SSL not working after move

[hostpc.com]

We just recenlty moved into a new DC .. after the move i have a few customers that the SSL doesnt work anymore ...
they have their own certs .. did the backup and restore .. everything seems to have restored fine
assigned a new IP .. now the cert doesnt work??
Any suggestions.

Thanks,
Nick
HostPC

 

[nobaloney]

Certs are NOT IP dependent.

Can you post an example URL that doesn't work?

Jeff

 

[hostpc.com]

Hello Jeff

Yes, I'm aware of that ... I just wanted to add every step that we did

It goes back to the server cert .. not the customers
https://www.totarotechnologies.com/catalog/login.php?osCsid=a0029cf891b1d3c6165f011c6521ab1e

Thanks for the reply,
Nick
HostPC

 

[nobaloney]

It looks as if the certs did not backup or did not restore.

Do you still have access to the old system?

Jeff

 

[jmstacey]

I also did a similar transfer and noticed the same thing (certs weren't backed up for me).
I had to copy them over manually and set them up again.

 

[nobaloney]

This entire subdirectory path:

/usr/local/directadmin/data/users/

and everything under it, must be backed up and restored. If they were, then both the certs and the paths to them should have been backed up.

Jeff

 

[hostpc.com]

Unfortunately, that path wasn't included in the DA backup

 

[nobaloney]

It looks as if it will be tomorrow before I actually get the restore done and can post (most likely to the thread "Copy") exactly what needs to be backed up and restored.

Jeff

 

[hostpc.com]

It looks as if it will be tomorrow before I actually get the restore done and can post (most likely to the thread "Copy") exactly what needs to be backed up and restored.

Jeff

Are you now on the "programming" team? If so, can you also look into the log file rotation issue that we can't get a response on (in another thread) - and other issues that aren't being addressed by DA staff (jailed environment, etc).

 

[nobaloney]

No, I do not work for DirectAdmin. I have a bit of experience and a bit of knowledge, and over 30 years of experience under my belt, and I tend to help out as much as I can (if you look at my sig you'll not that our main business is NOT hosting sites, but rather supporting those who host sites).

If you can direct me to the thread and details of the logrotating problem I'll look into it; one of my cleints has asked me to look into it for him as well.

But if after examining it, I feel it's something to be a problem inside of DA, then just like you, my recourse is to bring it to the attention of the DA support staff.

Jeff

 

[hostpc.com]

You'd responded, so I thought you were familiar with it:

http://www.directadmin.com/forum/showthread.php?s=&threadid=3786


Jailed SSH:

http://www.directadmin.com/forum/showthread.php?s=&threadid=2107


Both have been brought to DA (John's) attention several times, but you seem to be the only one that can garner an answer from him lately

 

[nobaloney]

I will look to see if I have a problem with it.

And I'll check my client's server to see about his issues with it.

Then I'll contact John.

Jeff

 

[hostpc.com]

Hello Jeff,

First, thanks for the support and help you have been providing

we found a backup that we had and found these two files

-rw------- 1 root root 1285 Oct 5 09:46 domain.cacert
-rw------- 1 root root 1285 Oct 5 09:46 domain.cert

where do these files need to go to get this client backup and running with his cert and are these the only two files we need?

Thanks again,
Nick
HostPC

 

[nobaloney]

First, thanks for the support and help you have been providing

You're very welcome <blush>. I'll always do my best to help publicly in these forums as time permits.

we found a backup that we had and found these two files

-rw------- 1 root root 1285 Oct 5 09:46 domain.cacert
-rw------- 1 root root 1285 Oct 5 09:46 domain.cert

where do these files need to go to get this client backup and running with his cert

The need to be in this path:

/usr/local/directadmin/data/users/<username>/domains

where <username> is replaced by the username owning the cert. The ownership should be directadmin:directadmin.

and are these the only two files we need?

Nope. You also need domain.key (the same domain.key that was created when the CSR from which the cert was issued was created).

Without domain.key (where "domain" is the domain name), the cert won't work.

You must restart the httpd daemon:

/etc/rc.d/init.d/httpd restart

after you've replaced the files.

Importanjt:
If you don't have the key file, then httpd will NOT restart.
Let me know if you can't find the key files; I can help you get new certs at no cost or low cost, for these clients.

Jeff

 

[neorder]

i just copied over everything under ssl (the RSA PRIVATE KEY and the CERTIFICATE it self)

and it worked fine for me