Issues with server hostname on domain being hosted with DA

CanadaGuy

Verified User
Joined
Nov 14, 2019
Messages
158
This is a refinement of the thread I started here:


There appears to be an issue with the Let's Encrypt script for the DA server hostname, when the same server is also hosting the domain as well. For example:

domain: example.com
server: host.example.com

The result is that DA creates the host.example.com DNS zone when installation is complete. After logging in to the DA server, enter the User mode, and create the domain for example.com. The result is that example.com exists along side host.example.com. However, host.example.com refers to ns1.example.com and ns2.example.com, which are the DA server itself. But the problem is that the base domain example.com doesn't have any records for host.example.com, and so that zone is dead except for local resolution. If I try to use the Let's Encrypt script mentioned here:


It will quit with either the message:

Setting up certificate for a hostname: host.example.com
Error: http://host.example.com/.well-known/acme-challenge/letsencrypt_1575657746 is not reachable. Aborting the script.

or:

Unable to determine domain name for authorization. Exiting...

Looking at the script here https://files.directadmin.com/services/all/letsencrypt.sh I can see that these are both error messages of the script itself, not a response from Let's Encrypt. If I now create the A and NS records in example.com for host.example.com such that the host.example.com zone now can be resolved, the problem still exists. I manually checked that files under .well-known are accessible from a browser and indeed they are, though they are of 0 size. Other files are also available under this folder.

I have waited a long time with a TTL of 60 seconds long after the default 14400 would have expired and the issue persists.

As proof I'm not crazy, I created host.example.net at a different DNS provider, and pointed it to my IP address, and the script completed just fine. Other domains on this host also resolve and get certificates fine as well.

Is the scenario where the server hostname is hosted by it's own server not supported? Perhaps just not tested? I tried to document my entire issue above, but perhaps I missed something. My use case is that I would like to manage all my domains with DA, and not have to rely on an external DNS provider and domain.

Ideas?
 
Last edited:
I may misunderstand your question. If you wish to secure your Server "hostname" it is separate. Like you point out in your post

When you dig host.example.com . I assume you get your ip and A record?

This should be in the user account you created for example.com
in the DNS section of example.com
You should have all the A records and such for the domain?

I dont, in DA under dns have a Zone separate for host.example.com . It is one zone for example.com

You can use https://tools.dnsstuff.com/ . To see if it all resolves out.


Using the free "Let's Encrypt" tool to secure 2222

As of DA 1.50.0, we've added a new feature that allows you to make use of LetsEncrypt, a tool offering free basic SSL certificates.

  1. First, enable LetsEncrypt on your system
  2. Then setup the LetsEncrypt certificate for your hostname.
Welcome BTW..hope you are well.
 
I dont, in DA under dns have a Zone separate for host.example.com . It is one zone for example.com

Can you rephrase perhaps, so it is clear? You only have a single zone, example.com that you added after the install, correct? Does that mean you deleted the initial zone that DA creates?

Are these built as ns at the registrar for the domain?

Yes, the nameservers are registered at the registrar, and once everything starts resolving, it looks okay.

https://help.directadmin.com/item.php?id=15

Using the free "Let's Encrypt" tool to secure 2222

As of DA 1.50.0, we've added a new feature that allows you to make use of LetsEncrypt, a tool offering free basic SSL certificates.

  1. First, enable LetsEncrypt on your system
  2. Then setup the LetsEncrypt certificate for your hostname.

Are those the latest instructions? I've generally been using just https://help.directadmin.com/item.php?id=629 and the domain certificate is obtained fine, without the first step. I think the first step is for hosted domains, not the server hostname
 
in admin
under admin settings
server setting tab
should have

Server's Hostname
host.example.com

NS1
ns1.example.com

NS2
ns2.example.com


Correct after I installed i added a user
then a domain

Under dns you dont need a zone called
host.example.com
only
example.com
when you create the user it will add it for you.
 
You can add it under the admin user area as well. I don’t think many do that though.
 
in admin
under admin settings
server setting tab
should have

Server's Hostname
host.example.com

NS1
ns1.example.com

NS2
ns2.example.com


Correct after I installed i added a user
then a domain

Under dns you dont need a zone called
host.example.com
only
example.com
when you create the user it will add it for you.

Yes, my server hostname is as you described it.

There is one difference, but not sure if it matters. I was creating the domain directly with the admin account by switching to the User view, and adding the domain. However, that shouldn't change much I would think. When DA is first installed, there is a zone created host.example.com before adding any user or domains. Is/was that the case for you? Or am I seeing something different than usual?
 
According to the tips here:


The first step I think might be unnecessary since by default the .well-known alias is present without running it. This is "stock" /etc/httpd/conf/extra/httpd-alias.conf from an auto install and the rest of the steps all complete successfully without any further steps.

Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
Alias /config /var/www/html/redirect.php
Alias /roundcube /var/www/html/roundcube
Alias /phpMyAdmin /var/www/html/phpMyAdmin
Alias /phpmyadmin /var/www/html/phpMyAdmin
Alias /pma /var/www/html/phpMyAdmin

I'm not trying to push back on steps, I just want to understand what is happening under the hood, and eliminate some older steps that may not be necessary. I appreciate the help and confirmations.
 
Things dealing with DNS can be such a pain. Strictly speaking, it seems to be a DNS issue. I setup a new domain using a DA trial license, as per the same process I described at the start, and everything is working as I expected it to. I'll try my other domain again after things settle and report back.

Worst case scenario, I learned a few more DNS details that weren't clear before.
 
Back
Top