Domainpointers and letsencrypt

M

Me-again

New member
Joined
Dec 18, 2017
Messages
9
Hello

I'm trying to setup letsencrypt with several domainpointers and did the following

Did everything necessary to get a ssl certificate from letsencrypt and got the main domain running https no problem there.

In directadmin logged in at reseller level as user of the domain working with https -> SSL certificates i see a list Certificate Hosts certain domain pointers that i also want to have running with https.

Except they are not running with https

So i did some searching on this forum and found http://forum.directadmin.com/showthread.php?t=52723&page=3&p=270613#post270613

The things i did was

Code: 
[root@server scripts]# ./letsencrypt.sh request www.vanavondnog.nl 4096
Domain does not exist on the system. Unable to find www.vanavondnog.nl in /etc/virtual/domainowners. Exiting...
no valid domain found - exiting

Code: 
[root@server scripts]# ./letsencrypt.sh request vanavondnog.nl 4096
Getting challenge for vanavondnog.nl from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.vanavondnog.nl from acme-server...
Waiting for domain verification...
Challenge is valid.
Generating 4096 bit RSA key for vanavondnog.nl...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/chatengine/domains/vanavondnog.nl.key.new"
Generating RSA private key, 4096 bit long modulus
................++
...................................................++
e is 65537 (0x10001)
Checking Certificate Private key match... Match!
Certificate for vanavondnog.nl has been created successfully!

Code: 
[root@server scripts]# ./letsencrypt.sh request vanavondnog.nl 4096 "" /var/www/html/
Getting challenge for vanavondnog.nl from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for [url]www.vanavondnog.nl[/url] from acme-server...
Waiting for domain verification...
Challenge is valid.
Generating 4096 bit RSA key for vanavondnog.nl...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/chatengine/domains/vanavondnog.nl.key.new"
Generating RSA private key, 4096 bit long modulus
................................................++
.........................................................................................................++
e is 65537 (0x10001)
Checking Certificate Private key match... Match!
Certificate for vanavondnog.nl has been created successfully!

But the domain is not running in https.

Is there something i overlooked?
 
Hello,

I guess the domain is not configured to use let's encrypt cert, I'd suggest that you install a cert in Directadmin interface at user level.
 
Hello and thanks for your answer

At user level i did install also a letsencrypt cert and it works fine on that domain which i also use as my DNS.

The domainpointers are still not working with https:// in front of it.

The ip address i use to access DirectAdmin is not https but as far as i know you can't assign SSL to a ip address

What am i doing wrong here?
 
What do you mean under domainpointers? Are they aliases? Or forwarders?

Your domain vana****nog.nl does not seem to be either an alias or a forwarder. Directadmin allows to add aliases into Let's Encrypt cert for a main domain.
 
I'm pretty sure i created vana***nog.nl as a alias.

And together with creating the Lets encrypt SSL for the main domain i added the pointer domain vana***nog.nl and a few others created as aliases listed at: Selected Entries: 2 Maximum requests per week: 20 - Let's Encrypt Certificate Entries.

What do you mean it seems not a alias or forwarder?
 
Your remark about the domain vana****nog.nl not seems to be a alias got me thinking and there's actually something strange.

When i go in DA -> Reseller level -> List users i see the user and his domains ans a lot of pointers including vana***nog.nl They al have a P: in front of the domain.

But when i login as this user and go to Advanced features -> Domain pointers not one is listed?
 
Aliases/forwarders inherits SSL settings from a parent domain including its cert. In you case a self-signed cert is shown for vana***nog.nl, that makes me think you added it as a self-standing domain or your setup is corrupted, probably you modified some files in a shell.
 
zEitEr said:
Aliases/forwarders inherits SSL settings from a parent domain including its cert. In you case a self-signed cert is shown for vana***nog.nl, that makes me think you added it as a self-standing domain or your setup is corrupted, probably you modified some files in a shell.
Click to expand...

Okay, this is getting confusing and i hope you bear with me.
The user of the main domain has several "main" domains and as two of this main domains are running on the same platform, one being the backend for Admin and the other being the main template serving the pointers.
I checked the second one and i see a list of all the pointers.

So what i did was securing this second domain with Letsencrypt and now all the pointers running with https://

This part is working right now and thanks for your help.

The only thing that's not right at this moment is although the url's of the pointers and the second main domain are loading with https:// in front, still there's a little warning sign saying it's actually not secure?
The other main domain running the Admin backend is secure though?
 
So i looked into it and found that the domain pointers are also listed with another domain. This platform has two domains. One is the admin backend and the other serves as default for the layout.

The domain pointers are listed at the second one and i can remove them and alter the DNS.

The problem still remains that the default domain is running https:// without a problem but the pointers do not?

Although i see Let's Encrypt in use. Auto-renewal in 58 Days. And below the pointers listed as Certificate Hosts?

Can't be that these pointers are also listed as Certificate Hosts at the other main domain? And how do i remove them as certified hosts at that domain?
 
still there's a little warning sign saying it's actually not secure?
Click to expand...

That might happen if you load media via http, so you might eed to check all images, javascripts, css files, misc and make sure that they are loaded over https.

Although i see Let's Encrypt in use. Auto-renewal in 58 Days. And below the pointers listed as Certificate Hosts?
Click to expand...

You might need probably to force restart apache, even try with kill.

Can't be that these pointers are also listed as Certificate Hosts at the other main domain? And how do i remove them as certified hosts at that domain?
Click to expand...

In order to remove names from a cert you should re-issue the cert with a modified list of included domains.
 
Well i narrowed it down to one problem and that's the site is generating a redirect from HTTPS to HTTP at the web server level, so a secure connection is momentarily established and then the site requests visitors’ browsers to go to the insecure site instead?

In DirectAdmin the option "Use a symbolic link from private_html to public_html - allows for same data in http and https"was checked.

i checked the other option “Use a directory named private_html” which gives the error “403 Forbidden error” when i put https:// in front of the default domain love4free.nl.

But it’s reachable trough htpp://

When i want to change it back to symbolic link option i get the warning “Using a symbolic link will delete the private_html directory and all files in it. Do you wish to continue?”

Not sure what to do right now
 
When https:// in front of the URL the browser marks it as secure though. Both default domain as the pointer. Only problem is the 403.
 
I gave it the original settings "Use a symbolic link from private_html to public_html - allows for same data in http and https"

And it's back to running with https:// in front of it but not secure according the browser.

When checked "Use a directory named private_html" it loads in both http and https although the latter shows a 403 error.

When checked "Use a symbolic link from private_html to public_html - allows for same data in http and https"

It doesn't give a secure SSL connection but does load in both http and https?
 
I'd suggest that you use Firefox or Chrome browser with an opened console and see what goes wrong. You will see all the client-side errors there.

If you use a separate private_html directory it should have content of public_html, as it's empty by default.

Please feel free to contact me privately for a paid support, and I will configure all the settings for you within the shortest time.
 
You must log in or register to reply here.
Back
Top