letsencrypt issues within skin

shanti

Verified User
Joined
Apr 8, 2009
Messages
54
Location
Wien / Vienna - Austria
hello,

i accidently opened a ticket instead of reporting here: ( https://tickets.directadmin.com/ticket.php?hash=kdDMkaSFyrr1IuOwUPaXbNs9MnvCaFON )

in evolutionskin i cannot use wildcard-letsencrypt when letcencrypt is set to "2" in directadmin.conf

it may work with with letsencrypt=1 but then letsencrypt cannot verify my hosts anymore .. so i would like to stay with letsencrypt=2 - can you help ?

Code:
/usr/local/directadmin/directadmin c | grep -E 'ssl_sni|dns_ttl|letsencrypt='

dns_ttl=1
enable_ssl_sni=1
letsencrypt=2
thanks for support
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,891
Location
LT, EU
It's known, letsencrypt=2 is not recommended to use. If =1 doesn't work - it means you have misconfiguration on your system.
 

shanti

Verified User
Joined
Apr 8, 2009
Messages
54
Location
Wien / Vienna - Austria
i beg to differ .. letsencrypt=2 is documented as a legit option ( https://www.directadmin.com/features.php?id=1828 ) since 1.50.* .. and it has a reason that this option was choosen due to a complex setup .. since we use SNI for Vhosts over several domains and ips - how can a default ip-address respond to a non-configured vhost on that ip - and you call it misconfiguaration ?

though it works in other skins ( like einda )
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,891
Location
LT, EU
how can a default ip-address respond to a non-configured vhost on that ip - and you call it misconfiguaration ?
That's how letsencrypt=1 works, it'd respond to a non-configured vhost on that IP. For example, mail.domain.com :)
 

shanti

Verified User
Joined
Apr 8, 2009
Messages
54
Location
Wien / Vienna - Austria
can you please point us to more details .on "is not recommended to use" . or a hint towards "misconfiguration"... we dont use DA's dns - if that me be important to know
 

shanti

Verified User
Joined
Apr 8, 2009
Messages
54
Location
Wien / Vienna - Austria
please lets resum the letsencrypt=1 option:
e.g.:
www.onedomain.at points to an ip 1.1.1.2 (serves /home/what/domains/onedomain.at) , the server's main ip is 1.1.1.1 (serves like /var/www) .. please explain: how would a wildcard pointing to 1.1.1.2 find its way into /var/www(/.well-known).. ? or do you mean that all dns's wildcard record should point to 1.1.1.1 ?

since http://1.1.1.2 points to the shared-ip-folder of the reseller , wouldnt that be the proper place for .well-known ? or am i missing an alias in the webserver-config to a global .well-known under /var/html ? (checked the alias .. but is its permission right to
Code:
drwxr-xr-x  2 webapps webapps 4096 Mar 17 01:11 acme-challenge
? )




Thanks for support
 
Last edited:

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,891
Location
LT, EU
@shanti I'd suggest placing it as a feature request on feedback.directadmin.com and see the demand.
 
Top