How-to: cPanel to DA migration

.well-known

smtalk,
the .well-known/acme-challenge folder for DA is kept where? /var/www/html/ yes?. I don't see .well-known/acme-challenge inside the DA public_html folder and or subfolders. Cpanel does this them in each folder Screenshot attached.

So was reading this post about letsencrypt and realized maybe and issue. Some of my subdomains wouldnt create a cert. Noticed these
.well-known folder still existed in the DA server because they came converted in the cpanel to da back up. So I deleted them from the account in DA.

Went back disabled SSL on the domain then toggled it back on.. Selected everything I wanted. It all worked.

Could this be a bug? or maybe you need to not pull in
.well-known from the cpanel backup.
 

Attachments

  • Screen Shot 2019-07-05 at 14.39.30.png
    Screen Shot 2019-07-05 at 14.39.30.png
    18.9 KB · Views: 277
It's taken from /var/www/html, and is setup as an alias :) Works for every domain, without any changes in public_html needed. Meaning even if no vhost is created, a cert can be created (mail.domain.com, for example).
 
So if I am on a subdomain like files.domain.com and inside the files dir in the users public html is .well-know (from cpanel). Could it be let's encrypt is looking in at the Old .well-known from cpanel then its getting confused. I just deleted them on 2 other subdomains and did not have issue with creating new ssls on the subdomains.
 
No, it should still be looking the /var/www/html. If it doesn't - something is wrong there. Maybe the subdomains were not pointing to the server at that time?
 
@smtalk

1. any plan to create backup system via SSH? like cpanel syntax ./restorepkg

1.1 restore BIG backup file via browser inside DA control panel is that okay? no browser timed out?

2. any plan to work with jetbackup plugin?

im wondering have you ever try restore a backup file from cpanel with size over 40-50 GB above (mostly inside the account is emails)...

regards,

BusyBee
 
At a glance the migrator works great. I have one account that consistently is missing 2 of it's aliased domains post-import. I've verified they exist in the cpmove file and it can be consistently recreated on multiple servers.

I'd be happy to provide the backup file if it would aid in troubleshooting.

Additionally, it'd be a great if something was in place to automatically detect when AutoSSL certs from cPanel are present for a domain and automatically enable LetsEncrypt for that domain instead of setting it to "Use the server's certificate".
 
getting -
The IP 172.31.1.100 does not exist. User xxxx will not be created
how can i fix it?
 
Last edited:
getting -
The IP 172.31.1.100 does not exist. User xxxx will not be created
how can i fix it?

It sounds like you have the account set to restore using the IP from the backup file and that IP isn't present on the DA server. Try restoring by setting the IP instead of using the one from the backup.
 
Also I retested mine from the other day and the new migrator did not fix it. I had to delete out the bogus pointers.

I also think there is something to the Old Cpanel .well-know folders. My Letsencrypt only works if those are gone as well.
 
For anyone with problems - may you create a ticket with access details and description of the problem, which we'd be able to reproduce? :) This would really speed the process up. Thank you!
 
I kind of wrote my own Let's Encrypt system on cPanel. Got done writing it just as cPanel was releasing their AutoSSL stuff. I liked my way better, so I kept it.

But one of the key items I came up with... and maybe this won't work from a DirectAdmin point of view (I'm still hoping to integrate my custom system into DirectAdmin, but I haven't gotten that far yet) ... why are we relying on the DCV challenge information being within the user's control?

To get around various mod_rewrites and .htaccess controls that an end-user might put in place, I simply created an Alias in Apache - before the VirtualHost sections:

Code:
<Location "/.well-known/acme-challenge">
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
</Location>
Alias /.well-known/acme-challenge /opt/acme-challenge/.well-known/acme-challenge

Now I just have to set the "DocumentRoot" for a domain name to - /opt/acme-challenge - when passing that information to acme.sh and insure that the necessary DCV files get places in /opt/acme-challenge/.well-known/acme-challenge

This avoid all of the confusion with messing with end user's home directories and their paths. It actually removes determining correct paths for domain names completely. And since all you're really after is proving that the domain name resolves to your server... this works.

Seems like a win-win to me.

Of course... this probably won't work from an end-user perspective since an end-user isn't going to have write permission to /opt/acme-challenge - but I never really understood the point of end-user intervention to get a certificate... just automate it from the server-side and everyone gets a certificate when the domain name itself actually starts resolving to the server.

Kind of rambled into a tangent there... but maybe there's something useful in this.
 
i want to write regarding not a bug but a great feature.
Some users use pop3 accounts and they keep the messages in the server for some days or for ever.
When we move this users, then the mail client automatically download again all the messages from the server (even the past messages).
Is any way to bypass this? and after the restore the emails have the same uid so the mail client download only the new messages?
If we can find a way to fix this can help us to avoid many problems when we move clients with pop accounts. Otherwise we can have log of complains.
 
But one of the key items I came up with... and maybe this won't work from a DirectAdmin point of view (I'm still hoping to integrate my custom system into DirectAdmin, but I haven't gotten that far yet) ... why are we relying on the DCV challenge information being within the user's control?

As mentioned above - DirectAdmin is using alias for .well-known/acme-challenge, meaning it's not taking anything from user directory. I'm not sure why "why are we relying on the DCV challenge information being within the user's control" was mentioned there :) Did you notice any issues with user .htaccess files? There should be none, and if there have been any - it'd be great to investigate this. Thank you for the input!
 
A problem we noticed with the cPanel -> DA migration is that DA does not restore existing SSL certificates from the cpmove file (like cPanel does when it restores accounts). They are lost and SSL certificates need to be re-installed manually. Any fix for this?
With Let’s Encrypt we can re-issue manually even though it takes time if there are many domains, but users who have custom/paid certificates will be dissatisfied if they are asked to have them re-issued and installed.
 
i want to write regarding not a bug but a great feature.
Some users use pop3 accounts and they keep the messages in the server for some days or for ever.
When we move this users, then the mail client automatically download again all the messages from the server (even the past messages).
Is any way to bypass this? and after the restore the emails have the same uid so the mail client download only the new messages?
If we can find a way to fix this can help us to avoid many problems when we move clients with pop accounts. Otherwise we can have log of complains.

It is a problem with the way POP3 works, it is not a DirectAdmin issue. It also happens when you move accounts between cPanel servers (or any other server).
 
Will there be an option to move the accounts without much downtime?
The problem is, especially with large accounts, that changes to the data on the cPanel server occur during converting. Of course we could disable the cPanel account during the convertion, but that's not ideal either.

Possibly an initial sync and then another one in which only changes are transferred and the databases.
 
Full Backup (cPanel)

Many budget hosting providers that offered cPanel restrict the way you can backup your account. Yes, you're a WHM user, but you cannot generate the "cpmove" file or execute pkg acct.

You can only do a "Full Backup" (backup-file, not cpmove-file) and if I recall, this doesn't include all the permissions/ownership for a proper restore?

What do we do with accounts that only have a backup file of say backup-7.7.2019_10-42-29_user.tar (cPanel web interface backup) instead of cpmove-user?
 
(Tried to edit my previous post to include...)

Do we just rename the file and continue?
 
Back
Top