Need help changing serverwide hostname (SSL)

[Ch3vr0n]

For the purpose of this post i will change terminal actual value of hostnames to oldname.tld and newname.tld

Now to the problem at hand.

I'm running a small VPS that had the hostname set to s1.oldname.tld and in directadmin domein setup showed da.s1.oldname.tld. I went into administrator settings and changed it from s1.oldname.tld to s1.newname.tld and DA restarted. So far so good. Except now i'm getting a SSL certificate error (hostname mismatch). I figured, lets check at userlevel. sure enough it mentioned oldname.tld, so removed the domain there and added the new da.s1.newname.tld. Fixed i though. Nope, still browser certificate warning. So i tried to set it serverwide by SSH but there's a problem.

[root@s1 scripts]# /usr/local/directadmin/directadmin set hostname s1.newname.tld
Error with the current values:
Cannot find 'hostname' in the directadmin.conf

[root@s1 directadmin]# ./directadmin set name s1.newname.tld
name=s1.newname.tld

So i figured lets try the let's encrypt script

[root@s1 scripts]# ./letsencrypt.sh request s1.newname.tld 4096
Setting up certificate for a hostname: s1.newname.tld
2021/11/18 17:28:28 [INFO] [ftp.s1.oldname.tld, mail.s1.oldname.tld, pop.s1.oldname.tld, s1.oldname.tld, smtp.s1.oldname.tld, www.s1.oldname.tld] acme: Obtaining SAN certificate
2021/11/18 17:28:30 [INFO] [ftp.s1.oldname.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/49735031630
2021/11/18 17:28:30 [INFO] [mail.s1.oldname.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/49735031640
2021/11/18 17:28:30 [INFO] [pop.s1.oldname.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/49735031650
2021/11/18 17:28:30 [INFO] [s1.oldname.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/49735031660
2021/11/18 17:28:30 [INFO] [smtp.s1.oldname.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/49735031670
2021/11/18 17:28:30 [INFO] [www.s1.oldname.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/49735031680
2021/11/18 17:28:30 [INFO] [ftp.s1.oldname.tld] acme: authorization already valid; skipping challenge
2021/11/18 17:28:30 [INFO] [smtp.s1.oldname.tld] acme: authorization already valid; skipping challenge
2021/11/18 17:28:30 [INFO] [mail.s1.oldname.tld] acme: authorization already valid; skipping challenge
2021/11/18 17:28:30 [INFO] [pop.s1.oldname.tld] acme: authorization already valid; skipping challenge
2021/11/18 17:28:30 [INFO] [s1.oldname.tld] acme: authorization already valid; skipping challenge
2021/11/18 17:28:30 [INFO] [www.s1.oldname.tld] acme: authorization already valid; skipping challenge
2021/11/18 17:28:30 [INFO] [ftp.s1.oldname.tld, mail.s1.oldname.tld, pop.s1.oldname.tld, s1.oldname.tld, smtp.s1.oldname.tld, www.s1.oldname.tld] acme: Validations succeeded; requesting certificates
2021/11/18 17:28:35 [INFO] [ftp.s1.oldname.tld] Server responded with a certificate.
Certificate for ftp.s1.oldname.tld,mail.s1.oldname.tld,pop.s1.oldname.tld,s1.oldname.tld,smtp.s1.oldname.tld,www.s1.oldname.tld has been created successfully!
DirectAdmin certificate has been setup.
Setting up cert for Exim...
Setting up cert for WWW server...
Setting up cert for FTP server...
The services will be restarted in about 1 minute via the dataskq.

Yes, that's not a mistake. the terminal output uses the OLD hostname which according to documentation should have been updated with the new one once i edited the hostname in DA administrator settings. directadmin.conf IS updated with the proper hostname yet its still not working.

I'm a total linux noob and this is an unmanaged VPS, so i need to do this myself (hoster that initially set it up merged with a larger company a couple years ago, and they just started merging with another larger one a few months ago. These ones only offer MANAGED vps's but keep the existing unmanaged vps customers, like myself).

checked directadmin.conf and found another value at

servername=s1.oldname.tld so changed that to s1.newname.tld
ssl_redirect_host=s1.oldname.tld so changed that one to s1.newname.tld

Hoped that would fix it so reran the ssl request script. Nope, still used oldname.tld


Because of being a total noob i need STEP BY STEP and exact instructions on where to fix things and how. Your expert knowledge and advice will be highly appreciated.

 

[dmtinc]

Try this:

hostnamectl set-hostname YOURNEWHOSTNAME --static

example: hostnamectl set-hostname myserver.mydomain.tld

/usr/local/directadmin/scripts/hostname.sh YOURNEWHOSTNAME YOURSERVERIP

example: /usr/local/directadmin/scripts/hostname.sh myserver.mydomain.tld 1.2.3.4

 

[Ch3vr0n]

Executed logged in as root (like the above mentioned ones)

/usr/local/directadmin/scripts/hostname.sh: line 72: /etc/hostname: Permission denied
Could not set property: Access denied
redirect_host is already set to s1.newname.tld
servername=s1.newname.tld
force_hostname=s1.newname.tld

[root@s1 admin]# /usr/local/directadmin/scripts/letsencrypt.sh request s1.newname.tld 4096
Setting up certificate for a hostname: s1.newname.tld
2021/11/18 20:26:05 [INFO] [ftp.s1.oldname.tld ...<snip>] acme: Obtaining SAN certificate
2021/11/18 20:26:06 Could not obtain certificates:
acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietfarams:acme:error:rateLimited :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: ftp.s1.oldname.tld, ... <snip>: see https://letsencrypt.org/docs/rate-limits/
Certificate generation failed.

168 / 24 = no more requests until next thursday evening. Damned

 

[Active8]

Try ZeroSSL certificates, search forum for the steps

 

[Richard G]

/etc/hostname: Permission denied

Chis can cause trouble. So in Directadmin your hostname is changed, but in /etc/hostname it isn't?
Can you check the permissions on the /etc/hostname file via SSH and put your new hostname in there and reboot?

 

[dmtinc]

Executed logged in as root (like the above mentioned ones)

/usr/local/directadmin/scripts/hostname.sh: line 72: /etc/hostname: Permission denied
Could not set property: Access denied
redirect_host is already set to s1.newname.tld
servername=s1.newname.tld
force_hostname=s1.newname.tld

[root@s1 admin]# /usr/local/directadmin/scripts/letsencrypt.sh request s1.newname.tld 4096
Setting up certificate for a hostname: s1.newname.tld
2021/11/18 20:26:05 [INFO] [ftp.s1.oldname.tld ...<snip>] acme: Obtaining SAN certificate
2021/11/18 20:26:06 Could not obtain certificates:
acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietfarams:acme:error:rateLimited :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: ftp.s1.oldname.tld, ... <snip>: see https://letsencrypt.org/docs/rate-limits/
Certificate generation failed.

168 / 24 = no more requests until next thursday evening. Damned

You can do a trick, the problem is the "exact set of domains", if you ask only for the certificate for the hostname (with out the ftp. www. etc..) can work:

/usr/local/directadmin/scripts/letsencrypt.sh request_single s1.newname.tld 4096

 

[MaXi32]

To summarize your issue:

I figured, lets check at userlevel. sure enough it mentioned oldname.tld, so removed the domain there and added the new da.s1.newname.tld. Fixed i though. Nope, still browser certificate warning. So i tried to set it serverwide by SSH but there's a problem.

You made a mistake there. The host domain is not set in user-level domain. So, you can change the hostname using da script (the most efficient way) as mentioned by @dmtinc

/usr/local/directadmin/scripts/hostname.sh oldhostname newhostname

Executed logged in as root (like the above mentioned ones)

/usr/local/directadmin/scripts/hostname.sh: line 72: /etc/hostname: Permission denied

The next issue here is after you have followed the above first step the script complains that you don't have permission to edit the /etc/hostname. So the script did not change your hostname in /etc/hostname. You can show the permission like this like @Richard G mentioned

ls -l /etc/hostname

And the other error that happen is because you did not solve the last error above. Also, try the suggestion from @Active8 to use zerossl if you hit the SSL request limit. Here is the step: https://forum.directadmin.com/threads/windows-7-chrome-let’s-encrypt-problems.64652/page-2#post-336508

 

[Ch3vr0n]

Chis can cause trouble. So in Directadmin your hostname is changed, but in /etc/hostname it isn't?
Can you check the permissions on the /etc/hostname file via SSH and put your new hostname in there and reboot?

i can, if you tell me how. As my signature said, i need exact commandline instructions. Total linux noob

You can do a trick, the problem is the "exact set of domains", if you ask only for the certificate for the hostname (with out the ftp. www. etc..) can work:

/usr/local/directadmin/scripts/letsencrypt.sh request_single s1.newname.tld 4096

[root@s1 admin]# /usr/local/directadmin/scripts/letsencrypt.sh request_single s1.newname.tld 4096
Setting up certificate for a hostname: s1.newname.tld
2021/11/19 17:04:26 [INFO] [s1.newname.tld] acme: Obtaining SAN certificate
2021/11/19 17:04:27 [INFO] [s1.newname.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/50820244270
2021/11/19 17:04:27 [INFO] [s1.newname.tld] acme: authorization already valid; skipping challenge
2021/11/19 17:04:27 [INFO] [s1.newname.tld] acme: Validations succeeded; requesting certificates
2021/11/19 17:04:33 [INFO] [s1.newname.tld] Server responded with a certificate.
Certificate for s1.newname.tld has been created successfully!
DirectAdmin certificate has been setup.
Setting up cert for Exim...
Setting up cert for WWW server...
Setting up cert for FTP server...
The services will be restarted in about 1 minute via the dataskq.
[root@s1 admin]

The request_single command seems to have done the trick. After issueing that the SSL warning icon and browser exception when doing a forced refresh (CTRL+F5) updated to a valid "lock only" icon. Status now said "Secured by Let's Encrypt". Any other one's i need to update with request_single?

You made a mistake there. The host domain is not set in user-level domain. So, you can change the hostname using da script (the most efficient way) as mentioned by @dmtinc

/usr/local/directadmin/scripts/hostname.sh oldhostname newhostname

The next issue here is after you have followed the above first step the script complains that you don't have permission to edit the /etc/hostname. So the script did not change your hostname in /etc/hostname. You can show the permission like this like @Richard G mentioned

ls -l /etc/hostname

And the other error that happen is because you did not solve the last error above. Also, try the suggestion from @Active8 to use zerossl if you hit the SSL request limit. Here is the step: https://forum.directadmin.com/threads/windows-7-chrome-let’s-encrypt-problems.64652/page-2#post-336508

[root@s1 admin]# /usr/local/directadmin/hostname.sh s1.oldname.tld s1.newname.tld
bash: /usr/local/directadmin/hostname.sh: No such file or directory
[root@s1 admin]# /usr/local/directadmin/scripts/hostname.sh s1.oldname.tld s1.newname.tld
/usr/local/directadmin/scripts/hostname.sh: line 72: /etc/hostname: Permission denied
Changed redirect_host option from s1.newname.tld to s1.oldname.tld
servername=s1.oldname.tld
force_hostname=s1.oldname.tld

Yeah so that did the OPPOSITE, set it back to the old name. So reverted that.

[root@s1 admin]# ls -l /etc/hostname
-rw-r--r-- 1 root root 14 Nov 17 2017 /etc/hostname

Oh and i would love it if i could get SSH RSY key login working. I created an authorized key to that end in DA. While making sure everything was working as expected i noticed this in custombuild 2.0 plugin

updates_count.txt

Warning: DateTime::setTimestamp() expects parameter 1 to be int, string given in /usr/local/directadmin/plugins/custombuild/admin/tabs/log_files.php on line 28 2021-11-19 17:31:47

Warning: filesize(): stat failed for /usr/local/directadmin/plugins/custombuild/logs/..log in /usr/local/directadmin/plugins/custombuild/admin/tabs/log_files.php on line 29 0 B

Which may be the cause why it sais all components are up-to-date when they're not. Currently php 7.4.22 is installed but the latest 7.4 is 7.4.26

 

[Richard G]

i can, if you tell me how.

@MaXi32 shown you how:
ls -l /etc/hostname
and you posted the output which looks fine.

As for looking into the file, so if the content is correct, you can do it like this:
less /etc/hostname
after that by pressing q you will leave it again.

 

[Ch3vr0n]

and there we have it the culprit

s1.oldname.tld
~
~
(then a bunch of tilde's below it ~
(END)

That's probably the cause of the let's encrypt "request" command using the old name. So that needs fixing too. then the last remaining issues would be

* ssh public key login (instead of password, would save me opening the server info txt file every time)
* that custombuild 2.0 log error so i can update things again?

 

[Richard G]

and there we have it the culprit

Which is the reason I asked.

If it's a VPS, then it might be if you change this, it's reverted back after reboot, some VPS providers do that. If it's not, I wonder why the script complaintes it has no permission as it looks the permissions are correct.

Anyway, try and change.
I always use nano to edit files, but it might be nano is not installed, try this.
nano -w /etc/hostname
then remove all lines and tildes (as far as they are visible).
You can set your cursor in front of a line and use ctrl-k to remove the complete line.
Then put your correct hostname in there.

Save the file again with ctrl-k then press x and then y to overwrite and reboot the server.

Lets leave out the public key login until you fixed the host thing. You could however start using SSH on a non-default port. However you would have to change that in the firewall too. And since you lack linux knowledge, it will be some writing.

Is this server used for hosting or for hobby? Just out of curiosity.

 

[Ch3vr0n]

Not a hobby server. Live webhost, but s1.oldname.tld was tied to a domain that is no longer needed. Moved to s1.newname.tld so there was a ssl hostname mismatch after changing it in DA admin settings. So after doing that request_single (which did fix the ssl error), i obviously still need to update remaining entries.

[root@s1 admin]# nano -w /etc/hostname
bash: nano: command not found

yum install nano
logged in as root > nano -w /etc/hostname > Straight at the bottom [ Read 1 line (Warning: No write permission) ] > pressed ctrl+k > entered new hostname > ctrl + X > save modified buffer > y > filename to write: /etc/hostname > pressed enter > Error writing /etc/hostname: permission denied

chmod 755 /etc/hostname didn't work either (was a gamble)

As to the firewall thing, i have gone into csf a few times to whitelist an ip but not changing anything portwise (yet)

I see your from my neighbouring country. (I'm Belgian) if you feel up to this, i can open up teamviewer or something, open ssh terminal (and log in as root) and let you try away. Fwiw: i'm using SmarTTY (putty has no host saving function)

 

[Richard G]

Live webhost,

As total Linux noob? Phew... that's quite a risk if you're working with real customers and not being able to fix things if something goes wrong.
Anyway, your choice, but remember the DA forum is not a "i'll teach you linux forum". A webhost should at the very least have some basic linux knowledge.

chmod 755 /etc/hostname didn't work either (was a gamble)

Seems you're logged in as admin then and not as root. You have to be root to be able to issue these commands. So you have to login as root via SSH, not as admin, or login as admin and then change to root.

I can try to help you (although I mostly do not do that via teamviewer) but if you really already tried this as root (not as admin), then I can't help you either.
It's best that you ask your VPS provider why you can't change the /etc/hostname file or if they can do it for you. The hostname is set now too, maybe they change the /etc/hostname via their vps management panel and then restrict access. Which might explain why you can't now.

Let us know the outcome.

 

[Ch3vr0n]

Well this goes back a few years. But at the time due to budgettary issues i had to pick unmanaged VPS (learned since then that with my linux skill level, managed is better ) The only customer here is myself i have a very basic linux knowledge (as in i can google, and run commands). There was an issue a few months ago where the website was unavailable cause the apache service was missbehaving, couple searches later and apache was up and running again and site back up

Seems you're logged in as admin then and not as root. You have to be root to be able to issue these commands. So you have to login as root via SSH, not as admin, or login as admin and then change to root.

The last part is exactly what i did.

[email protected]:~$ su
Password:
[root@s1 admin]# chmod 755 /etc/hostname
chmod: changing permissions of '/etc/hostname': Operation not permitted
[root@s1 admin]#

I already have the hostname set in vpscontrolpanel.nl. The thing with asking the VPS provider is (as i said in the first post) "they" no longer exist. Original > merged with > company1 a couple years ago > which announced a few months ago they're merging with company2. They only maintain the servers now, but as this is unmanaged, offer no support whatsoever. Company1 still gave support as a curtousy if you didn't abuse it too much

 

[Richard G]

The last part is exactly what i did.

Seems like it. Could you try again like this:
su -
and then use the chmod command again. Does that work?

Pretty bad if they give no support at all, not even because they took over.

I already have the hostname set in vpscontrolpanel.nl.

So it's changed there? Can you doublecheck? And if the new hostname is in there, did you already reboot the VPS?

 

[Ch3vr0n]

So it's changed there? Can you doublecheck? And if the new hostname is in there, did you already reboot the VPS?

Just did again to be sure. Then went

nano /etc/hostname

s1.oldname.tld present
same "no write permission" message

slightly different terminal output now. No success though

[email protected]
:~$ su -
Password:
Last login: Sat Nov 20 16:19:01 CET 2021 on pts/0
Last failed login: Sat Nov 20 18:45:00 CET 2021 on pts/0
There were 14 failed login attempts since the last successful login.
[root@s1 ~]# chmod 755 /etc/hostname
chmod: changing permissions of '/etc/hostname': Operation not permitted
[root@s1 ~]#

 

[Richard G]

Hmmz... oke try this.

sudo -
password:
chattr -i /etc/hostname
nano -w /etc/hostname (change the name and save)
chattr +i /etc/hostname

that's the only way it can be protected and is possibly the reason that it didn't change by the panel change.

 

[Ch3vr0n]

Step 1: blocked at line 2

[email protected]:~$ sudo -
[sudo] password for admin:
admin is not in the sudoers file. This incident will be reported.
[email protected]:~$

"Fixed" that by "yum install sudo -y"

step 2:

[root@s1 admin]# adduser admin sudo
bash: adduser: command not found
[root@s1 admin]# sudo
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user]
[VAR=value] [-i|-s] [<command>]
usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...
[root@s1 admin]# sudo -
sudo: -: command not found
[root@s1 admin]# su
[root@s1 admin]# chattr -i /etc/hostname
[root@s1 admin]# nano -w /etc/hostname <== no "no write permission message this time simply "READ 1 line"", ctrl+X and save worked this time.
[root@s1 admin]# chattr +i /etc/hostname
[root@s1 admin]# nano /etc/hostname <== to verify write succes, new hostname was updated

Step 3

Reboot VPS in control panel (that works, killed the ssh connection as expected)

Step 4: log in on ssh

[email protected]:~$ nano /etc/hostname <== pulled up the hostname file, SURVIVED REBOOT. s1.newname.tld was present
[email protected]:~$

Step 5: retry the original ssl command

[root@s1 admin]# /usr/local/directadmin/scripts/letsencrypt.sh request s1.newname.tld 4096
Setting up certificate for a hostname: s1.newname.tld
2021/11/21 00:59:31 [INFO] [s1.newname.tld] acme: Obtaining SAN certificate
2021/11/21 00:59:31 [INFO] [s1.newname.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/50820244270
2021/11/21 00:59:31 [INFO] [s1.newname.tld] acme: authorization already valid; skipping challenge
2021/11/21 00:59:31 [INFO] [s1.newname.tld] acme: Validations succeeded; requesting certificates
2021/11/21 00:59:39 [INFO] [s1.newname.tld] Server responded with a certificate.
Certificate for s1.newname.tld has been created successfully!
DirectAdmin certificate has been setup.
Setting up cert for Exim...
Setting up cert for WWW server...
Setting up cert for FTP server...
The services will be restarted in about 1 minute via the dataskq.
[root@s1 admin]#

I believe that fixes the original problem?

 

[Richard G]

You need to do the same as you did before.
So sudo -
then press enter and use the password for root.
Every command I say need to be executed as root unless stated otherwise.

 

[Ch3vr0n]

We may have been crossing lines with an edit i was making. Can you please check my previous post? /etc/hostname was updated with the proper hostname and survived VPS reboot. I had no problems editing and saving the file with your last set of commands. (and i night-owl like me too i see. *cough* 01.00hrs *cough*