How-to: cPanel to DA migration

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
581
Location
Murfreesboro
.well-known

smtalk,
the .well-known/acme-challenge folder for DA is kept where? /var/www/html/ yes?. I don't see .well-known/acme-challenge inside the DA public_html folder and or subfolders. Cpanel does this them in each folder Screenshot attached.

So was reading this post about letsencrypt and realized maybe and issue. Some of my subdomains wouldnt create a cert. Noticed these
.well-known folder still existed in the DA server because they came converted in the cpanel to da back up. So I deleted them from the account in DA.

Went back disabled SSL on the domain then toggled it back on.. Selected everything I wanted. It all worked.

Could this be a bug? or maybe you need to not pull in
.well-known from the cpanel backup.
 

Attachments

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,347
Location
LT, EU
It's taken from /var/www/html, and is setup as an alias :) Works for every domain, without any changes in public_html needed. Meaning even if no vhost is created, a cert can be created (mail.domain.com, for example).
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
581
Location
Murfreesboro
So if I am on a subdomain like files.domain.com and inside the files dir in the users public html is .well-know (from cpanel). Could it be let's encrypt is looking in at the Old .well-known from cpanel then its getting confused. I just deleted them on 2 other subdomains and did not have issue with creating new ssls on the subdomains.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,347
Location
LT, EU
No, it should still be looking the /var/www/html. If it doesn't - something is wrong there. Maybe the subdomains were not pointing to the server at that time?
 

BusyBee

New member
Joined
Jul 5, 2019
Messages
4
@smtalk

1. any plan to create backup system via SSH? like cpanel syntax ./restorepkg

1.1 restore BIG backup file via browser inside DA control panel is that okay? no browser timed out?

2. any plan to work with jetbackup plugin?

im wondering have you ever try restore a backup file from cpanel with size over 40-50 GB above (mostly inside the account is emails)...

regards,

BusyBee
 

JonathanW

New member
Joined
Jun 28, 2019
Messages
4
At a glance the migrator works great. I have one account that consistently is missing 2 of it's aliased domains post-import. I've verified they exist in the cpmove file and it can be consistently recreated on multiple servers.

I'd be happy to provide the backup file if it would aid in troubleshooting.

Additionally, it'd be a great if something was in place to automatically detect when AutoSSL certs from cPanel are present for a domain and automatically enable LetsEncrypt for that domain instead of setting it to "Use the server's certificate".
 

lolfust1

Verified User
Joined
Oct 24, 2015
Messages
41
getting -
The IP 172.31.1.100 does not exist. User xxxx will not be created
how can i fix it?
 
Last edited:

JonathanW

New member
Joined
Jun 28, 2019
Messages
4
getting -
The IP 172.31.1.100 does not exist. User xxxx will not be created
how can i fix it?
It sounds like you have the account set to restore using the IP from the backup file and that IP isn't present on the DA server. Try restoring by setting the IP instead of using the one from the backup.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
581
Location
Murfreesboro
Also I retested mine from the other day and the new migrator did not fix it. I had to delete out the bogus pointers.

I also think there is something to the Old Cpanel .well-know folders. My Letsencrypt only works if those are gone as well.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,347
Location
LT, EU
For anyone with problems - may you create a ticket with access details and description of the problem, which we'd be able to reproduce? :) This would really speed the process up. Thank you!
 

sparek

Verified User
Joined
Jun 27, 2019
Messages
119
I kind of wrote my own Let's Encrypt system on cPanel. Got done writing it just as cPanel was releasing their AutoSSL stuff. I liked my way better, so I kept it.

But one of the key items I came up with... and maybe this won't work from a DirectAdmin point of view (I'm still hoping to integrate my custom system into DirectAdmin, but I haven't gotten that far yet) ... why are we relying on the DCV challenge information being within the user's control?

To get around various mod_rewrites and .htaccess controls that an end-user might put in place, I simply created an Alias in Apache - before the VirtualHost sections:

Code:
<Location "/.well-known/acme-challenge">
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
</Location>
Alias /.well-known/acme-challenge /opt/acme-challenge/.well-known/acme-challenge
Now I just have to set the "DocumentRoot" for a domain name to - /opt/acme-challenge - when passing that information to acme.sh and insure that the necessary DCV files get places in /opt/acme-challenge/.well-known/acme-challenge

This avoid all of the confusion with messing with end user's home directories and their paths. It actually removes determining correct paths for domain names completely. And since all you're really after is proving that the domain name resolves to your server... this works.

Seems like a win-win to me.

Of course... this probably won't work from an end-user perspective since an end-user isn't going to have write permission to /opt/acme-challenge - but I never really understood the point of end-user intervention to get a certificate... just automate it from the server-side and everyone gets a certificate when the domain name itself actually starts resolving to the server.

Kind of rambled into a tangent there... but maybe there's something useful in this.
 

blueice

Verified User
Joined
Jan 18, 2004
Messages
191
i want to write regarding not a bug but a great feature.
Some users use pop3 accounts and they keep the messages in the server for some days or for ever.
When we move this users, then the mail client automatically download again all the messages from the server (even the past messages).
Is any way to bypass this? and after the restore the emails have the same uid so the mail client download only the new messages?
If we can find a way to fix this can help us to avoid many problems when we move clients with pop accounts. Otherwise we can have log of complains.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,347
Location
LT, EU
But one of the key items I came up with... and maybe this won't work from a DirectAdmin point of view (I'm still hoping to integrate my custom system into DirectAdmin, but I haven't gotten that far yet) ... why are we relying on the DCV challenge information being within the user's control?
As mentioned above - DirectAdmin is using alias for .well-known/acme-challenge, meaning it's not taking anything from user directory. I'm not sure why "why are we relying on the DCV challenge information being within the user's control" was mentioned there :) Did you notice any issues with user .htaccess files? There should be none, and if there have been any - it'd be great to investigate this. Thank you for the input!
 

NetworkPanda

Verified User
Joined
Jul 6, 2019
Messages
19
A problem we noticed with the cPanel -> DA migration is that DA does not restore existing SSL certificates from the cpmove file (like cPanel does when it restores accounts). They are lost and SSL certificates need to be re-installed manually. Any fix for this?
With Let’s Encrypt we can re-issue manually even though it takes time if there are many domains, but users who have custom/paid certificates will be dissatisfied if they are asked to have them re-issued and installed.
 

NetworkPanda

Verified User
Joined
Jul 6, 2019
Messages
19
i want to write regarding not a bug but a great feature.
Some users use pop3 accounts and they keep the messages in the server for some days or for ever.
When we move this users, then the mail client automatically download again all the messages from the server (even the past messages).
Is any way to bypass this? and after the restore the emails have the same uid so the mail client download only the new messages?
If we can find a way to fix this can help us to avoid many problems when we move clients with pop accounts. Otherwise we can have log of complains.
It is a problem with the way POP3 works, it is not a DirectAdmin issue. It also happens when you move accounts between cPanel servers (or any other server).
 

dbnet

Verified User
Joined
Jul 4, 2019
Messages
7
Will there be an option to move the accounts without much downtime?
The problem is, especially with large accounts, that changes to the data on the cPanel server occur during converting. Of course we could disable the cPanel account during the convertion, but that's not ideal either.

Possibly an initial sync and then another one in which only changes are transferred and the databases.
 

Richard8

Verified User
Joined
Jul 4, 2019
Messages
67
Full Backup (cPanel)

Many budget hosting providers that offered cPanel restrict the way you can backup your account. Yes, you're a WHM user, but you cannot generate the "cpmove" file or execute pkg acct.

You can only do a "Full Backup" (backup-file, not cpmove-file) and if I recall, this doesn't include all the permissions/ownership for a proper restore?

What do we do with accounts that only have a backup file of say backup-7.7.2019_10-42-29_user.tar (cPanel web interface backup) instead of cpmove-user?
 

Richard8

Verified User
Joined
Jul 4, 2019
Messages
67
(Tried to edit my previous post to include...)

Do we just rename the file and continue?
 
Top