DirectADmin's SSL

[MtK]

Hey,
I'm trying to set an SSL Certificate for DA (not a client/domain).
I've followed this guide: http://help.directadmin.com/item.php?id=15

The Certificate is from RapidSSL, and I've created a SRC to much my details.

after settinf SSL=1 in: /usr/local/directadmin/conf/directadmin.conf
directadmin won't start...

what did I miss?

 

[nobaloney]

Check the DirectAdmin log to see what kind of error it's getting.

Jeff

 

[MtK]

Check the DirectAdmin log to see what kind of error it's getting.

Jeff

well, it clearly sais:

 error loading certificate key

 

[nobaloney]

Find out why. Look into your httpd configuration file to see where it should be finding the certificate key, see if it's there, see if it's got the right ownership and rights.

Note that none of this is magic. I don't give you more detail because I haven't memorized it in more detail; if you paid me to fix it for you I'd spend time to look up the detail, and then I'd fix it. You can certainly do it yourself, but yes, it will take some time and some research.

Note that when you buy a certificate from us we install it for an extra $10, and I've done it lots of times; I just don't remember the details of exactly how I do it until/unless I have to actually do it.

Jeff

 

[MtK]

Find out why. Look into your httpd configuration file to see where it should be finding the certificate key, see if it's there, see if it's got the right ownership and rights.

Note that none of this is magic. I don't give you more detail because I haven't memorized it in more detail; if you paid me to fix it for you I'd spend time to look up the detail, and then I'd fix it. You can certainly do it yourself, but yes, it will take some time and some research.

Note that when you buy a certificate from us we install it for an extra $10, and I've done it lots of times; I just don't remember the details of exactly how I do it until/unless I have to actually do it.

Jeff

just for the record (again), this is the DA SSL (not a specific client/domain one).

Thanks for the offer, but since I'm using the default locations set in directadmin.conf, I'd expect it to work from the first try:

cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem

and the files are very much there, with permissions 400, as stated in: http://help.directadmin.com/item.php?id=15

 

[nobaloney]

Did you check your DirectAdmin configuration file to see if that's where they're supposed to be?

Jeff

 

[MtK]

Did you check your DirectAdmin configuration file to see if that's where they're supposed to be?

Jeff

I thought I already answered that:

...I'm using the default locations set in directadmin.conf, I'd expect it to work from the first try:

cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem

and the files are very much there, with permissions 400, as stated in: http://help.directadmin.com/item.php?id=15

 

[nobaloney]

Sorry, I generally don't read up a thread when I'm responding; perhaps I should but if I did I'd be apt to skip a lot of threads because it would take too much time to try to be helpful.

Try these settings, from a working machine of mine:

# cd /usr/local/directadmin/conf/
# ls -al ca*.pem
-rw-r--r--  1 root     root     1216 Jul 25  2008 cacert.pem
-r--------  1 diradmin diradmin  887 Jul 23  2007 cakey.pem
-rw-r--r--  1 root     root     3428 Jul 23  2007 carootcert.pem
#

On another note; your Study Hebrew link in your sig is broken; there's no TLD.

Jeff

 

[MtK]

Sorry, I generally don't read up a thread when I'm responding; perhaps I should but if I did I'd be apt to skip a lot of threads because it would take too much time to try to be helpful.

Try these settings, from a working machine of mine:

# cd /usr/local/directadmin/conf/
# ls -al ca*.pem
-rw-r--r--  1 root     root     1216 Jul 25  2008 cacert.pem
-r--------  1 diradmin diradmin  887 Jul 23  2007 cakey.pem
-rw-r--r--  1 root     root     3428 Jul 23  2007 carootcert.pem
#

same here:

# ls -al ca*.pem
-rw-r--r-- 1 root     root     1247 Dec 31 19:41 cacert.pem
-r-------- 1 diradmin diradmin  887 Dec 31 19:37 cakey.pem
-rw-r--r-- 1 root     root     1144 Dec 31 19:08 carootcert.pem
#

(I think this should be stated in the tutorial)
error remains the same:

error loading certificate key

On another note; your Study Hebrew link in your sig is broken; there's no TLD.

Jeff

thanks, fixed...

 

[aED]

Have you checked the logs for more information why it cannot start?

 

[MtK]

Have you checked the logs for more information why it cannot start?

the logs have no further information...

 

[aED]

have you tried using the SSL in your apache not on directadmin?

 

[MtK]

have you tried using the SSL in your apache not on directadmin?

should I be trying?
I thought that was an easy task to accomplish...

 

[nobaloney]

That last question and answer has totally confused me; I have no idea what the exchange between aED and MtK means.

What do you get for:

ls -al /usr/local/directadmin/conf/

Jeff

 

[MtK]

That last question and answer has totally confused me; I have no idea what the exchange between aED and MtK means.

What do you get for:

ls -al /usr/local/directadmin/conf/

Jeff

drwx------ 2 diradmin diradmin 4096 Jan  3 23:12 .
drwxr-xr-x 8 diradmin diradmin 4096 Jan  1 15:23 ..
-rw-r--r-- 1 root     root     1245 Jan  3 22:57 cacert.pem
-r-------- 1 diradmin diradmin  887 Dec 31 19:37 cakey.pem
-rw-r--r-- 1 root     root     1144 Dec 31 19:08 carootcert.pem
-rw-r--r-- 1 diradmin diradmin 1975 Jan  3 23:12 directadmin.conf
-r-------- 1 diradmin diradmin 1559 Jul 13 12:37 license.key
-rw------- 1 diradmin diradmin   41 Jan  5 04:57 my.cnf
-r-------- 1 diradmin diradmin   30 Jul 13 12:41 mysql.conf

 

[scsi]

More then likely you need to changes those files to be owned by diradmin which are not.

cd  /usr/local/directadmin/conf
chown diradmin:diradmin cacert.pem
chown diradmin:diradmin carootcert.pem

 

[nobaloney]

My settings are the same. I'm obviously missing something that would require I log into the server and trace. I don't do that except as a commercial service.

If your license was bought from DirectAdmin and includes support, you may want to contact them.

Jeff

 

[nobaloney]

More then likely you need to changes those files to be owned by diradmin which are not.

cd  /usr/local/directadmin/conf
chown diradmin:diradmin cacert.pem
chown diradmin:diradmin carootcert.pem

Those settings are fine; they match those on all our servers.

Jeff

 

[MtK]

More then likely you need to changes those files to be owned by diradmin which are not.

cd  /usr/local/directadmin/conf
chown diradmin:diradmin cacert.pem
chown diradmin:diradmin carootcert.pem

thanks but:
1. http://www.directadmin.com/forum/showpost.php?p=171975&postcount=8
2. it doesn't work either...

 

[MtK]

My settings are the same. I'm obviously missing something that would require I log into the server and trace. I don't do that except as a commercial service.

If your license was bought from DirectAdmin and includes support, you may want to contact them.

Jeff

nope, it was bought from a resseler pf yours, I'll try to contact him.

anyway if you could tell me which log to to look, I'll be happy to cooperate...