replaced SSL certificate but old one is visible ?!

N

nieuwhier

Verified User
Joined
Sep 8, 2005
Messages
280
Location
Netherlands
Hi there,

I have replaced a certificate with a new one. DA accepted the new RSA and certificate. I restarted the httpd service but still the old certificate is used.

I checked the key and cert files at /usr/local/directadmin/data/users... and they contain the new rsa and key.

Is did a reset of my browsers and even rebooted my pc but still the old certificate is shown.

Als when you go to certificate in DA the new one is visible.

What do I miss ?

Best regards,
Michel.
 
have you receive a certificate from a root autorithy ?

paste by clicking 'Click here' left bottom in SSL for the domain

i hope you did before a certificate request with the pre-generated certificate & key (check & enter name aso...)
you sent too CA root ( free with http://www.cacert.org )
 
nieuwhier said:
Hi there,

I have replaced a certificate with a new one. DA accepted the new RSA and certificate. I restarted the httpd service but still the old certificate is used.

I checked the key and cert files at /usr/local/directadmin/data/users... and they contain the new rsa and key.

Is did a reset of my browsers and even rebooted my pc but still the old certificate is shown.

Als when you go to certificate in DA the new one is visible.

What do I miss ?

Best regards,
Michel.
Click to expand...

Make sure this account is using dedicated IP address.
 
Sorry for the late response, was away for a few days.

Yes there was a dedicated IP and the certificate was valid.

This account had multiple domains where only one used a certificate.

I solved the problem by doing this:

1) Install new certificate as usual
2) change the default domain for that account
3) change the default account back to the domain with the certificate

This worked for me. Must have something to do with the assignment of the ip to the default domain.
 
SSL Certificate for DA CP and Apache HTTPS is stored difference place

You have to create it separately.

DA CP
/usr/local/directadmin/data/users/....

Apache
/etc/httpd/conf/.....
also don't forget to modify httpd.conf
 
nieuwhier said:
This worked for me. Must have something to do with the assignment of the ip to the default domain.
Click to expand...

Apache will always use certificate of the first secure domain bound to a given IP address. If you take a look at /usr/local/directadmin/data/users/USERNAME/httpd.conf file, you will see something like (text in bold will differ) :
...

<VirtualHost 192.168.1.1:443>

SSLEngine on
SSLCertificateFile /usr/local/directadmin/data/users/USERNAME/domains/example1.com.cert
SSLCertificateKeyFile /usr/local/directadmin/data/users/USERNAME/domains/example1.com.key

ServerName www.example1.com
...

<VirtualHost 192.168.1.1:443>

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

ServerName www.example2.com
...
Click to expand...

In this example, the correct certificate is used.
If the 2nd VirtualHost section comes as 1st in your config file, the default server certificate is used instead for all domains bound to this IP address.
Apparently, changing default domain somehow caused reordering of VirtualHost sections. I am glad it worked for you, but it isn't a documented feature :) and might not work in other DA releases.
You should be able to fix this problem in any DA release by disabling SSL for all domains bound to this IP address except the one you have SSL certificate for.
 
Thx! Its more clear for me now. Next time when this happens I know more about the backgrounds.

The domain with the SSL cert was the first domain on this account. Some other domains were added during this year and that must have caused this problem.
 
You must log in or register to reply here.
Back
Top