Issue with SSL Cert.

B

bilsta

Verified User
Joined
May 26, 2007
Messages
7
Hi All,

I'm currently very very tired and need to get this working, so any help would be greatly appreciated.

First off, I have no idea how SSL Certs work, so please bear with me!

I'm running the latest version of DA on CentOS. using custombuild.

I have applied for a 'POSITIVESSL' SSL cert for http://my.webfora.net and I attempted to install the cert via DA but failed.

I have given the domain/account it's own IP.

I followed this: https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=881&nav=0,1,84

But tbh, i'm not sure if i followed it correctly, named the files correctly etc.

Currently in my custom domain http.conf is:

Code: 
 <VirtualHost 85.13.236.213:443>

        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/directadmin/data/users/webfora/domains/webfora.net.cacert
        SSLCertificateChainFile /usr/local/directadmin/data/users/webfora/domains/web1.ca-bundle

        ServerName www.webfora.net
        ServerAlias www.webfora.net webfora.net
        ServerAdmin [email protected]
        DocumentRoot /home/webfora/domains/webfora.net/private_html
        ScriptAlias /cgi-bin/ /home/webfora/domains/webfora.net/public_html/cgi-bin/

        UseCanonicalName OFF

        SuexecUserGroup webfora webfora
        CustomLog /var/log/httpd/domains/webfora.net.bytes bytes
        CustomLog /var/log/httpd/domains/webfora.net.log combined
        ErrorLog /var/log/httpd/domains/webfora.net.error.log

        <Directory /home/webfora/domains/webfora.net/private_html>
                Options +Includes -Indexes

                php_admin_flag engine ON
                <IfModule !mod_php6.c>
                        php_admin_flag safe_mode OFF
                </IfModule>
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'



        </Directory>



</VirtualHost>

as you can see i attempted this ca-bundle thing, again not sure if i have done it correctly!

any help would be fantastic, thanks!

as for:

Code: 
SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/directadmin/data/users/webfora/domains/webfora.net.cacert
        SSLCertificateChainFile /usr/local/directadmin/data/users/webfora/domains/web1.ca-bundle

I'm not sure if they the correct files etc
 
Last edited:
Forget the Comodo instructions unless you want to ask Comodo for support; we're only going to support the DirectAdmin Certificate installation here.

What files did you change manually? If you changed any manually, then change them back.

Did you do the Certificate install the DirectAdmin way (as shown here)?

Did you follow the instructions to Click Here to paste a CA Root Certificate and then paste in the CA Bundle?

Those steps are all you should have to do unless the site is the main site on the server (at the admin's user level). Since you say you gave the account it's own IP# then it can't be the main site on the server, which cannot have it's own IP#.

If the site is the main site on the server then the best way to solve the problem is to move the site to it's own user.

Jeff
 
jlasman said:
Forget the Comodo instructions unless you want to ask Comodo for support; we're only going to support the DirectAdmin Certificate installation here.

What files did you change manually? If you changed any manually, then change them back.

Did you do the Certificate install the DirectAdmin way (as shown here)?

Did you follow the instructions to Click Here to paste a CA Root Certificate and then paste in the CA Bundle?

Those steps are all you should have to do unless the site is the main site on the server (at the admin's user level). Since you say you gave the account it's own IP# then it can't be the main site on the server, which cannot have it's own IP#.

If the site is the main site on the server then the best way to solve the problem is to move the site to it's own user.

Jeff
Click to expand...

That did not work for me, I had to edit /etc/httpd/conf/ips.conf and change the ssl stuff of the IP address. But everytime it change back to the old configuration.

So I setup a cron...
 
I don't know why it didn't work for you; it works for us and for many other users. We no longer offer Comodo Certificates, but the issue is only price; they've been easy to install.

Note for the future that when you get a Certificate from us including a DirectAdmin installation, we guarantee it :).

Jeff
 
DhoTjai said:
That did not work for me, I had to edit /etc/httpd/conf/ips.conf and change the ssl stuff of the IP address. But everytime it change back to the old configuration.

So I setup a cron...
Click to expand...

Everytime DirectAdmin adds/delete domain stuff, it re-writes the apache configs (not sure if its all httpd.conf's etc, or just the modified ones). Maybe this is your problem?
 
DhoTjai said:
That did not work for me, I had to edit /etc/httpd/conf/ips.conf and change the ssl stuff of the IP address. But everytime it change back to the old configuration.
Click to expand...
I may have missed this in my previous response.

Is the IP# you're using the same as the IP# assigned for that user in DirectAdmin? Is it a n assigned (not shared) IP#?

For both, the answer must be yes. If you need to change an IP# you need to set up either that user or a new user on it's own IP#.

Jeff
 
The IP is assigned to ''admin'' and status is "shared". Only 1 user/domain is using that IP address, which is admin.

copy-paste:
Status | Reseller | User(s)
shared | admin | 1
 
Read my previous post to this thread; you cannot used a shared IP# for a Site-based Certificate. The only option is the main site under the admin control panel (not under the admin reseller) can use the Server IP#.

Jeff
 
The only option I see, is to assign the IP to a reseller and "Share selected". That's what I did, move admin to another IP address -> assign to admin -> share selected.
 
You must log in or register to reply here.
Back
Top