SSL on Subdomain / Host Name Port:2222

J

Jayson Wonder

Verified User
Joined
May 27, 2015
Messages
22
Hello All,

I want to be able to access the main Web Admin Panel (port 2222) securely using SSL.

My host name is server.domain.com and I have a Let'sEncrypt certificate that states it is for hosts *.domain.com, and domain.com. The main site can be accessed securely with www.domain.com and dmain.com as expected.

I cannot open up server.domain.com:2222 or domain.com:2222 without a browser warning. If I take a look at the cert, it is not using the wildcard cert but rather a cert from localhost according to the cert details.

Does anyone have any ideas why this is be happening or how I may troubleshoot this?

My goal is to simple access the vps using the with the server.doamin.com:2222 securely with SSL.

Thank you,
 
The wildcard certificate for the domain will not work for the hostname.
Remove your hostname (server) from your domain name.

The as admin, go into the DNS manager and create a seperate entry for your server.domain.com hostname.
Do not create a user, just use the DNS entry in the DNS manager.

When this is done, login via SSH as root and use these commands to get a certificate for our hostname:
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single server.domain.com 4096

Ofcourse replace server.domain.com by your real hostname. If it does not work, check if your hostname is already resolving.
 
I made a typo, so if you have seen 2222 in the email notification, I corrected that, so do it again and use 4096 like stated above.
 
Richard G said:
When this is done, login via SSH as root and use these commands to get a certificate for our hostname:
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single server.domain.com 4096
Click to expand...
Thank you for taking the time to help me.
- I removed the hostname (server.) from the hostname option on Administrator Settings
- I created a new DNS zone server.domain.com
- I added a A NAME record for for sever

When running that script I get the following error:

Domain does not exist on the system. Unable to find server.domain.com in /etc/virtual/domainowners, and domain is not set as hostname (servername) in DirectAdmin configuration. Exiting...
Click to expand...


What do you think?
 
I think you made some mistakes:
Jayson Wonder said:
- I removed the hostname (server.) from the hostname option on Administrator Settings
Click to expand...
That is not what I wrote. Please put it back there as now this also generates the second error.
If present, remove the "server" entry from domain.com because I presume you also have domain.com on your server.

Then this:
Jayson Wonder said:
- I added a A NAME record for for sever
Click to expand...
Why? If you create a new DNS zone server.domain.com then automatically all records are created. Don't add things yourself, no need.
ftp
pop
server.domain.com.
www
by default, so somewhere something went wrong.

So please try like this:
1.) Remove the hostname DNS entry again via DNS manager/administration.
1.) In administrator settings, put your hostname back as hostname in the Administrator settings
2.) Check in user level under domain.com that no "server" record exists
3.) Go back in admin level, open DNS administration and click Add DNS zone
You can only put in there server.domain.com then the ip and both nameservers, do not select the reverse lookup.
4.) Now check DNS administration again, there should be a server.domain.com record, if you open that, all records like mentioned here should be there, inclusing SPF record normally, so you don't need to add anything there.
5.) Try creating an SSL record as suggested.
 
Thank you again for the reply. I did get confused with the first instruction because I did not have a DNS record setup for the subdomain, the DNS record was in the domain name zone instead. I am preparing to fix and try again with your new instructions. I will report back with my results.

If unsuccessful I will wipe reinstall my OS and try again from scratch.
 
Jayson Wonder said:
If unsuccessful I will wipe reinstall my OS and try again from scratch.
Click to expand...
No don't there is no need for that. Sorry if I wasn't clear enough from the start. I tend to forget that it's not common knowledge that it's best to create a seperate hostname entry in DNS administration.

An FQDN hostname looks like a subdomain, but we don't call it a subdomain, just for information.

I''m sure you will fix it. Trying again from scratch is a lot of work, and normally not needed for these slight changes.
Also (if you have time for it), you can learn from it, because it's also not easy to start from scratch when having customers or users on the panel. And this way you will see how to fix things without the need to reinstall everything.

I will check back later.
 
Richard G said:
I think you made some mistakes:

That is not what I wrote. Please put it back there as now this also generates the second error.
If present, remove the "server" entry from domain.com because I presume you also have domain.com on your server.

Then this:

Why? If you create a new DNS zone server.domain.com then automatically all records are created. Don't add things yourself, no need.
ftp
pop
server.domain.com.
www
by default, so somewhere something went wrong.

So please try like this:
1.) Remove the hostname DNS entry again via DNS manager/administration.
1.) In administrator settings, put your hostname back as hostname in the Administrator settings
2.) Check in user level under domain.com that no "server" record exists
3.) Go back in admin level, open DNS administration and click Add DNS zone
You can only put in there server.domain.com then the ip and both nameservers, do not select the reverse lookup.
4.) Now check DNS administration again, there should be a server.domain.com record, if you open that, all records like mentioned here should be there, inclusing SPF record normally, so you don't need to add anything there.
5.) Try creating an SSL record as suggested.
Click to expand...
I am happy to report back that this worked perfectly. It was quite easy and I am not sure why or how I over complicated it.

Maybe it is a separate post but the only thing that still confuses me is that the domain.com DNS zone has Yes for Local Data and No for Local Mail and the server.domain.com has No for Local Data and Yes for Local Mail.

Does this seem normal? I would think I should have Local Data & Mail on the main doamin.com if not both? Do you know how I could address this issues?

Thank so much!
 
Jayson Wonder said:
and I am not sure why or how I over complicated it.
Click to expand...
Probably because I wasn't clear enough in the beginning. :)

Glad to see everything worked perfectly for you.

Jayson Wonder said:
domain.com DNS zone has Yes for Local Data and No for Local Mail
Click to expand...
This wonders me too. For server.domain.com it's normal to have local data NO and local mail YES.

But for domain.com it should both say YES if you use mail on the server.

Can you check on user level for domain.com there is an MX page, can you check that:
Use this server to handle my emails.
is selected.

If it is not, select it and save.
If it is, then something went wrong. You can deselect it and save. After that, go back and select it again and save.
Then the issue should be fixed.

If not we need to address a little change via SSH.
Because domain.com should be present in
/etc/virtual
/etc/virtaul/domains
and /etc/virtual/domainowners

I'm almost sure it's present in the first two, but probably not in the third.
Maybe by doing the MX page trick it will be fixed otherwise add it to the /etc/virtual/domainowners file.

But server.domain.com must -not- be in that file (and it isn't at the moment).

Really have to go now, I check back later.
 
Richard G said:
u check on user level for domain.com there is an MX page, can you check that:
Use this server to handle my emails.
is selected.
Click to expand...
Hello and thanks again Richard for your time.
The above fixed it, The server.domain.com is the only issue remaining. Do you think it is the fact that there is no PTR record?
 
Jayson Wonder said:
The server.domain.com is the only issue remaining.
Click to expand...
Sorry, exactly which issue are you talking about here? Because in post #8 you reported that it worked perfectly, only domain.com had no local mail which is now also fixed.

So I might be missing something.
If you having problems that mail is refused, then this indeed can be cause by a missing PTR record which is highly required nowadays.

If you don't have one yet, then set it to server.domain.com (replace with your correct hostname), if you also use a ipv6 as main ip, do the same for that ipv6 address.

If you are pointing to the server.domain.com with local data NO and local mail YES, that is no issue, as explained, for the hostname (servername) it should be this way.

If you have another issue, please enlighten me, I thought we had covered them all, but I might be mistaking or overlooking something.
 
I was referring to the Local Data NO. I know you mentioned it was not a concern but I thought it was something I might need to address now that things are working. It is my ignorance, I will reading about what it is and does. I am just grateful that I have it working now.

I have to do some work on sorting out the home location of my www/html files for the server.domain.com. but from a DNS and SSL perspective, I am good to go, thanks to your help.
 
Jayson Wonder said:
I know you mentioned it was not a concern
Click to expand...
Not a concern, it's even working as should be.
You can find the explanation here. It's because it's created via DNS administration. Normally a subdomain is created via the domain and then it would be wrong.
But as said... a hostname is not a subdomain. ;)

Version 1.34.2 | Directadmin Docs

DirectAdmin Knowledge Base
www.directadmin.com

Jayson Wonder said:
I have to do some work on sorting out the home location of my www/html files for the server.domain.com.
Click to expand...
Why would you want to use them? Out of curiosity.
Normally the hostname is not used to serve a website because it's a hostname not a domain or subdomain, that is done via domain.com. Admin can use user level and put domain.com in there and serve pages from there.

So I'm curious as to what you want to do with those files.
 
You are right, I do not want to server any pages from there.

I just like to know where everything is.

I might put a logo on the default page instead of the "webserver is functioning normally" text.

Cheers,
 
That's a good thought.
When you visit the server via ip, it will give that message.
If I'm not mistaken that is provided via the /var/www/html directory.

Be careful there, as more system thing are provided from there like also webmail and phpmyadmin.
 
Richard G said:
If you're interested in all of them, I found an article you might be interested in, they are all mentioned in there.

Directories and locations | Directadmin Docs

DirectAdmin Knowledge Base
docs.directadmin.com
Click to expand...
Awesome, actually, this is the document I found. Very helpful. I am learning that DirectAdmin is very well put together and there is a ton of support for the product in terms of documentation and forum. Definitely better that CWP. I have used DA for years but only from a user perspective. Now, as an admin, setting it up on a bare VPS has given me a new a appreciation for the product.
 
Glad you like it. DA may sometimes be a bit more work then CP, but that is also more expensive for that reason.
Indeed DA has good support in the ticket system, as wel as friendly collegues like me (: on the forums here. As far as we are able to help.

Have fun with it and you know where to be if you run into issues.
 
Richard G said:
Glad you like it. DA may sometimes be a bit more work then CP, but that is also more expensive for that reason.
Indeed DA has good support in the ticket system, as wel as friendly collegues like me :) on the forums here. As far as we are able to help.

Have fun with it and you know where to be if you run into issues.
Click to expand...
Thanks once again!
 
You must log in or register to reply here.
Back
Top