Instructions needed on installing commercial SSL on hostname.

H

HHawk79

Verified User
Joined
Sep 3, 2021
Messages
83
Hi all,

I hope someone can provide me some instructions on how to setup/install a commercial SSL certificate on the hostname.

And yes, I know about installing and using a Let's Encrypt SSL certificate on the hostname. This is pretty easy and is something I normally use. However this customer does not want to use a Let's Encrypt SSL certificate on his hostname, but he wants to use a commercial SSL certificate on the hostname.

I have searched for a solution on this on Google and within the DirectAdmin documentation, but it's not very clear on how to do this succesfully. Based on this, I (again) recommended the customer to use Let's Encrypt instead (much less work and issues), however he prefers to use a commercial SSL certificate (and simply refuses to use Let's Encrypt). Sigh.

Anyways, customer is king, right? So I have been trying to find information on how to do this, but I cannot find clear instructions on how to achieve this correctly. Or I have overlooked things maybe? Hopefully someone can provide some help with this. I do know how to generate a CSR request from the CLI. But after that, I am completely in the dark on what do.

As as an example I am using the following as the hostname: ns1.exampledomain.com. On this CN the commercial SSL certificate will be installed and can be used afters to login on DirectAdmin (port 2222), mailserver, FTP, etc.
 
Sigh. Followed the tutorial several times, but this is the result (like yesterday):
fatal creating main HTTP server error=newServer failed to initialize TLS certificate cache: tls: private key does not match public key port=2222

But probably it's me, given the response. So I will tell the customer to use LE instead. Thank you.
 
Well update; decided to give it a go om my test server and I got it working. Though more details in the documentation would be great. I guess you have to figure out several things for your own. Plesk in this regard is much easier. But I understand.

Anyways, just for my own information; if I used Let's Encrypt for the hostname in the past, the commercial SSL certificate (for hostname) will not be overwritten automatically right? I didn't setup a cron job fot that, so it should be left alone, if I am not mistaken.
 
HHawk79 said:
decided to give it a go om my test server and I got it working.
Click to expand...
So what did you do differently so you got it working now?
And what do you have to figure out for your own?
I'm just curious as this question could come a long in the future and I would like to know how it's done if the docs are incomplete, to be able to help people.

HHawk79 said:
the commercial SSL certificate (for hostname) will not be overwritten automatically right?
Click to expand...
Probably not, I'm not 100% sure. If the system doesn't see it anymore, it shouldn't happen. Otherwise a remove should be issued.
 
I guess I was to enthusiastic. When I check with the Qualys SSL checker I am getting "T"-rating.
It keeps complaining about a "localhost" certificate. Though the DirectAdmin interface under https is working without issues. Weird.

Anyways, I wasted to much time on this. So I will leave it as it is...
 
I did not read if you have restarted Nginx and/or Apache.. since it works with DirectAdmin, did you do that?
 
Checking a personal server, it seems the hostname does gets automatically renewed if LE is used.
Oh well. Taking to much time. Spend all day on this. Throwing the towel in the ring.
 
You must log in or register to reply here.
Back
Top