Hello,
I`m trying to seput directadmin with ssl certificates (directadmin controll panel (port 2222), directadmin webmail, directadmin exim/dovecot), but i`m getting error:
/etc/init.d/nginx restart
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/httpd/conf/ssl.key/server.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed
i`m using nginx_apache webserver:
cat /usr/local/directadmin/custombuild/options.conf | grep webserver
webserver=nginx_apache
i have ordered an ssl for subdomain srv1.domain.tld and servers main domain FQDNS is srv1.domain.tld.
so i have generated key and crt how in tutorial explained for directadmin control panel (2222 port):
/usr/bin/openssl req -x509 -sha256 -newkey rsa:4096 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes
But i have used rsa 2048 because how i remember ssl provider does not support 4096. After uploading crt to ssl providers page they send me back bundle and crt and i have setuped directadmin control panel ssl corectly and everything is working well.
after that i was trying to do same thing for non 2222 port directadmin (i mean webmails and so on), so i tryed simply setup it like this:
cat /usr/local/directadmin/conf/directadmin.conf | grep apache
apache_public_html=0
apache_ver=2.0
#apachecert=/etc/httpd/conf/ssl.crt/server.crt
#apachekey=/etc/httpd/conf/ssl.key/server.key
apachecert=/usr/local/directadmin/conf/cacert.pem
apachekey=/usr/local/directadmin/conf/cakey.pem
apacheca=/usr/local/directadmin/conf/carootcert.pem
apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
apacheips=/etc/httpd/conf/ips.conf
apachelogdir=/var/log/httpd/domains
apachemimetypes=/etc/mime.types
brute_force_scan_apache_logs=0
cat /usr/local/directadmin/conf/directadmin.conf | grep nginx
nginx_cert=/usr/local/directadmin/conf/cacert.pem
nginx_key=/usr/local/directadmin/conf/cakey.pem
nginx_ca=/usr/local/directadmin/conf/carootcert.pem
nginx=0
nginx_proxy=1
but how i noticed this changes does not did anything because httpd and nginx was trying to read certificates from same place: /etc/httpd/conf/ssl.key/ and /etc/httpd/conf/ssl.crt/
So after that i was trying to add ssl certificate in this way:
cp /usr/local/directadmin/conf/cakey.pem /etc/httpd/conf/ssl.key/server.key
cp /usr/local/directadmin/conf/cacert.pem /etc/httpd/conf/ssl.crt/server.crt
cp /usr/local/directadmin/conf/carootcert.pem /etc/httpd/conf/ssl.crt/server.crt.combined
but then i got error (even if directadmin config ssl keys was pointed to different location)
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/httpd/conf/ssl.key/server.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed
What i`m doing wrong? may be the problem is because of permisions?
ls -la /usr/local/directadmin/conf/
total 48
drwx------ 2 diradmin diradmin 4096 Dec 21 02:06 .
drwxr-xr-x 7 diradmin diradmin 4096 Dec 21 01:31 ..
-rw------- 1 root root 1306 Dec 21 02:08 cacert.pem
-rw------- 1 root root 4121 Dec 21 01:09 cacert.pem.combined
-rw------- 1 diradmin diradmin 1704 Dec 21 02:08 cakey.pem
-rw-r--r-- 1 root root 2814 Aug 29 17:44 carootcert.pem
-rw------- 1 diradmin diradmin 2652 Dec 21 02:06 directadmin.conf
-rw------- 1 diradmin diradmin 1559 Nov 27 04:01 license.key
-rw------- 1 diradmin diradmin 1559 Oct 29 04:01 license.old
-rw------- 1 diradmin diradmin 41 Dec 21 05:02 my.cnf
-r-------- 1 diradmin diradmin 30 Nov 13 2014 mysql.conf
may be i need change certs chown to www-data or something like it?
Also i want to setup same thing for exim/dovecot, i didnt found correct tutorials for it too.
an advice for DA admins is to create one tutorial how to add SSL certificate to all places because now i was searching for documentation and didnt found anything.
I`m trying to seput directadmin with ssl certificates (directadmin controll panel (port 2222), directadmin webmail, directadmin exim/dovecot), but i`m getting error:
/etc/init.d/nginx restart
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/httpd/conf/ssl.key/server.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed
i`m using nginx_apache webserver:
cat /usr/local/directadmin/custombuild/options.conf | grep webserver
webserver=nginx_apache
i have ordered an ssl for subdomain srv1.domain.tld and servers main domain FQDNS is srv1.domain.tld.
so i have generated key and crt how in tutorial explained for directadmin control panel (2222 port):
/usr/bin/openssl req -x509 -sha256 -newkey rsa:4096 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes
But i have used rsa 2048 because how i remember ssl provider does not support 4096. After uploading crt to ssl providers page they send me back bundle and crt and i have setuped directadmin control panel ssl corectly and everything is working well.
after that i was trying to do same thing for non 2222 port directadmin (i mean webmails and so on), so i tryed simply setup it like this:
cat /usr/local/directadmin/conf/directadmin.conf | grep apache
apache_public_html=0
apache_ver=2.0
#apachecert=/etc/httpd/conf/ssl.crt/server.crt
#apachekey=/etc/httpd/conf/ssl.key/server.key
apachecert=/usr/local/directadmin/conf/cacert.pem
apachekey=/usr/local/directadmin/conf/cakey.pem
apacheca=/usr/local/directadmin/conf/carootcert.pem
apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
apacheips=/etc/httpd/conf/ips.conf
apachelogdir=/var/log/httpd/domains
apachemimetypes=/etc/mime.types
brute_force_scan_apache_logs=0
cat /usr/local/directadmin/conf/directadmin.conf | grep nginx
nginx_cert=/usr/local/directadmin/conf/cacert.pem
nginx_key=/usr/local/directadmin/conf/cakey.pem
nginx_ca=/usr/local/directadmin/conf/carootcert.pem
nginx=0
nginx_proxy=1
but how i noticed this changes does not did anything because httpd and nginx was trying to read certificates from same place: /etc/httpd/conf/ssl.key/ and /etc/httpd/conf/ssl.crt/
So after that i was trying to add ssl certificate in this way:
cp /usr/local/directadmin/conf/cakey.pem /etc/httpd/conf/ssl.key/server.key
cp /usr/local/directadmin/conf/cacert.pem /etc/httpd/conf/ssl.crt/server.crt
cp /usr/local/directadmin/conf/carootcert.pem /etc/httpd/conf/ssl.crt/server.crt.combined
but then i got error (even if directadmin config ssl keys was pointed to different location)
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/httpd/conf/ssl.key/server.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed
What i`m doing wrong? may be the problem is because of permisions?
ls -la /usr/local/directadmin/conf/
total 48
drwx------ 2 diradmin diradmin 4096 Dec 21 02:06 .
drwxr-xr-x 7 diradmin diradmin 4096 Dec 21 01:31 ..
-rw------- 1 root root 1306 Dec 21 02:08 cacert.pem
-rw------- 1 root root 4121 Dec 21 01:09 cacert.pem.combined
-rw------- 1 diradmin diradmin 1704 Dec 21 02:08 cakey.pem
-rw-r--r-- 1 root root 2814 Aug 29 17:44 carootcert.pem
-rw------- 1 diradmin diradmin 2652 Dec 21 02:06 directadmin.conf
-rw------- 1 diradmin diradmin 1559 Nov 27 04:01 license.key
-rw------- 1 diradmin diradmin 1559 Oct 29 04:01 license.old
-rw------- 1 diradmin diradmin 41 Dec 21 05:02 my.cnf
-r-------- 1 diradmin diradmin 30 Nov 13 2014 mysql.conf
may be i need change certs chown to www-data or something like it?
Also i want to setup same thing for exim/dovecot, i didnt found correct tutorials for it too.
an advice for DA admins is to create one tutorial how to add SSL certificate to all places because now i was searching for documentation and didnt found anything.
