SSL Installation Mystery?

[Internet54]

I can't for the life of me figure out why DA is not installing my certificate correctly.

1. PossitiveSSL purchased from NameCheap
2. Dedicated IP to the domain
3. Went through the DA interface and did the request.
4. Got the cert from my email and pasted it below the private key.
5. Clicked save and restarted Apache.

Why am I still seeing the snakeoil cert?

There is absolutely no definitive answer anywhere on these boards. I've installed 10+ certs in Cpanel with no issues, this was my first try in DA and now 3 hours later I'm posting here.

Is there something wrong with DA? If so, what do I need to do to bypass this issue and get my SSL certificate working?

Thanks for the help.

 

[scsi]

Are you sure you entered it right? Make sure the user has a private ip. There is no reason that it would be calling any snakeoil anything. You should check your apache configs to see where it is loading any fake ssl cert from before it loads yours.

 

[Internet54]

Then there is definitely an issue with DA. I have the private IP. I also checked the config files for the domain and they are pointing to the correct certificate. I also opened up those certificate files and manually pasted in the correct certificate and it is STILL showing up as snakeoil. I guess I need to go find the main httpd file and see what's up there. This is more confusing than what it's supposed to be.

For what it's worth:
I'm on
Apache 2
PHP 5
OpenSSL
CentOS

 

[floyd]

If you have root access to the server email me and I will fix it for free.

 

[Internet54]

I've got most of it taken care of. Now I just need the CA-Bundle.

Wow, this has been a pain.

 

[floyd]

Wow, this has been a pain.

Not really when you follow the instructions.

1. Assign the user with the domain a unique unshared ip.
2. Enable SSL for that user.
3. Enable SSL for that domain.
4. Go to the SSL section for that domain.
5. Check the center radio button and the "Create A Certificate Request" radio button.
6. Fill out the form to and click Save. The CR will be generated.
7. Copy the CR to your SSL company's form.
8. The SSL company will email you either 1 or 2 files that you will need to open and pasted into DirectAdmin.
9. The certificate needs to be pasted under the RSA private key in the SSL section. Click Save.
10. If you get a CA certificate, also called intermediate certificate, maybe called some other things, you will then have to go back to the SSL section and click "Click Here to paste a CA Root Certificate"
11. Check "Use a CA Cert." and paste the certificate in the box and click Save.

Done.

Problems happen when people skip a step. The biggest problem I see is that people fill out the form but forget to check the correct radio buttons. They leave the top one checked which is for the "server's shared signed certificate" which will give you the "Snake Oil" certificate.

 

[nobaloney]

Then there is definitely an issue with DA.

[sarcasm]
You're absolutely right. That's why we and others have installed literally thousands of Certificates on DirectAdmin-powered boxes with no trouble. There's definitely an issue with DirectAdmin or we couldn't possibly have installed all those Certificates without any problems.
[/sarcasm]

Jeff

 

[floyd]

Internet54 are you the administrator or the end user?

 

[Internet54]

I own the server.

I have everything installed now.

Here's what the problem turned out to be.
There was an issue with the local httpd.conf file for domain.com.
When I went to setup a new account for sub.domain.com it added the entries in both httpd.conf files for each of the separate accounts. So when I went to sub.domain.com it was calling the main domains conf file. Once I got that figured out, all I needed to do was install the cert-bundle.ca file and the angels sang.

 

[neekster]

Oh this one just saved my sanity. Exactly the same problem here. Multiple domains on my account, me needing SSL on a domain other than the default domain.

DirectAdmin installs the cert fine but is still calling the cert from the primary domain for that IP.

Installed the certificate on the primary domain instead and it's available on the addon domain too... nice