How to install SSL certificate for the whole server hostname ?

Ziggy-NL

Verified User
Joined
May 7, 2020
Messages
8
I have installed a purchased certificate via this https://help.directadmin.com/item.php?id=15 and it works on port :2222 but on the hostname it's not working.
Also when I click on PhpMyAdmin or Roundcube I get an SSL Error. I use Directadmin on nginx.

Anybody know how to install SSL for de server? Can't find it in de docs.. I tried this https://www.site-helper.com/ssl.html)

Ok my hostname is hosting.pet-ict.nl
Should I replace a file here ? > /etc/nginx/ssl.crt/ ( dhparams.pem server.ca server.crt server.crt.combined)
Is there also a place for phpmyadmin or roundcube to change the certificate path?

I'm a bit confused here. What the correct steps are... or maybe I should not use my hostname as the address? because I can't setup this one as my default domain?
 

Zhenyapan

Verified User
Joined
Feb 23, 2018
Messages
403
Location
UA
Maybe you installed self-signed cert? if you install Lets Encrypt - it will work for all services with hostname url (squirrelmail/roundcube/phpmyadmin)
Of course you must use real hostname (domain/subdomain that with correct DNS record)
 

Ziggy-NL

Verified User
Joined
May 7, 2020
Messages
8
No not a self-signed same as hosting.pet-ict.nl:2222..
But hosting.pet-ict.nl is not reading this cert.. Is there away to install the cert for the whole webserver ? (ofcourse only the hostname)
 

Ziggy-NL

Verified User
Joined
May 7, 2020
Messages
8
servername=hosting.pet-ict.nl
ssl=1
ssl_redirect_host=hosting.pet-ict.nl
force_hostname=hosting.pet-ict.nl

Same problem.. everything on hosting.pet-ict.nl:2222 is with certificate
on hosting.pet-ict.nl certificate not working.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,245
Location
Maastricht
it will work for all services with hostname url (squirrelmail/roundcube/phpmyadmin)
Yes, but it will not automatically redirect. On domains on which I've got redirect to ssl woring, roundcube also switches to https.
On domains where I don't have this, I can still visit roundcube with http so without ssl.

In this case, could it have something to do with the redirect of the subdomain?
When using http://hosting.pet-ict.nl I get a "Nginx is functioning normally".
When using the default which DA is also using, so http://pet-ict.nl/hosting which is by default the same, I get a custom made "page not found".

When you click from there furter, for example at "over ons", it's nicely working with https, same if you just visit pet-ict.nl as main site. So it must have something to do with the subdomain redirect.

When I visit the rest of your site, I wonder why you're using the subdomain for the hosting? All other services are mentioned on your default site.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,304
Location
Murfreesboro
if you are using a purchased cert the best thing I have found to make it all work is Alexs script.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,245
Location
Maastricht
I had a look at the https hostname and seen this:
Foutcode: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

So the hostname is still using the self-signed certificate instead of the purchased one. Something must have gone wrong on creating the hostname certificate.

You cant have a subdomain named same as hostname.
Sure about that? Because hostname on port 2222 is working as it should and just the hostname gives self-signed.

Indeed re-doing with Zeiter's script might be the best solution.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,304
Location
Murfreesboro
Sure about that? Because hostname on port 2222 is working as it should and just the hostname gives self-signed.

Indeed re-doing with Zeiter's script might be the best solution.
works great
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,245
Location
Maastricht
From your link:
hostname is a hostname, you should not have it as a domain or subdomain.
So I was correct that the hostname could also be a subdomain. Because "you should not" is something different then "you can't".

However, this link might also help @Ziggy-NL when looking at post number #33 in there (the last post) where he got it working.
But Zeiter's script is better. More definate to get it right.
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
792
Location
Netherlands Germany
I'm a bit confused here. What the correct steps are... or maybe I should not use my hostname as the address? because I can't setup this one as my default domain?
IN my view i never use for server and hostname main or default domain.

Strict separation for domains important for company , and the one include subs for server.

Then you can use this letsencrypt for server / hostname. https://help.directadmin.com/item.php?id=629
Then you have in "one" step
which will also install the new cert/key/ca files in all respective global places for apache, dovecot, exim, ftp, and DirectAdmin.
NOTE The hostname value, eg: your.hostname.com must match the "servername" value set in the directadmin.conf, or it will not be in hostname mode, but User domain mode instead.
And if needed wanted for important business domains buying CERTS for those separatly from server / hostname.

Maybe here is some misunderstanding?

 
Last edited:

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,245
Location
Maastricht
Is that a limitation in nginx then? We have setup the hostname domain as default domain many times without any issues. With default domain meaning the company's website was present on it.
The only thing why we changed this now is because it makes life easier when moving to another server. Setup another hostname domain as main domain and you can directly start moving your default domain wihtout having to first restore the password etc. because you overwrite the admin domain... If you know understand what I mean.

I don't see any other reason for seperation, except maybe a bit more security if you setup your default domain as reseller and not as admin.
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
792
Location
Netherlands Germany
The only thing why we changed this now is because it makes life easier when moving to another server. Setup another hostname domain as main domain and you can directly start moving your default domain wihtout having to first restore the password etc. because you overwrite the admin domain... If you know understand what I mean.

I don't see any other reason for seperation, except maybe a bit more security if you setup your default domain as reseller and not as admin.
For both of these reasons we do this for longer times now.

Saves a lot of time moving domains / resellers then, separated from server setup.
Here Apache but OK.
(as we handle this, a example same kind of problem when moving / backups and security a MSQL Database you should never use the way it used to be DB on default OS disk and yup not a separate data disk, it was 1998 a raid config server and UPS problems then more disks fall out, ok BACKUP from data disk was there for that company , uhum not their database no-one ( database manager and company who installed) told the server admin you have to backup that DB in "programms" to )
So i did separation before, and that experience makes it clear to me how important to have some separations OS / ADMIN parts and DATA / USERS. )

For 2 weaks a crash MSQL here the OS disk, so all was back quickly and more up to date then backup of it while the DB was on other disk. ( again the why )

DA For now it is even easy to have reseller / domain moving to other servers with same ip (iv4) if you want. ( ok you have to "own" ip or same hoster)

Richard your hostname / server name was a "subdomain" i gues then but not handled in DA (GUI) itself, meaning not a DA subdomain owned by admin or reseller , i think that is what smtalk and Brent trying to tell.
Then the maindomain you can have as default and so but less handy if dns is also on that box and you want to move that domain to other server.
Maindomain.com you have more things to take care of.

I hope i am clear, not so good in explaining.?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,245
Location
Maastricht
Richard your hostname / server name was a "subdomain" i gues t
It was not my hostname/servername. I know what Brent is trying to tell me, but smtalk realy does not say it can't be done in that topic. As far as I know you can't create a subdomain another way. I don't have a test VPS, if DA would give an error that it would be fine. But it can also be done if you have the subdomain already and change hostname later probably. People can make mistakes.
But it's not my topic and I didn't ever have a hostname/subdomain combination like that. But we're getting a bit off-topic. We can talk by pm, you can tell me a the same time in Dutch that mysql story and the os/admin and data/users seperations. ;)
 
Top