SSL Certificat for Hostname

DRKT

Verified User
Joined
Oct 8, 2003
Messages
212
Hi

my hostname certificat expired... i do this:

[root@XXX scripts]# /usr/local/directadmin/scripts/letsencrypt.sh request_single `hostname` 4096
2021/05/10 11:17:01 [INFO] [xxx.yyyyy.com] acme: Obtaining SAN certificate
2021/05/10 11:17:02 [INFO] [xxx.yyyyy.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12464175093
2021/05/10 11:17:02 [INFO] [xxx.yyyyy.com] acme: authorization already valid; skipping challenge
2021/05/10 11:17:02 [INFO] [xxx.yyyyy.com] acme: Validations succeeded; requesting certificates
2021/05/10 11:17:07 [INFO] [xxx.yyyyy.com] Server responded with a certificate.
Certificate for xxx.yyyyy.com has been created successfully!
[root@XXX scripts]# service httpd restart

i clear cache navigator and not work...

How to fix this exactly?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,381
Location
Maastricht
I don't work with cache and stuff.

Check a decent way if there is a cerficiate or not. Use this script (it's not mine, I use it, but use at own risk)
Code:
#!/bin/bash

ledomains=0

for san in `ls -1 /usr/local/directadmin/data/users/*/domains/*.san_config`;
do
    domain=`basename ${san}`;
    dirname=`dirname ${san}`;
    domain=${domain%.san_config};
    if [ -e "${dirname}/${domain}.cert.creation_time" ] && [ -e "${dirname}/${domain}.cert" ] && [ -e "${dirname}/${domain}.key" ];
    then
        ledomains=$[ledomains + 1];

        sanconfig=`cat ${dirname}/${domain}.san_config | grep "subjectAltName"`;
        created=`cat ${dirname}/${domain}.cert.creation_time`;
        created_date=`LC_ALL=en_US.utf8 date -d @$created`;
        renewal_date=`LC_ALL=en_US.utf8 date -d "$created_date+60 days"`;
        renewal_days=$(expr '(' $created + 5184000 - $(LC_ALL=en_US.utf8 date +%s) ')' / 86400)

        echo "Lets Encrypt domain: $domain";
        echo "$sanconfig";
        echo "-- Created: $created_date - $created";
        echo "-- Renewal: $renewal_date";
        echo "-- Renewal in $renewal_days days.";
        echo "";

    fi;
done;

echo "";
echo "Lets Encrypt domains: $ledomains";
echo "";

if [ -e "/usr/local/directadmin/conf/cacert.pem.creation_time" ];
    then

        sanconfig=`cat /usr/local/directadmin/conf/ca.san_config | grep "subjectAltName"`;
        created=`cat /usr/local/directadmin/conf/cacert.pem.creation_time`;
        created_date=`LC_ALL=en_US.utf8 date -d @$created`;
        renewal_date=`LC_ALL=en_US.utf8 date -d "$created_date+60 days"`;
        renewal_days=$(expr '(' $created + 5184000 - $(LC_ALL=en_US.utf8 date +%s) ')' / 86400)

        echo "Lets Encrypt Hostname";
        echo "$sanconfig";
        echo "-- Created: $created_date - $created";
        echo "-- Renewal: $renewal_date";
        echo "-- Renewal in $renewal_days days.";
        echo "";

fi;

exit 0;

If all is well, it shows all domains having a certificate and your hostname should be between them (probably listed last).
 

DRKT

Verified User
Joined
Oct 8, 2003
Messages
212
Only webhosting is valid...

Lets Encrypt domain: yyyyy.com
subjectAltName=DNS:yyyyy.com, DNS:ftp.yyyyy.com, DNS:mail.yyyyy.com, DNS:xxx.yyyyy.com, DNS:pop.yyyyy.com, DNS:smtp.yyyyy.com, DNS:www.yyyyy.com
-- Created: Thu May 6 08:15:27 EDT 2021 - 1620303327
-- Renewal: Mon Jul 5 08:15:27 EDT 2021
-- Renewal in 55 days.

hostname is: xxx.yyyyy.com
But in Chrome, firefox etc... i clear cache and certificat is expired
 

DRKT

Verified User
Joined
Oct 8, 2003
Messages
212
where is certificat ? parh for hostname ?
(apache) /etc/httpd/conf/ssl.crt/ ?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,381
Location
Maastricht
I found the problem. You can't use mail for your hostname.
hostname"mail.yyyy.com"

(I masked the domain name for you).

That won't work because that 's restricted to mail which is a DA default. You can't use default names which are already in use.

Change your hostname to something like server.mcquate.com and then you should be fine. Don't forget to adjust your rDNS too.
 

DRKT

Verified User
Joined
Oct 8, 2003
Messages
212
Hi

i remove all this domain in server and i do:

[root@xxx ~]# /usr/local/directadmin/scripts/letsencrypt.sh request_single `hostname` 4096
2021/05/17 15:36:54 [INFO] [ xxx.yyyyyy.com] acme: Obtaining SAN certificate
2021/05/17 15:36:54 [INFO] [ xxx.yyyyyy.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxx
2021/05/17 15:36:54 [INFO] [ xxx.yyyyyy.com] acme: authorization already valid; skipping challenge
2021/05/17 15:36:54 [INFO] [ xxx.yyyyyy.com] acme: Validations succeeded; requesting certificates
2021/05/17 15:36:58 [INFO] [ xxx.yyyyyy.com] Server responded with a certificate.
Certificate for xxx.yyyyyy.com has been created successfully!

But last modification date on files in /etc/httpd/conf/ssl.crt/ is February 2021... date not change for May 2021!
 

DRKT

Verified User
Joined
Oct 8, 2003
Messages
212
All path in directadmin.conf is ok but i do this again and where is create certificat?
Because the certificates files not change date creation... (All time February 2021)
All time not work...

[root@xxxxx custombuild]# ./build rewrite_confs
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
 

DRKT

Verified User
Joined
Oct 8, 2003
Messages
212
and your script:

Lets Encrypt Hostname
subjectAltName=DNS:xxx.yyyyy.com
-- Created: Thu Feb 4 00:47:02 EST 2021 - 1612417622
-- Renewal: Mon Apr 5 01:47:02 EDT 2021
-- Renewal in -45 days.

[root@xxx ~]# locate server.ca
/etc/httpd/conf/ssl.crt/server.ca
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,381
Location
Maastricht
Check if your hostname is present in the /var/named and /etc/virtual directory's and in the /etc/virtual/domains file.
If it's missing somewhere, you removed too much.
 
Top