move ssl certificates

[migmac]

Hello,
I just moved all sites from one directadmin server to another, during this test, the I have realized that directadmin did not restore the ssl certificates on the new server, is this normal? how can the ssl be moved to the new server without having to be generated again?
Thank you

 

[Arieh]

DA Admin backups should include ssl certificates, in the archive it's located in backup/yourdomain.tld/domain.cert|key|cacert.

In case SSL is enabled for the user but the server certificate is used, obviously the user backup doesn't contain this.

Or are you talking about the certificate used by DA itself? In that case they're located by default in /usr/local/directadmin/conf (as configured in /usr/local/directadmin/conf/directadmin.conf)

 

[migmac]

Hi,
sorry I didn't understood your question
I have installed a verigin certificate on one domain, it was working fine, I moved that site to another server using the backup/restore option of directadmin, the only think that was not restored was the production ssl
at the new server, the domain has the information "SSL is currently enabled for this domain." but if I browse the site https:\\ I get the message as the certificate is not installed
but I am having some difficult to find the SSL, this SSL is installed on a subdomain and if I go to the directadmin section it only shows the SSL installed on the main domain correct? or can I found it elsewhere?

to manual solve the issue I just have to copy the files from backup/yourdomain.tld/domain.cert|key|cacert. to the bellow paths?

/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.key/server.key

thank you

 

[Arieh]

I wouldn't put a users domain certificate in /etc/httpd as that would be the certificated used for all domains who use the server domain.

Is SSL enabled at domain administration for the (sub)domain that you have/want the SSL certificate under?

Also, if you see the certificate files in the backup (the .cert, .key and possible .cacert files), you can open them and copy them into DA under 'SSL Certificates', if they're not already there. However be careful and make backups (copies) before you change or remove keys and certificates.

 

[migmac]

if you use DA web interface to create a certificate, at the end it will show this path /etc/httpd

yes, if I go to the domain name it says "SSL is currently enabled for this domain"

I will try to open the files that I have on the backup as try to install has you told

Thank you

 

[Arieh]

Yes I believe if you use an SSL certificate under the user admin (and admin uses the server ip which is the case by default), it will create it to /etc/httpd/conf/ssl.crt/server.crt, and will be used as server certificate for all other users who choose to use the server certificate.

If you also had this on the previous server, then that would explain why the certificate isn't in the backup. In that case you should copy /etc/httpd/conf/ssl.crt/server.crt and key from the old server.

Since this is the way DA works, I would recommend creating a new user for websites with SSL certificates and avoid placing them under admin directly.