Major SSL bugs preventing migrations to DA (all in one thread)

NetworkPanda

Verified User
Joined
Jul 6, 2019
Messages
19
First of all, we feel that we must thank the DirectAdmin team for the great work they always do and they continue doing, especially during the last 10 days that many companies and customers look to migrate from some other panel to DirectAdmin. They have already fixed a lot of issues and added new features just in a few days and they try to answer all questions as soon as possible, that is remarkable.

We have been testing DirectAdmin on some personal/low importance sites (not any customers yet), transferred from the other panel. While everything works smoothly, there is an exception with SSL certificates, that prevents us from starting transferring active customers and production sites. Most accounts coming from the other panel have already installed free Let's Encrypt certificates (with AutoSSL) but they do not work immediately after the migration and cannot be easily fixed with an automated script via SSH.

Here are the problems we have experienced so far:

1. If the account and cpmove-*.tar.gz file transferred from the other panel has already installed SSL certificates, DirectAdmin does not restore them automatically. The hosting company or the client has to log into the user panel, click each addon domain separately and re-install the certificate manually. For hundreds or thousands accounts, some of which have several addon domains, it will take months. Meanwhile all sites will be showing SSL errors in the web browsers.

2. We know about the
/usr/local/directadmin/scripts/letencrypt.sh request_single somedomain .com 4096
script and already used it, but it has some significant problems:
It installs certificates for somedomain .com but not for www. somedomain .com
If you run
/usr/local/directadmin/scripts/letencrypt.sh request_single www. somedomain .com 4096
It returns the following error:
Domain does not exist on the system. Unable to find www. somedomain .com in /etc/virtual/domainowners. Exiting...
(although somedomain .com exists)

3. We also know about the autoletsencrypt.sh script, but it causes the same problems.

4. Even if you install Let's Ecrypt certificates with the letsencrypt.sh or autoletsencrypt.sh scripts, they aren't activated automatically. The customer or the hosting company has again to log into the user panel and enable the certificates for each domain separately.

We know that the DA team already has a lot of work and issues to fix, but we believe that resolution of these problems should be high priority, because 99% of the accounts coming from the other panel already have some (free or paid) SSL certificates installed (since AutoSSL is enabled on most accounts in the other panel) and they will be showing SSL errors after the migration.

Either DirectAdmin should restore automatically the certificates that exist in the backup/cpmove file, or the letsencrypt.sh/autoletsencrypt.sh scripts should install certificates on both somedomain .com and www. somedomain .com as well as all additional domains and subdomain the user has. On the other panel this was done automatically and without any manual action by the hosting company or the customer.

Unless these problems are fixed, we believe that medium and large companies with hundreds or thousands hosting accounts will not be able to migrate to DirectAdmin, as all sites will start showing SSL errors and they will receive a lot of customer complaints.

Thank you for your time
 

kebirhost

Verified User
Joined
Jul 8, 2019
Messages
89
Hello,

Unfortunately addon domains licences ware not migrated for us. We tried to install again but it gave the error:

/usr/local/directadmin/scripts/letsencrypt.sh gocdalgasi.com 4096
Domain does not exist on the system. Unable to find 4096 in /etc/virtual/domainowners. Exiting...
no valid domain found - exiting
[root@ozen scripts]# /usr/local/directadmin/scripts/letsencrypt.sh request gocdalgasi.com 4096
Requesting new certificate order...
new-order error: HTTP/1.1 100 Continue
Expires: Thu, 08 Aug 2019 04:18:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 429 Too Many Requests
Server: nginx
Content-Type: application/problem+json
Content-Length: 203
Boulder-Requester: 62833135
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: Xf4q4LQh81g-rR-S98v6LyGpr4CwZiRcZ_sLbxq5Tck
Expires: Thu, 08 Aug 2019 04:18:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 08 Aug 2019 04:18:11 GMT
Connection: close

{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits/",
"status": 429
}. Exiting...


We did not try too many request. We cannot wait 7 days to try again. What can we do?

Thanks,
Melih
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,454
Location
LT, EU
Please try:
Code:
cd /usr/local/directadmin/conf
mkdir -p old_letsencrypt
mv letsencrypt* old_letsencrypt
This would switch your LE account to new one. We've updated cPanel migration script (0.0.24 - see cPanel migration thread) not to enable cert auto-renewal if certificate hasn't been renewed for 90 days on cPanel.
 

kebirhost

Verified User
Joined
Jul 8, 2019
Messages
89
Yes at last:)

So thanks.

Another issue is related to big accounts. I can not restore the accounts email but only some emails. How can i send you the details with server crediantals?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,454
Location
LT, EU
Yes at last:)

So thanks.

Another issue is related to big accounts. I can not restore the accounts email but only some emails. How can i send you the details with server crediantals?
Use a private message, or just create a ticket at tickets.directadmin.com. Thank you!
 
Top