DirectAdmin v1.644 has been released

[Migdiradmin]

CSF plugin session issues is related to an IP address change on your network or if you switch from Wifi to 5G.

clear your browser cache or log out and login again.

No its not i have this server 2 years and yesterday have the first time this problem so its related to Directadmin update.

I have same IP, same browser, same pc.

 

[Migdiradmin]

New DA build c23594a3fd76908775c2e304528225a7f8806cc6 resolves the issue of new messages bubble not being updated without refresh, thanks @paulonichio.

I am still not sure about the CSF plugin session issues reported, we can not reproduce the issue locally so any additional feedback on how to trigger them would be really appreciated. Thanks everyone.

The log in var/lib/csf/da1666682489.error shows:

To disable DirectAdmin session checks, create a touch file called /var/lib/csf/csf.da.skip

Security Error: No valid session key

Session ID = [-xxxxxxxxxxxxxxxxxxxx]
Session File [/usr/local/directadmin/data/sessions/da_sess_-xxxxxxxxxxxxxxxxx]...exists.

Environment data:
REMOTE_ADDR = [xxx.xx.xx.xxx]
SESSION_KEY = [xxxxxxxxxxxxxx]
SESSION_ID = [-xxxxxxxxxxx]

Session data:
ip = []
key = []

Session file contents:

 

[exlhost]

Installatron is not working anymore while installing an new application

Error message:
This functionality is not available in demo mode

 

[smtalk]

#da update current
directadmin debian9 v1.643 3d897a3a089fd226d878f21666efcd2a35fcc3e8 debian9_amd64: already latest

Then did this and now it's telling me 1.643 is an update. ?‍

This program is jokes like bloody cPanel.

Debian 9 is end of life, thus it gets no updates.

 

[Ohm J]

@Peter Laws

Debian 9 is not support anymore.
that's why won't update to new version.

Overview | Directadmin Docs

DirectAdmin Knowledge Base

docs.directadmin.com

 

[Dettol]

I just find a problem, but don't know is that only me or all user of 1.644 36f862603bd077978a451db5497132bb8f9efe9e

After update to 1.644 36f862603bd077978a451db5497132bb8f9efe9e, I find when I renew/update my Let's Encrypt cert via "SSL Certificates" page.
After I go my message:
LetsEncrypt request successful
LetsEncrypt request successful for:
mydomain.com
*.mydomain.com
(also... Brute Force Monitor will count our Let's Encrypt cert action for "attack" in mod_security2 part)
(This problem only for admin's domain name , if you login your user and try to renew, you will not get this problem)

and I return to "SSL Certificates"(User Level) page and I find my cert still the old one (same "Certificate Expiry" date, same "Let's Encrypt in use. Auto-renewal in 19 Days."), even I try over 3 times and I got same issue

but... when I downgrade back to 1.643 I change renew my cert at first time request.
(New "Certificate Expiry" date, New "Let's Encrypt in use. Auto-renewal in 59 Days.")

Hope if this is not only me and this bug will fixed.

 

[Remco00]

Installatron is not working anymore while installing an new application

Error message:
This functionality is not available in demo mode

We experience another issue with Installatron plugin after latest DA update. Opening Installatron returns a blank page with 502 error. In /var/log/messages it shows:

directadmin[934]: 2022/10/25 13:15:01 error proxy request error       error=net/http: HTTP/1.x transport connection broken: malformed HTTP status code "Bytecode" url=http://unix/CMD_PLUGINS/installatron/index.raw

 

[tomputer]

Same demo mode error here.

When creating a new user the user config below contains a demo=no line:

/usr/local/directadmin/data/users/<username>/user.conf

Because of that line installatron fails to install the application. If you check /var/installatron/logs/install_error_log it contains this error:

This functionality is not available in demo mode.

 

[LawsHosting]

Debian 9 is end of life, thus it gets no updates.

Why don't I receive the "EOL" email upon trying to update... Or have any warning in Evo.... I used to.... or which version has Debian 10 as EOL, or in my case Debian 9?

 

[Richard G]

or in my case Debian 9?

DA is looking at LTS version, so if that is EOL, everything of 9 is EOL.
For Debian 10 that is june 2024 for the OS and september 2024 for DA.

OS General | Directadmin Docs

DirectAdmin Knowledge Base

docs.directadmin.com

 

[LawsHosting]

Updated to 10 just now, did a manual DA update....... The licence page states "Codebase: DirectAdmin legacy"...

I will upgrade to 11, but I assume 10 is fine for now?

 

[Richard G]

but I assume 10 is fine for now?

Yes until september 2024 according to the docs.
The statement of the license page is due to the fact that you're probably using a lifetime license, so that's normal.

 

[fln]

Thanks for more info @tomputer, the new flag in user.conf is DA internal feature that is not yet finished. Please report the issue to installatron plugin developers. They should ignore this flag.

 

[exlhost]

It was working before the update.

Hope they will fix it as installatron is not working anymore as it should.

 

[exlhost]

update:

A fix for this is available on the Release and Edge channels. This will fix it:

/usr/local/installatron/repair -f --quick --release

 

[Remco00]

update:

A fix for this is available on the Release and Edge channels. This will fix it:

/usr/local/installatron/repair -f --quick --release

Thanks @exlhost, this also solved the 502 error when opening the Installatron Admin page.

 

[Migdiradmin]

Also getting the following when accessing CSF.

Security Error: No valid session key
Information saved to [/var/lib/csf/da1666134737.error]

Never had this error before the update and I check this all the time.

I can also confirm that logging out and going back in "fixes" the problem.

Any news about this problem?

 

[fln]

Hi, everyone we finally traced back the CSF plugin issue, and releasing new hot-fix build 1231fc54d10578e379ebf6f73a6bc24987e05b90. Root cause for CSF plugin was that it expected session IDs to always contain only alpha-numeric symbols, in the latest release session IDs were generating using a wider set of allowed characters some sessions resulting in having `-` symbol, and thus breaking CSF plugin assumptions about how DA session IDs look like.

New build has the following fixes:

• A workaround for CSF plugin to not fail with session errors (price for that is longer session ID values encoded using reduced character set ).
• A fix for Evolution to bring user back to login page when his session ends, without this fix user might trigger BFM and get banned if he stays in evo after session timeout.
• A fix for CB to create webapps user at earlier stage, without this fix new installations might not have correct webapps permissions.

 

[dev4me]

It would be nice if there was something in the changelogs for these hotfixes..
I now have 3 hotfixes for v1.644, but it seems there is no info on what is fixed..

 

[Erulezz]

@fln does a nice job of mentioning each hotfix here in every release topic with a changelog. See the post above you.

But i agree adding these changes to the changelog in the docs is also a great addition