SSL for port 2222 :(

Anurag M

Verified User
Joined
Apr 10, 2020
Messages
14
Hi,
I having issues setting up SSL for the port 2222.

https://domain.com - works fine,
http://domain.com:2222 - works fine,
but
https://domain.com:2222 - gives an error 👇

1590340623189.png


Also having problem setting up SSL for the hostname.
Do we need to add the domain/subdomain to directadmin (for ./well-known), in order to work?

A step by step guide would help a lot.
Thanks
 
Also having problem setting up SSL for the hostname.
You might have to do this first. It's not required to setup the domain for this first as this is done via SSH commandline.
However you do need to have to add the domain first if you want https://domain.com:2222 to work, because that won't work without domain name, it should work with https://hostname.domain.com:2222 if the SSL for hostname works fine.

A step by step guide would help a lot.
Exactly, so let's start with your problem setting up SSL for the hostname. What problem do you have with this?

First you need to do this if you haven't done it yet:
Please take proper attention to step 1 and 2.

After that:

This also is good to have present in directadmin.conf
enable_ssl_sni=1
mail_sni=1

If you keep getting issues with the hostname, we have to fix this first. But error notices would be nice to be able to see what might be wrong.
 
Centos 8 is fine, also have servers running that.

As for step 3. Just to be sure, you are logged in as root and executing that command as root, correct?

If yes, there is a permission problem, but I don't know how that's possible.
In that case, what is the output of
Code:
ls -al /usr/local/directadmin/data
 
Thanks, Now ran with root user and
This is done

For this, I am stuck while running:

Code:
./letsencrypt.sh request_single your.hostname.com 4096

It outputs

Code:
Setting up certificate for a hostname: your.hostname.com
Error: http://your.hostname.com/.well-known/acme-challenge/letsencrypt_1590416578 is not reachable. Aborting the script.
dig output for your.hostname.com:
Please make sure /.well-known alias is setup in WWW server.

Note: Yes, I have changed the hostname to mine while running it
 
Did you made a A record for your hostname in DNS?
I did. Yes. But now I have a new problem as well, don't know how it happened.
I can't ping or ssh to the hostname anymore. All my websites are down as well.
I can ssh to the server IP though.

Here, I added the A record for the hostname and the nameservers as well:
1590422568634.png


I added them in domain registrar's DNS setting as well

1590422674270.png
 
Your nameservers are not reachable which is the reason it's down now.
You should be able to SSH via the ip address of your machine. Check if DNS is running.

If yes, check that port 53 is open on your firewall so the nameservers can be reached again.

Also when you're in there anyway, go to:
/var/www/html and check for a .well-known directory in there if it's present (mind the dot in front of it).
If it's present the content should look like this:
Code:
drwxr-xr-x 2 webapps webapps 4.0K 2020-05-25 00:17 acme-challenge
-rw-r--r-- 1 root    root      88 2019-09-15 03:41 .htaccess
 
If yes, check that port 53 is open on your firewall so the nameservers can be reached again.
I guess this means its open?
1590424197709.png


"service named status" gives this
Code:
Redirecting to /bin/systemctl status named.service
â—Ź named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/etc/systemd/system/named.service; enabled; vendor preset: d>
   Active: active (running) since Mon 2020-05-25 16:28:15 UTC; 2min 36s ago
  Process: 10101 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /b>
  Process: 10117 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (c>
  Process: 10114 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == ">
Main PID: 10118 (named)
    Tasks: 11 (limit: 26213)
   Memory: 62.2M
   CGroup: /system.slice/named.service
           └─10118 /usr/sbin/named -u named -c /etc/named.conf

May 25 16:28:15 alpha.eree.in named[10118]: zone webnita.com/IN: loaded serial >
May 25 16:28:15 alpha.eree.in named[10118]: zone localhost/IN: loaded serial 0
May 25 16:28:15 alpha.eree.in named[10118]: all zones loaded
May 25 16:28:15 alpha.eree.in named[10118]: running
May 25 16:28:15 alpha.eree.in named[10118]: zone webnita.com/IN: sending notifi>
May 25 16:28:15 alpha.eree.in named[10118]: zone indiafollow.com/IN: sending no>
May 25 16:28:15 alpha.eree.in named[10118]: zone eree.in/IN: sending notifies (>
May 25 16:28:15 alpha.eree.in systemd[1]: Started Berkeley Internet Name Domain>
May 25 16:28:15 alpha.eree.in named[10118]: managed-keys-zone: Key 20326 for zo>
May 25 16:28:15 alpha.eree.in named[10118]: resolver priming query complete
lines 1-22/22 (END)...skipping...
â—Ź named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/etc/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-05-25 16:28:15 UTC; 2min 36s ago
  Process: 10101 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID>
  Process: 10117 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/S>
  Process: 10114 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin>
Main PID: 10118 (named)
    Tasks: 11 (limit: 26213)
   Memory: 62.2M
   CGroup: /system.slice/named.service
           └─10118 /usr/sbin/named -u named -c /etc/named.conf

May 25 16:28:15 alpha.eree.in named[10118]: zone webnita.com/IN: loaded serial 2020052500
May 25 16:28:15 alpha.eree.in named[10118]: zone localhost/IN: loaded serial 0
May 25 16:28:15 alpha.eree.in named[10118]: all zones loaded
May 25 16:28:15 alpha.eree.in named[10118]: running
May 25 16:28:15 alpha.eree.in named[10118]: zone webnita.com/IN: sending notifies (serial 2020052500)
May 25 16:28:15 alpha.eree.in named[10118]: zone indiafollow.com/IN: sending notifies (serial 2020052>
May 25 16:28:15 alpha.eree.in named[10118]: zone eree.in/IN: sending notifies (serial 2020052500)
May 25 16:28:15 alpha.eree.in systemd[1]: Started Berkeley Internet Name Domain (DNS).
May 25 16:28:15 alpha.eree.in named[10118]: managed-keys-zone: Key 20326 for zone . acceptance timer >
May 25 16:28:15 alpha.eree.in named[10118]: resolver priming query complete
 
I guess this means its open?
No this is just the config.

Code:
telnet ns1.eree.in 53
telnet: ns1.eree.in: Name or service not known
ns1.eree.in: Unknown host

However. It seems your registrar or host is not routing to your nameservers:
Code:
[root@server23: ~]# nslookup ns1.eree.in
;; Got SERVFAIL reply from 1.1.1.1, trying next server
;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; connection timed out; no servers could be reached

Contact your registrar or host or datacenter who takes care of your nameservers if they worked before.
Something is wrong there it seems.
 
Back
Top