InTheWoods
Verified User
There are several different conflicting KB articles on this.
I want to secure the hostname of my server. By default, DA now installs to server-xx-xx-xxx-xx.da.direct instead of the FQDN or IP of the server as it used to.
When trying to secure the actual hostname of the server (Ex: host.myserver.com) the LetsEncrypt certificate shows this:
As you see, it just uses the DA hostname instead of the ACTUAL hostname despite me specifying the actual hostname.
The actual hostname is set in the admin panel settings as well, so not sure why the server-IP-address.da.direct is even being used anywhere.
This used to be a simple and straight forward process.
hostname/evo/admin/ssl doesn't help, nothing shown or able to change here.
hostname/evo/admin/server-tls, nothing here to change. Obviously shows a Not Trusted certificate since it is for the DA default hostname (I really wish they'd remove this 'feature' and stick with the IP of the server or FQDN of the server instead at install) but I can't change it. I've tried different things in the ACME settings and Change Certificate settings and nothing works.
What is the proper way to now complete this task?
I want the hostname of my server to be protected by LetsEncrypt. No self-signed cert. No forcing the DA default hostname somewhere. I'd be happy if I never have to see the *.da.direct hostname anywhere ever again, haha.
I want to secure the hostname of my server. By default, DA now installs to server-xx-xx-xxx-xx.da.direct instead of the FQDN or IP of the server as it used to.
When trying to secure the actual hostname of the server (Ex: host.myserver.com) the LetsEncrypt certificate shows this:
Code:
root@host:~# /usr/local/directadmin/scripts/letsencrypt.sh request host.server.com 4096
Setting up certificate for a hostname: host.server.com
2024/10/22 02:53:19 [INFO] [server-xx-xxx-xx-xx.da.direct] acme: Obtaining SAN certificate
2024/10/22 02:53:20 [INFO] [server-xx-xxx-xx-xx.da.direct] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxx
2024/10/22 02:53:20 [INFO] [server-xx-xxx-xx-xx.da.direct] acme: authorization already valid; skipping challenge
2024/10/22 02:53:20 [INFO] [server-xx-xxx-xx-xx.da.direct] acme: Validations succeeded; requesting certificates
2024/10/22 02:53:23 [INFO] [server-xx-xxx-xx-xx.da.direct] Server responded with a certificate for the preferred certificate chains "ISRG Root X1".
Certificate for server-xx-xxx-xx-xx.da.direct has been created successfully!
DirectAdmin certificate has been setup.
Setting up cert for Exim...
Setting up cert for Dovecot...
Setting up cert for nginx...As you see, it just uses the DA hostname instead of the ACTUAL hostname despite me specifying the actual hostname.
The actual hostname is set in the admin panel settings as well, so not sure why the server-IP-address.da.direct is even being used anywhere.
This used to be a simple and straight forward process.
hostname/evo/admin/ssl doesn't help, nothing shown or able to change here.
hostname/evo/admin/server-tls, nothing here to change. Obviously shows a Not Trusted certificate since it is for the DA default hostname (I really wish they'd remove this 'feature' and stick with the IP of the server or FQDN of the server instead at install) but I can't change it. I've tried different things in the ACME settings and Change Certificate settings and nothing works.
What is the proper way to now complete this task?
I want the hostname of my server to be protected by LetsEncrypt. No self-signed cert. No forcing the DA default hostname somewhere. I'd be happy if I never have to see the *.da.direct hostname anywhere ever again, haha.
Last edited:
