enable_ssl_sni=1 doesn't work

[DJSnels]

My new webserver doesn't seem to be able to enable SNI
I've added enable_ssl_sni=1 to the end of directadmin.conf (and a newline after it). But the control panel still won't let me pass the owned IP check:
I've restarted directadmin (and the whole server just to be sure).

Cannot Execute Your Request

Details

You can only add a certificate if you own the ip you are using
Info for Admins: Assigning an owned IP

As a workaround i also added a extra IP in user_ip.list in /usr/local/directadmin/data/users/USERNAME/user_ip.list and added the IP to the domain to workaround the check (source: https://directadmin.com/features.php?id=1100)

anyone had this before? I cannot find anything about this issue on the forums.

 

[Arieh]

Went to google for this, found a thread in which I had replied http://forum.directadmin.com/showthread.php?t=49064

It says there to check each level of SSL enabling, from domain settings, user settings, reseller settings.

 

[DJSnels]

I've checkt every SSL setting i know in the panel.
User > domain setup > domain name > Secure SSL enabled (directory private_html). Also turned it of and on.
Reseller > List users > User > Modify User > SSL Access enabled

SNI is working. i've imported other users from backups and they have SSL enabled and working. The server has only 1 IP. The problem is that the DirectAdmin interface doesn't seem to know SNI is enabled.

 

[Arieh]

From what I understand it is possible that DA will give you the assigned IP notice, eventhough SNI is enabled, but not enabled on each level.

But from the sounds of it, you have checked it thoroughly.

Another thing comes to mind, an old instance of DA running from when SNI was not enabled. Try to stop directadmin, then check ps aux | grep directadmin if it's still running. If so, killall -9 directadmin and restart.

 

[zEitEr]

Hello,

Just a thing to check: make sure your directadmin version is actual or at least 1.361

 

[DJSnels]

The server version is the latest (1.50.1), and since i rebooted the server there where no old instances.
Are there any other SSL settings apart from the 2 i found, or is there any other reason SNI isn't enabled in DA?

 

[DJSnels]

/usr/local/directadmin/directadmin c | grep enable_ssl_sni

enable_ssl_sni=0

Strange, DirectAdmin seems to be unable to read the setting?

I've pasted it halfway the options.conf, to be sure it is not a newline problem

#WEB Server Settings
webserver=apache
litespeed_serialno=trial
modsecurity=no
modsecurity_ruleset=comodo
apache_ver=2.4
apache_mpm=auto
mod_ruid2=no
userdir_access=yes
harden_symlinks_patch=yes
use_hostname_for_alias=no
redirect_host=srv09.xxxxxxx.com
enable_ssl_sni=1
redirect_host_https=no

Edit:
Started DA with b200, and bowsed to the SSL user part:

/CMD_SSL
GET string: domain=XXX.nl
Domain XXX.nl  defaultdomain=yes usertype=1 multiple_ips=1 enable_ssl_sni=0
Dynamic(api=0, error=1):
        text='Cannot Execute Your Request'
        result='You can only add a certificate if you own the ip you are using<br><br>Info for Admins: <a href='http://help.directadmin.com/item.php?id=261'>Assigning an owned IP</a>'

I've also tried placing enable_ssl_sni at the top of options.conf without results.

 

[DJSnels]

solved.

please don't hit me, but i've set enable_ssl_sni in options.conf instead of directadmin.conf