Mess with SSL

giees

Verified User
Joined
Apr 22, 2020
Messages
11
I had a problem with Apache settings, which I eventually solved, but in the meantime I messed up the SSL certificates on the server.

1) I initially obtained a certificate for my domain using the "Get automatic certificate from ACME provider" option.
2) Next, I deleted it from the control panel.
3) I installed a new certificate via SSH, but on the host (ddserver.digitaldruk.pl), not the domain (digitaldruk.pl) - ./letsencrypt.sh request_single ddserver.digitaldruk.pl 4096
4) I attempted to delete it, but despite the confirmation message, it remained active (./letsencrypt.sh revoke ddserver.digitaldruk.pl 4096)
5) I installed the certificate on the domain digitaldruk.pl via SSH (./letsencrypt.sh server_cert digitaldruk.pl 4096)

Currently, I have two certificates: the primary one on the host ddserver.digitaldruk.pl, and the secondary one associated with the domain digitaldruk.pl.

How can I remove the certificate issued for the host, leaving only the one for the domain?

Zrzut ekranu 2024-08-12 152524.jpg
How can I remove the certificate issued for the host, leaving only the one for the domain?
 
So I don't know what's exactly wrong. I checked the crt.sh site and found loads of certificates for your digitaldruk.pl domain.

Currently, I have two certificates: the primary one on the host ddserver.digitaldruk.pl, and the secondary one associated with the domain digitaldruk.pl.
That is a good thing. Why do you want to remove the one from the hostname?

Unless you don't want to send mail from this server. If you do, it's better to have one and also better to change your rDNS/PTR record to your current hostname.

If you really want to remove your hostname record you could remove these files as far as they are present:
Code:
/usr/local/directadmin/conf/ca.csr
/usr/local/directadmin/conf/ca.san_config
/usr/local/directadmin/conf/cacert.pem
/usr/local/directadmin/conf/cacert.pem.combined
/usr/local/directadmin/conf/cacert.pem.creation_time
/usr/local/directadmin/conf/cakey.pem
/usr/local/directadmin/conf/carootcert.pem
/usr/local/directadmin/conf/letsencrypt.key
/usr/local/directadmin/conf/letsencrypt.key.json
I can not guarantee that it will not autorenew after some time.
 
Since you say there is no need for changes because everything is OK, let it be that way. I would only add this rDNS/PTR record, because I use mail on the server, but how?

1)
Record - domain -> digitaldruk.pl
Value - hostname -> ddserver.digitaldruk.pl

or

2)
Record - hostname -> ddserver.digitaldruk.pl
Value - domain -> digitaldruk.pl

or

3)
Record - hostname -> ddserver.digitaldruk.pl
Value - IP server
 
The rDNS/PTR record should always point to your hostname. So probably you can only change that at the vps/server provider's panel.
The ip needs to point to your valid hostname.

At this moment 77.91.61.241 is pointing to user61-241.otvarta.pl. which is most likely some default that they set up.
That ip needs to be pointing to ddserver.digitaldruk.pl to be correct.
So I would say option 3, but you have to change that user61-241.otvarta.pl. entry, so that is not in DA or external DNS. It's done at the provider of the ip. Should be in their panel or otherwise ask them how to change or if they can do it for you.

Also, be aware! If you just recently have this ip, most likely the one using it before you had some riskware/malware on the site.
At this moment 3 sites on virustotal are flagging you and also Malware Bytes is blocking your ip/url because of riskware.

I noticed when I was looking up the ip yesterday evening and then it was refused by Malware Bytes.

So if you're a new user of that ip then it might be good to notify them that your site is clean now and you're a new user (if you are).
 
Back
Top