Issue with SSL restores from AUTO SSL certificate.

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
656
Location
The Earth
I have a full DA backup that I manually created using admin backup tools and they all contain users that have domains with SSL certificates from DA AUTO SSL. Then, I reinstalled the DA, and next, I restored all user admin accounts using admin_backups tool, the restoration was a success but the only thing that was not restored is the SSL certificate. When I look at this folder, I found none were created like below:


Code:
/usr/local/directadmin/data/users/USER/domains/DOMAIN.COM.cert

/usr/local/directadmin/data/users/USER/domains/DOMAIN.COM.key

/usr/local/directadmin/data/users/USER/domains/DOMAIN.COM.ca

/usr/local/directadmin/data/users/USER/domains/DOMAIN.COM.combined


I have gone through many posts in this forum and I haven't seen anyone talking about the SSL certificate restoration success story especially for AUTO SSL (maybe related to server certificate as mentioned by this https://forum.directadmin.com/threads/backup-restore-a-horrible-experience.63283/post-328277). Or did you guys already feel frustrated and ignore this backup and restore thing and just live with it? Or is this a known bug that is not yet discovered?

Appreciate your feedback. Thanks.
 
Hello,

To clarify, only certs created either by pasting them through the GUI (eg: Comodo paid certs), or LetsEncrypt certs created there via the wildcard/subdomain checkboxes, will be backed up/restored.

Any auto-ssl certificaites (eg: "Best Match") option are not backed up, and not restored.
Upon restoration of an auto-ssl domain, it simply gets put into the queue again for a new auto-ssl cert with this local LetsEncrypt account.

Basically, inside the backup, there would be a path:
```
backup/fred.com/domain.conf
```
if that file does not have SSLCertificateFile / SSLCertificateKeyFile key value set (which could be the case for auto-ssl domains), then nothing is restored in terms of cert/key/ca files.

For that case, there should be 2 files created:
```
/usr/local/directadmin/data/users/fred/domains/fred.com.ssl
/usr/local/directadmin/data/users/fred/domains/fred.com.ssl.next_retry
```

which would be picked up by the dataskq within a minute to attempt the request.
Assuming the domain resolves here, it will go through.

John
 
Back
Top