Looking for help with changing SSL certificates

[jim.thornton]

I've been using a self-signed SSL certificate on my DA server for some time. I use the control panel for ease, but I don't sell packages. I have a few different accounts that I've let people run websites. As a result, I have never worried about a self-signed certificate. Now, I'm setting up a website on the domain that the server is setup on. It's not a website to sell hosting packages, just a website that I'm going to use for myself.

Now, setting up the website, I have gone in and configured Let's Encrypt for an actual SSL certificate to work on the frontend.

Server: s1.domainname.com (I set this up manually when configuring the server)

Frontend: domainname.com (I used DA to setup this SSL certificate via Let's Encrypt)

Also... I have SNI setup so that I can run multiple SSL certificates on the same IP address.

My frontend SSL certificate is not working because the browser is picking up the SSL for s1.domainname.com and so it is showing as not secure.

Can someone please help me re-configure this so that I can get it working on both locations?

NOTE: I have not used the actual domain names because I don't want google indexing it on this site. I've done that before and it messes up my search results. I'm attaching an image with the actual domain names. Please don't use the actual domain names in your response.

 

[Active8]

You are mixing things:
1. certificate for the hostname
2. certificate for your domain
both are seperate, to generate one for your hostname (s1) do the following:

cd /usr/local/directadmin/scripts
./letsencrypt.sh request s1.domainname.com 4096

then , you must turn on SSL in DA and tell DA to use the carootcert:

cd /usr/local/directadmin/conf
perl -pi -e 's/SSL=0/SSL=1/' directadmin.conf
echo "carootcert=/usr/local/directadmin/conf/carootcert.pem" >> directadmin.conf

change in directadmin.conf :

ssl_redirect_host=host.name.com
force_hostname=your.hostname.com

/etc/init.d/directadmin restart

 

[jim.thornton]

The SSL cert on the hostname is working correctly.

The SSL cert on the domain is not. For some reason the SSL cert from the hostname is being served on the domain.

 

[jim.thornton]

I have followed your directions and I'm still getting the same error.

When I goto domain (without s1) it gives me the attached error message in chrome. If I try to go to the site with www. infront of it, then it changes to no www and gives this error.

Not sure what is going on here.

 

[Active8]

You are using the wrong DA login link , please use: https://s1.domain.com:2222/
Just checked it it works fine

 

[jim.thornton]

https:// for the s1 is working fine. That's not the issue.

It's the frontend of the domain without (s1) or (www) and that is giving me the error.

 

[LawsHosting]

Just add your domain in DA normally and create a certificate for that domain?

Most of us use a hostname that isn't an actual domain in DA.,

 

[jim.thornton]

I'm saying that is what I did but it seems to be conflicting. I went into DA and created it for the same domain (just for www and non-www) and it installs correctly, but then I get this error.

 

[Active8]

t's the frontend of the domain without (s1) or (www) and that is giving me the error.

Ok , did you enable SSL for that domain ? I dont see any certificate for domain.ca generated
Did you enable this in that domain and did you generate a certificate for domain.ca ?

 

[floyd]

Did you add s1 as a domain or subdomain?

 

[jim.thornton]

Sorry, but can you please edit your post and take out the domain name. This forum is such an authority that it will get picked up by Google fast and they will index it.

Yes. I did that.

I went into DA and then went to the USER level. I selected the domain name (I have 3 of them installed into this user). But, I selected the correct one and then I went to SSL and generated the SSL certificate from Let's Encrypt. I've done this for other domains and it worked fine. The SSL cert seems to be conflicting. It is serving the main server SSL cert.

 

[jim.thornton]

Maybe there is a simpler question.

Is there a way that I can re-issue the MAIN HOSTNAME as a wildcard SSL cert with Let's Encrypt?

 

[floyd]

You should NOT have s1 added as a domain or subdomain.

 

[Active8]

Did you add s1 as a domain or subdomain?

Hmm maybe that is the problem, did you made any subdomain for your hostname? if yes that is not correct then.

Sorry, but can you please edit your pos

Done

 

[Active8]

Is there a way that I can re-issue the MAIN HOSTNAME as a wildcard SSL cert with Let's Encrypt?

that is possible but you have to add your hostname in to your DNS records (as it should)

 

[jim.thornton]

My hostname is there. There is nothing wrong when I go to s1.mydomain.ca it's just when I go to mydomain.ca.

When I look at the details of the certificate for the page it says that it doesn't match and the depth is = s1.mydomain.ca

This is what is making me believe the problem is that I'm trying to serve two different certs based on the subdomain and maybe a wildcard cert would be better.

 

[jim.thornton]

Sorry, I do not have s1 added as a domain or subdomain.

I have it listed in my DNS management though.

 

[jim.thornton]

I have found this page: https://www.directadmin.com/features.php?id=2122

But... I can't figure out what to do where it says SKINS.

Has anyone done this?

 

[Active8]

If you want i can look at it (for free) in your DA

 

[Active8]

I have found this page: https://www.directadmin.com/features.php?id=2122

But... I can't figure out what to do where it says SKINS.
Has anyone done this?

You can ignore the skin part
but
REQUIREMENT - PLEASE ENABLE: dns_ttl=1 in your directadmin.conf