Hostname SSL

InTheWoods

InTheWoods

Verified User
Joined
Dec 31, 2020
Messages
50
Location
Internet
There are several different conflicting KB articles on this.

I want to secure the hostname of my server. By default, DA now installs to server-xx-xx-xxx-xx.da.direct instead of the FQDN or IP of the server as it used to.

When trying to secure the actual hostname of the server (Ex: host.myserver.com) the LetsEncrypt certificate shows this:


Code: 
root@host:~# /usr/local/directadmin/scripts/letsencrypt.sh request host.server.com 4096
Setting up certificate for a hostname: host.server.com
2024/10/22 02:53:19 [INFO] [server-xx-xxx-xx-xx.da.direct] acme: Obtaining SAN certificate
2024/10/22 02:53:20 [INFO] [server-xx-xxx-xx-xx.da.direct] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxx
2024/10/22 02:53:20 [INFO] [server-xx-xxx-xx-xx.da.direct] acme: authorization already valid; skipping challenge
2024/10/22 02:53:20 [INFO] [server-xx-xxx-xx-xx.da.direct] acme: Validations succeeded; requesting certificates
2024/10/22 02:53:23 [INFO] [server-xx-xxx-xx-xx.da.direct] Server responded with a certificate for the preferred certificate chains "ISRG Root X1".
Certificate for server-xx-xxx-xx-xx.da.direct has been created successfully!
DirectAdmin certificate has been setup.
Setting up cert for Exim...
Setting up cert for Dovecot...
Setting up cert for nginx...


As you see, it just uses the DA hostname instead of the ACTUAL hostname despite me specifying the actual hostname.

The actual hostname is set in the admin panel settings as well, so not sure why the server-IP-address.da.direct is even being used anywhere.

This used to be a simple and straight forward process.

hostname/evo/admin/ssl doesn't help, nothing shown or able to change here.

hostname/evo/admin/server-tls, nothing here to change. Obviously shows a Not Trusted certificate since it is for the DA default hostname (I really wish they'd remove this 'feature' and stick with the IP of the server or FQDN of the server instead at install) but I can't change it. I've tried different things in the ACME settings and Change Certificate settings and nothing works.

What is the proper way to now complete this task?

I want the hostname of my server to be protected by LetsEncrypt. No self-signed cert. No forcing the DA default hostname somewhere. I'd be happy if I never have to see the *.da.direct hostname anywhere ever again, haha.
 
Last edited:
W

Thread '[Solved] SSL and hostname'

Hello!
I try to setup Let's encrypt for my server hostname (myserver.domain.com) but every time, the request is made for server-XXX-XX-XXX-XX.da.direct and the SSL for *.da.direct is setup as my hostname certificate

I have setup the hostname correctly on the server but the issue remain (in the control panel and with hostname.sh script)...


Code: 
root@XXXXXXXXXXX:/usr/local/directadmin/scripts# ./letsencrypt.sh request myserver.domain.com 4096
Setting up certificate for a hostname: myserver.domain.com
2022/11/08 22:35:02 [INFO] [server-XXX-XX-XXX-XX.da.direct] acme: Obtaining SAN certificate...
 
InTheWoods said:
As you see, it just uses the DA hostname instead of the ACTUAL hostname despite me specifying the actual hostname.
Click to expand...
It's a known issue.

Check this article which also explains how to get rid of the automatic hostname definately.
Richard G

Thread '[How-To] Create or change your server's hostname in Directadmin'

This is a guide on how to create a correct FQDN hostname on a server or VPS.
I created this newly here in this section, for easier reference and it's also easier to find.

There is also another method, but the method described here is a method which is also still very usable.

Before you install Directadmin you can already take care the correct hostname is used bij Directadmin.

The domain mydomain.com is used her as example and 192.168.0.1 as example server ip. Ofcourse replace all examples with the domain or hostname your are using. So don't use 192.168.0.1 in the real situation, same...
  • Like
 
It's crazy how every - single - time I deploy a new DA server I need to come back to this post to figure out how in the heck to get the hostname SSL to work properly.

How does DirectAdmin not just do this automatically?

You generate some publicly unsuable hostname upon installation now. It's useless and no one will use it in production.

When the hostname of the server is changed in Dashboard > Administrator Settings > Server Settings, since this specifically requires a FQDN that resolves to the main IP of the server, wouldn't it be wise to then also just create the SSL for that hostname?

I like DirectAdmin beccause it's mostly hassle free once setup, but you guys make the setting up part much more of a headache than it needs to be.

In the admin panel two SSL options exist (Admin SSL and Server TLS Certificate), neither of which do anything at all. According to the Server TLS Certificate page, after manually adding the hostname on the ACME Settings page, everything is "valid" yet still not working in the browser.

So this forces users to then do the whole CLI BS of removing old certs manually and reissuing manually, via CLI. Something that could all be done automatically or from the web UI.

Rant over, just had to come back to this thread to figure out how to get this new deployment to work since it never does out of the box and I have to spend time reading documentation and old forum threads for a very basic thing like a valid SSL for the server's hostname/URL that users will access to login.
 
InTheWoods said:
You generate some publicly unsuable hostname upon installation now. It's useless and no one will use it in production.
Click to expand...
I also found this a bad idea. But DA found it a good idea as this way people were intantly able to visit the panel via SSL without the need to having knowledge about hostnames.
There are people using it this way.

But we have had way more people who did not benefit from doing up a bit of knowledge up front, resulting in mail issues with mail send via de hostname like from php scripts for example.
Before this was changed in DA, then the hostname was -always- created via a seperate DNS entry same way it's done via my manual. And then these issues did not arise. Except only people with less knowledge had to change the name.
After it was changed to the ip.da.direct hostname, issues start to arise as also no seperate hostname entry was made anymore by DA by default and also (probably for that reason) the /etc/virtual/hostname bug had arisen.

In the panel the things should work indeed, but as long as at least the hostname is not changed in the correct way after changing in the panel (see bug I mentioned in my manual), that won't work and it's known for years.

At least I'm glad I see my manual still helps people.
 
You must log in or register to reply here.
Back
Top