Installing SSL for a domain doesn't work

[IT_Architect]

DA sports a feature for users with their own IP addresses to install their own certificates. However, it doesn't work. The entire process SAYS it works during the install with the Success! message, but in reality they are simply on the server's certificate and their own certificate is never used. Judging by the hundreds of posts, many of them unresolved, it's not likely that the bugs will be fixed any time soon. In the interim, how do I hack their certs in so they will work?

The DA cert install program leaves the httpd.conf looking like this:

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/directadmin/data/users/myuser/domains/mydomain.com.cacert

The certs and key are in the /usr/local/directadmin/data/users/myuser/domains/ directory. I noticed that the DA install program also created a mydomain.com.cust_httpd, which apparently doesn't seem to be used for anything.

Thanks!

 

[nobaloney]

I've never seen the problem; we install certs regularly (even today) and have never had this problem.

Can you point us to some of those posts you refer to?

Can you tell us what OS Distribution you're using?

Jeff

 

[jim.thornton]

I'm having this problem right now. I am using CentOS 5, Apache 2.2.6, PHP 5.2.5, Mysql 5.0.45

For some reason when I install the cert, it says that it is successful but then it continues to try and authenticate with the server cert. I have to custom edit the /etc/conf/ips.conf file, which is rewritten with any changes by DA which breaks it again.

I'm going mad trying to figure it out.

 

[nobaloney]

What in that file do you have to edit?

Jeff

 

[jim.thornton]

What in that file do you have to edit?

Jeff

Someone else has been fixing it for me, so I don't exactly know what they are doing. But, it is a file that DA keeps re-writing.

I think it is /etc/httpd/conf/ips.conf

I'm not 100% sure though. All I know is that I just created a new domain, deleted it, and then re-created it again (nothing to do with the site that has the SSL on it) and it has wreaked the ssl on that site again.

It is trying to authenticate to 'localhost', which I assume is a self signed ssl cert that comes with DA. However, I do have the correct SSL installed in the profile of the domain.

 

[czotos]

Are you perhaps using a SSL certificate from GoDaddy.com??

For some reason, they seem to be problematic.

Get yourself a singe-root SSL certificate and it should work fine. I got mine from http://www.rapidssl.com/

 

[jim.thornton]

No I'm not using a SSL from Godaddy. I have a GetTrust QuickSSL from enom.

I don't think the cert is the problem because I can get it going. The guy just emailed back to me and told me what it is that he is doing. Here it is:

NameVirtualHost 74.63.67.149:80
NameVirtualHost 74.63.67.149:443

<VirtualHost 74.63.67.149:80>
        ServerName private.domain
        ScriptAliasMatch ^/~([^/]+)/+cgi-bin/+(.*) /home/$1/public_html/cgi-bin/$2
        AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2
        DocumentRoot /home/admin/public_html

        SuexecUserGroup admin admin

        CustomLog /var/log/httpd/homedir.log homedir
</VirtualHost>

<VirtualHost 74.63.67.149:443>
        SSLEngine on
        SSLCertificateFile /home/admin/ssl/monytime.ca.crt
        SSLCertificateKeyFile /home/admin/ssl/monytime.ca.key
        ServerName shared.domain
        ScriptAliasMatch ^/~([^/]+)/+cgi-bin/+(.*) /home/$1/public_html/cgi-bin/$2
        AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2
        DocumentRoot /home/admin/public_html

        SuexecUserGroup admin admin

        CustomLog /var/log/httpd/homedir.log homedir
</VirtualHost>

It's probably some kind of configuration error somewhere as I'm new to DA, Linux and webhosting in general.

74.63.67.149 is the dedicated IP assigned to this site, and for some reason there was no info on it in the ips.conf file. The only thing listed is (NameVirtualHost 74.63.67.149:80 and NameVirtualHost 74.63.67.149:443)

For some reason 74.63.67.148 is not listed either in that file (I own 146 - 149).

Any input???

 

[jim.thornton]

I really need help with this if anyone can... I need to figure out why DA is not writing the VirtualHost info into /etc/httpd/conf/ips.conf file automatically.

It just doesn't make sense to me.

 

[nobaloney]

You shouldn't have to edit anything to install a Certificate.

Is the site on it's own IP#?

Is ssl turned on for the resller at the admin level?

Is ssl turned on for the user at the reseller level?

You may need someone who understands Certificate installation in DirectAdmin to look into your server. We've been selling Certificates for DirectAdmin for years and we've never had to refund anyone because we couldn't install their certificate, and except for shared certificates, we've never needed other than user access to the control panel to make it work. I don't know why you're having the problem.

Jeff