Symlinking ssl certificates

[rpr]

Hi,

I've just installed my wildcard certificate for the directadmin login.
But now I need to do so for exim, dovecot, ftp, ...

can't we just symlink all cert files to the directadmin login ones?

 

[zEitEr]

No, the directadmin's config directory is only 700:

drwx------. 2 diradmin diradmin 4096 Jun 26 17:58 /usr/local/directadmin/conf/

you should login into directadmin as admin and at the user level under user admin add your cert for a domain with SNI disabled. With this a cert will be installed server wide.

 

[rpr]

And will exim, pure-ftp, dovecot use that one automatically?
And can I still use letsencrypt for other web domains?

 

[zEitEr]

With SNI disabled in Directadmin (make sure to restart it after chaing configs) a cert will be installed server wide, including the services:

- Apache/NGINX
- Directadmin
- Exim/Dovecot
- ProFTPd/PureFTPd

Then later you can re-enable SNI in directadmin and keep using letsencrypt certs.

Or try a script from here: https://github.com/poralix/directadmin-utils/tree/master/ssl

Installation:

cd /usr/local/directadmin/scripts/custom
wget -O ./install_server_wide_cert.sh https://raw.githubusercontent.com/poralix/directadmin-utils/master/ssl/install_server_wide_cert.sh
chmod 700 ./install_server_wide_cert.sh

Usage:

cd /usr/local/directadmin/scripts/custom
./install_server_wide_cert.sh <PATH_TO_CERT> <PATH_TO_KEY> [<PATH_TO_CACERT>]

Where:

- PATH_TO_CERT - a full or relative path to a CERT you want to install
- PATH_TO_KEY - a full or relative path to a KEY you want to install
- PATH_TO_CACERT - a full or relative path to a CACERT you want to install

So your command would be something:

cd /usr/local/directadmin/scripts/custom
./install_server_wide_cert.sh \
/usr/local/directadmin/conf/cacert.pem \
/usr/local/directadmin/conf/cakey.pem \
/usr/local/directadmin/conf/carootcert.pem

 

[rpr]

Thx works perfectly!