dns_https.conf—the file was completely empty. To resolve this, I created the following template:

Code:

|*if IS_IPV6="yes"|
|DOMAIN|=1 |DOMAIN|. alpn=h3,h2 ipv6hint=|IP|
www=2 www.|DOMAIN|. alpn=h3,h2 ipv6hint=|IP|
|*else|
|DOMAIN|=3 |DOMAIN|. alpn=h3,h2 ipv4hint=|IP|
www=4 www.|DOMAIN|. alpn=h3,h2 ipv4hint=|IP|
|*endif|

and the result of create will be like this one

Code:

abc.co.    3600    IN    HTTPS    1 abc.co. alpn=h3,h2 ipv6hint=2a01:4ff:2f0:152f:0:0:0:1
abc.co.    3600    IN    HTTPS    3 abc.co. alpn=h3,h2 ipv4hint=5.223.54.221
www    3600    IN    HTTPS    2 www.abc.co. alpn=h3,h2 ipv6hint=2a01:4ff:2f0:152f:0:0:0:1
www    3600    IN    HTTPS    4 www.abc.co. alpn=h3,h2 ipv4hint=5.223.54.221

by the way, I forgot how I can add all new HTTPS record for all existing domains. If anyone know, guide me please.

Namhost · Wednesday at 11:11 PM

Still does not seem to work well, I tested on AlmaLinux 9 servers now (BIND 9.16), trying to add WWW IN HTTPS record for my domain:

Unable to save dns zone: named-checkzone returned:
loading "xxx.com" from "/var/named/xxx.com.db.temp.1343131.AkwYmSGWe4" class "IN"
dns_master_load: /var/named/xxx.com.db.temp.1343131.AkwYmSGWe4:166: www.xxx.com: CNAME and other data
zone xxx.com/IN: loading from master file /var/named/xxx.com.db.temp.1343131.AkwYmSGWe4 failed: CNAME and other data
zone xxx.com/IN: not loaded due to errors.

nsc · Thursday at 12:38 AM

Namhost said:
Still does not seem to work well, I tested on AlmaLinux 9 servers now (BIND 9.16), trying to add WWW IN HTTPS record for my domain:

Judging by the error - you have a CNAME for that subdomain. You cannot have CNAME bundled with other records for the same subdomain. Either CNAME or other records - not both.

nsc · Thursday at 1:07 AM

anas_xrt said:
@Namhost

I’ve successfully updated BIND to version 9.16 on AlmaLinux 8.10 without any issues. The HTTPS record is working well with the HTTP/3 configuration I set up. However, DirectAdmin did not provide a template for dns_https.conf—the file was completely empty. To resolve this, I created the following template:

Code:

|*if IS_IPV6="yes"| |DOMAIN|=1 |DOMAIN|. alpn=h3,h2 ipv6hint=|IP| www=2 www.|DOMAIN|. alpn=h3,h2 ipv6hint=|IP| |*else| |DOMAIN|=3 |DOMAIN|. alpn=h3,h2 ipv4hint=|IP| www=4 www.|DOMAIN|. alpn=h3,h2 ipv4hint=|IP| |*endif|

and the result of create will be like this one

Code:

abc.co. 3600 IN HTTPS 1 abc.co. alpn=h3,h2 ipv6hint=2a01:4ff:2f0:152f:0:0:0:1 abc.co. 3600 IN HTTPS 3 abc.co. alpn=h3,h2 ipv4hint=5.223.54.221 www 3600 IN HTTPS 2 www.abc.co. alpn=h3,h2 ipv6hint=2a01:4ff:2f0:152f:0:0:0:1 www 3600 IN HTTPS 4 www.abc.co. alpn=h3,h2 ipv4hint=5.223.54.221

by the way, I forgot how I can add all new HTTPS record for all existing domains. If anyone know, guide me please.

Hmm, is there any reason why you want to add those? The description of that part seems pretty awkward. You kind of have hints, but you still need to query the DNS records and if they do not match, terminate the initial connection and connect to the real resolved host. Doesn't sound like a real optimization or I don't fully understand where it should come from.
What I could expect from the increased amount of records and hints, that different browsers could potentially treat all that differently, that could lead to harder times debugging mystical client reported problems.
IMHO those mass added records, would only clutter the dns zone without real benefit.

This section:
The "ipv4hint" and "ipv6hint" keys convey IP addresses that clients MAY use to reach the service. If A and AAAA records for TargetName are locally available, the client SHOULD ignore these hints. Otherwise, clients SHOULD perform A and/or AAAA queries for TargetName per Section 3, and clients SHOULD use the IP address in those responses for future connections. Clients MAY opt to terminate any connections using the addresses in hints and instead switch to the addresses in response to the TargetName query.

Source:

RFC 9460: Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records)

This document specifies the "SVCB" ("Service Binding") and "HTTPS" DNS resource record (RR) types to facilitate the lookup of information needed to make connections to network services, such as for HTTP origins. SVCB records allow a service to be provided from multiple alternative endpoints...

datatracker.ietf.org

anas_xrt · Thursday at 1:23 AM

@nsc
The goal isn't just IP hinting; it's about enabling Happy Eyeballs for HTTP/3. By providing the ALPN (h3) in the DNS layer, the browser doesn't have to wait for an 'Alt-Svc' header over a slower TCP connection. It can jump straight to QUIC/UDP, which is a significant performance gain for mobile and high-latency users

fln · Thursday at 2:51 AM

The HTTPS record template can be simplified by using . for the target domain instead of repeating same value as record name. Adding IP address hints is not worth the trouble in my opinion. It will be hard to keep them in sync with `A` and `AAAA` records.

Code:

|DOMAIN|=1 . alpn=h3,h2
www=1 . alpn=h3,h2

Should be fine if server is configured to use HTTP/3.

ericosman · Thursday at 4:26 AM

After the update i get this error on a domain when trying to create a SSL cert.

Could not execute your request

No domains pointing to this server to generate the certificate for.

fln · Thursday at 4:32 AM

@ericosman, please open a support ticket. This error happens if HTTP challenge test fails. This can happen if domain is not actually pointing to the server, or there are problems resolving DNS names.

ericosman · Thursday at 5:40 AM

fln said:
@ericosman, please open a support ticket. This error happens if HTTP challenge test fails. This can happen if domain is not actually pointing to the server, or there are problems resolving DNS names.

It indeed might be a me (second DNS server) issue. Thanks!

sewiti · Friday at 2:19 AM

A new DirectAdmin build for version 1.694 is released. It fixes an issue for certificates HTTP challenge check getting blocked by some modsecurity rule sets.

gate2vn · Friday at 11:26 AM

Missing lsws.service shortcut?

gate2vn · Friday at 12:01 PM

I just converted a fresh Almalinux 9 to CloudLinux, lvemanager is installed, but it's not appearing in DA, even it shows Active in Plugin Manager. Needed to deactivate and activate it again to have CloudLinux Manager appearing.

Active8 · 2026-02-09T07:16:54-0700

JosKlever said:
I'm still asking why it was installed now instead of with 1.63.9

Already answerd that for you but despite that you keep running in circles because you was not aware of it
Administrators like @exlhost had it like me.

fln said:
. Administrators of the old servers had to manually execute da build imapsync to get it. For servers installed after imapsync feature was released DA installer made sure to also install imapsync tool (during the da build all stage).

That is exactly what i try to tell you the whole time (did you never issued da build all ?)

JosKlever said:
Please keep it nice.

Is also valid for you, we are all here to help so keep it nice

JosKlever · 2026-02-09T07:29:40-0700

@Active8 Trying to say something isn't the same as actually saying it and doesn't directly mean that the other one understands what you try to say. In this case there still was confusion. If something happens "because DA made some changes", it's not an answer. Making wrong assumptions about my licensing, that I already explained, doesn't help either. Of course I'm also trying to keep it nice, but "How hard cant be!!!" is not and I was clearly responding to that.

In the end it was explained well by @fln, I understood the situation and I gave it a

. Case closed for me and it's unnecessary to continue this discussion. Let's use our energy for positive things!

DirectAdmin 1.694

Xavier

New member