Help with SSL Installation

C

casualhost

New member
Joined
May 1, 2017
Messages
2
Hello, Ive recently added an SSL to

I used the Let's Encrypt way of generating the SSL
I get this
Generating 4096 bit RSA key for clients.casualhost.com...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/admin/domains/clients.casualhost.com.key.new"
Generating RSA private key, 4096 bit long modulus
............++
................++
e is 65537 (0x10001)
Checking Certificate Private key match... Match!
Certificate for clients.casualhost.com has been created successfully!

NOTE: You are using the server IP, so your certificate and key have been saved to:
/etc/nginx/ssl.crt/server.crt
/etc/nginx/ssl.key/server.key
NOTE: You are using the server IP, so your CA Root Certificate has been saved to:
/etc/nginx/ssl.crt/server.ca
Click to expand...

So this is succesful ! ( I think )
However my https://clients.casualhost.com is still not secured.

After some googling, I think the problem lies in my custom httpd.conf file, because this is my main domain.
When i got to admin level in DA -> Extra features -> Custom HTTPD Configurations -> clients.casualhost.com and read this Contents of the nginx.conf file for clients.casualhost.com
I get
Code: 
server_name casualhost.com www.casualhost.com ;
	access_log /var/log/nginx/domains/casualhost.com.log;
	access_log /var/log/nginx/domains/casualhost.com.bytes bytes;
	error_log /var/log/nginx/domains/casualhost.com.error.log;
	root /home/admin/domains/casualhost.com/private_html;
	index index.php index.html index.htm;
	ssl on;
	ssl_certificate /etc/nginx/ssl.crt/server.crt.combined;
	ssl_certificate_key /etc/nginx/ssl.key/server.key;
	include /usr/local/directadmin/data/users/admin/nginx_php.conf;
	include /etc/nginx/webapps.ssl.conf;

and

Code: 
server
{
	listen 172.86.180.194:443 ssl;
	server_name clients.casualhost.com www.clients.casualhost.com ;
	access_log /var/log/nginx/domains/clients.casualhost.com.log;
	access_log /var/log/nginx/domains/clients.casualhost.com.bytes bytes;
	error_log /var/log/nginx/domains/clients.casualhost.com.error.log;
	root /home/admin/domains/clients.casualhost.com/private_html;
	index index.php index.html index.htm;
	ssl on;
	ssl_certificate /etc/nginx/ssl.crt/server.crt.combined;
	ssl_certificate_key /etc/nginx/ssl.key/server.key;
	include /usr/local/directadmin/data/users/admin/nginx_php.conf;
	include /etc/nginx/webapps.ssl.conf;
}

which is different than what my Let's Encrypt key..
I think thats the problem..
If so, how do I edit my conf file?

Thanks in advance
 
Letsencrypt generates a certificate for your domain name and some default subdomain names like FTP and www.
clients.yourdomain.com is not a default subdomain, so you have to tell Letsencrypt that is has to be used to.

This can be done two ways.
If you created your subdomain via directadmin, when creating the Letsencrypt certificate, you can select all subdomains which should also make use of the certificate.

The other way is like this:
http://forum.directadmin.com/showthread.php?t=52723&page=3&p=270613#post270613
 
Firstly, thanks for your kind reply :)

Please note I added the domain clients.casualhost.com , its not a subdomain

Hello, I have done the following :
The code given in the post is :
Code: 
nano /usr/local/directadmin/data/users/username/domains/domain.com.cert.san_config
I did :
Code: 
nano /usr/local/directadmin/data/users/admin/domains/casualhost.com.cert.san_config
Which prompted me to make a new file, which i added

subjectAltName=DNS:casualhost.com,DNS:www.casualhost.com,DNS:clients.casualhost.com,DNS:www.example.com

Saved it,

Then i did this :
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh renew casualhost.com 4096 & ./letsencrypt.sh renew clients.casualhost.com 4096

Then it gave long domains + challenge valid which ended with this =
Challenge is valid.
Generating 4096 bit RSA key for clients.casualhost.com...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/admin/domains/clients.casualhost.com.key.new"
Generating RSA private key, 4096 bit long modulus
............................................................................................++
...............................................................................................................................................++
e is 65537 (0x10001)
Checking Certificate Private key match... Match!
as well as one for casualhost.com ...

As for now around 15 minutes after doing so, my page still isnt secure sadly :(

Sorry for being a noob, but could you help me out . Thanks !
 
You must log in or register to reply here.
Back
Top