SSL Certificat for Hostname

DRKT

DRKT

Verified User
Joined
Oct 8, 2003
Messages
217
Hi

my hostname certificat expired... i do this:

[root@XXX scripts]# /usr/local/directadmin/scripts/letsencrypt.sh request_single `hostname` 4096
2021/05/10 11:17:01 [INFO] [xxx.yyyyy.com] acme: Obtaining SAN certificate
2021/05/10 11:17:02 [INFO] [xxx.yyyyy.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12464175093
2021/05/10 11:17:02 [INFO] [xxx.yyyyy.com] acme: authorization already valid; skipping challenge
2021/05/10 11:17:02 [INFO] [xxx.yyyyy.com] acme: Validations succeeded; requesting certificates
2021/05/10 11:17:07 [INFO] [xxx.yyyyy.com] Server responded with a certificate.
Certificate for xxx.yyyyy.com has been created successfully!
[root@XXX scripts]# service httpd restart

i clear cache navigator and not work...

How to fix this exactly?
 
I don't work with cache and stuff.

Check a decent way if there is a cerficiate or not. Use this script (it's not mine, I use it, but use at own risk)
Code: 
#!/bin/bash

ledomains=0

for san in `ls -1 /usr/local/directadmin/data/users/*/domains/*.san_config`;
do
    domain=`basename ${san}`;
    dirname=`dirname ${san}`;
    domain=${domain%.san_config};
    if [ -e "${dirname}/${domain}.cert.creation_time" ] && [ -e "${dirname}/${domain}.cert" ] && [ -e "${dirname}/${domain}.key" ];
    then
        ledomains=$[ledomains + 1];

        sanconfig=`cat ${dirname}/${domain}.san_config | grep "subjectAltName"`;
        created=`cat ${dirname}/${domain}.cert.creation_time`;
        created_date=`LC_ALL=en_US.utf8 date -d @$created`;
        renewal_date=`LC_ALL=en_US.utf8 date -d "$created_date+60 days"`;
        renewal_days=$(expr '(' $created + 5184000 - $(LC_ALL=en_US.utf8 date +%s) ')' / 86400)

        echo "Lets Encrypt domain: $domain";
        echo "$sanconfig";
        echo "-- Created: $created_date - $created";
        echo "-- Renewal: $renewal_date";
        echo "-- Renewal in $renewal_days days.";
        echo "";

    fi;
done;

echo "";
echo "Lets Encrypt domains: $ledomains";
echo "";

if [ -e "/usr/local/directadmin/conf/cacert.pem.creation_time" ];
    then

        sanconfig=`cat /usr/local/directadmin/conf/ca.san_config | grep "subjectAltName"`;
        created=`cat /usr/local/directadmin/conf/cacert.pem.creation_time`;
        created_date=`LC_ALL=en_US.utf8 date -d @$created`;
        renewal_date=`LC_ALL=en_US.utf8 date -d "$created_date+60 days"`;
        renewal_days=$(expr '(' $created + 5184000 - $(LC_ALL=en_US.utf8 date +%s) ')' / 86400)

        echo "Lets Encrypt Hostname";
        echo "$sanconfig";
        echo "-- Created: $created_date - $created";
        echo "-- Renewal: $renewal_date";
        echo "-- Renewal in $renewal_days days.";
        echo "";

fi;

exit 0;

If all is well, it shows all domains having a certificate and your hostname should be between them (probably listed last).
 
Only webhosting is valid...

Lets Encrypt domain: yyyyy.com
subjectAltName=DNS:yyyyy.com, DNS:ftp.yyyyy.com, DNS:mail.yyyyy.com, DNS:xxx.yyyyy.com, DNS:pop.yyyyy.com, DNS:smtp.yyyyy.com, DNS:www.yyyyy.com
-- Created: Thu May 6 08:15:27 EDT 2021 - 1620303327
-- Renewal: Mon Jul 5 08:15:27 EDT 2021
-- Renewal in 55 days.

hostname is: xxx.yyyyy.com
But in Chrome, firefox etc... i clear cache and certificat is expired
 
where is certificat ? parh for hostname ?
(apache) /etc/httpd/conf/ssl.crt/ ?
 
I found the problem. You can't use mail for your hostname.
hostname"mail.yyyy.com"

(I masked the domain name for you).

That won't work because that 's restricted to mail which is a DA default. You can't use default names which are already in use.

Change your hostname to something like server.mcquate.com and then you should be fine. Don't forget to adjust your rDNS too.
 
Hi

i remove all this domain in server and i do:

[root@xxx ~]# /usr/local/directadmin/scripts/letsencrypt.sh request_single `hostname` 4096
2021/05/17 15:36:54 [INFO] [ xxx.yyyyyy.com] acme: Obtaining SAN certificate
2021/05/17 15:36:54 [INFO] [ xxx.yyyyyy.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxx
2021/05/17 15:36:54 [INFO] [ xxx.yyyyyy.com] acme: authorization already valid; skipping challenge
2021/05/17 15:36:54 [INFO] [ xxx.yyyyyy.com] acme: Validations succeeded; requesting certificates
2021/05/17 15:36:58 [INFO] [ xxx.yyyyyy.com] Server responded with a certificate.
Certificate for xxx.yyyyyy.com has been created successfully!

But last modification date on files in /etc/httpd/conf/ssl.crt/ is February 2021... date not change for May 2021!
 
All path in directadmin.conf is ok but i do this again and where is create certificat?
Because the certificates files not change date creation... (All time February 2021)
All time not work...

[root@xxxxx custombuild]# ./build rewrite_confs
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
 
and your script:

Lets Encrypt Hostname
subjectAltName=DNS:xxx.yyyyy.com
-- Created: Thu Feb 4 00:47:02 EST 2021 - 1612417622
-- Renewal: Mon Apr 5 01:47:02 EDT 2021
-- Renewal in -45 days.

[root@xxx ~]# locate server.ca
/etc/httpd/conf/ssl.crt/server.ca
 
Check if your hostname is present in the /var/named and /etc/virtual directory's and in the /etc/virtual/domains file.
If it's missing somewhere, you removed too much.
 
You must log in or register to reply here.
Back
Top