Unable to Create SSL Certificate

F

flyride

Verified User
Joined
Oct 19, 2009
Messages
17
I have 2 dedicated servers running DA (ns1 & ns2) and ns1 machine runs WHMCS. Each server just has 1 dedicated IP. Both DA installs are running Self-Signed SSL certificates outlined here:
http://help.directadmin.com/item.php?id=15

I would like to get a Purchased Certificate for WHMCS (which is running on ns1, not currently secured).

The ns1 machine is setup as follows:

Admin - no domain
Reseller - reseller account with the domain WHMCS uses (I don't have any other resellers)
------> Users - All under this 1 main reseller account

When I click SSL Cert under Advanced Options as Reseller I get a message that says I don't own the IP address. When I login as Admin, because I don't have a domain setup I don't have an SSL button. I tried adding ownership to my Reseller under IP Management but that doesn't seem to be possible with only 1 IP address.

I'm assuming I set this up incorrectly? :confused: Should my main domain have been under Admin? (I had originally started to set it up this way, but then I read somewhere that for backups and overall simplicity you should setup a reseller account and users under that reseller, even if you don't have actual resellers).

What is my best option at this point aside from purchasing more IP addresses?

Also is there an easy way to purchase cert's for the 2 DA installs to get rid of the annoying pop-ups? Presumably the ns1 server could share the WHMCS cert as they are on the same box? Any help/advice would be greatly appreciated!
 
Last edited:
You need to add a second ip to your server an then assign it to your user
 
So this was the correct way to set it up, but the only option is to add a 2nd IP? (It's $10/month per IP so I was hoping to avoid this route if possible)
 
massive said:
Usually the cost for an extra ip is 1$ - 2$
Click to expand...
And it's significantly less than that when you're buying enough of them. if you buy them directly from ARIN it's pennies. When I buy (and justify) an entire Class C allocation (256 IP#s) I never pay more than 25c per month. Often less. Many colocation companies (including NoBaloney) include all you can justify at no extra cost.

Can you move the domain hosting WHMCS to the admin user? If you can, you can use the single IP# you have.

Jeff
 
Well, ideally I guess it would be best to move that domain to the admin user. I have no idea what would be involved with that though.

Would I have to add a new domain for the reseller before deleting it? The system recognizes that it already has the domain otherwise. A reseller can't exist without a domain can it?

What is the "proper" way to do this normally? Main domain on admin user? Then 2nd domain on reseller? Users underneath?
 
As the Apple iPhone people would say, there's an app for that.

Check this Knowledgebase article.

And no, a reseller doesn't need a domain to exist. You need to set one up to create the user, but you can delete it afterwards.

However, don't delete this one. Move it away, as in the Knowledgebase article.

Jeff
 
Worked great, thanks Jeff! I was getting Apache Functioning Normally even though the files where all there, found that /etc/httpd/conf/extra/directadmin-vhosts.conf didn't have an entry for the admin user, so I ran

cd /usr/local/directadmin/custombuild
./build rewrite_confs

.. and things are good now. Now to setup the SSL certs... :)
 
Now this makes me wonder - would I have been better to set it up this way?

admin - secure.mydomain.com
reseller - mydomain.com (i don't have any resellers)
users - all the other domains

Would their be any advantage to setting it up this way? From what I'm reading as long as mydomain.com is under secure.mydomain.com they can both be secure...
 
I don't tell others how to set up their reseller chain. However, that said, don't forget to plan for the future. Since Every user is limited to one IP#, and since in the future you may want to have IP#s for those other domains, I'd suggest in your situation creating all your domains under separate users, under the main admin reseller.

Jeff
 
Yes, understandable as everyone's situation is different. I appreciate the input.

So basically in my situation, setting it up this way would be:
1.) mydomain.com and secure.mydomain.com would both be under admin
2.) I would re-create the packages I have currently setup under my other non-admin reseller under the admin reseller
3.) Backup individual user (under other reseller)
4.) Delete individual user (under other reseller)
5.) Create & import individual user under admin reseller


Is there any easier way to move all users under one reseller account back to the admin reseller?
 
n/m found the Move Users to Resellers button :) Should really be called "Move Users Between Resellers" (I thought it was to turn a User into a Reseller).

Thanks again Jeff!
 
I generally don't use the admin userlevel or reseller level for anything; I believe the admin password should be kept to only one person, and if you use it for users or resellers at some point in the future you may need to give it out.

So I create resellers, and then users under resellers.

I generally create a different reseller for each selling package I create, so I can have more customization in my site-details (welcome) emails.

That's for me. Your mileage may differ.

If you think the button should be renamed, post a feature request :).

Jeff
 
I submitted a feature request. :)

I have another question - I have setup a RapidSSL key on secure.mydomain.com - it works fine for DirectAdmin (https://secure.mydomain.com:2222/), but any other domain I go to (ie https://www.mydomain.com:2222/ or https://www.anotherusersdomain.com:2222) they all show the SSL nag saying it's not the right domain. I was originally thinking I should be able to make it the shared server certificate and then add it to other users/domains to eliminate this.

I followed jlasmans's guide (as best as I could, seems some things have changed since it was written in 2003 or 2004) - I'm wondering if I missed something in making it the server-wide shared certificate. I was assuming if it was the server shared, I could add it to other users/domains, eliminating the 'wrong domain' nags? I also read a thread about symlinking www.nonssl.com to secure.yourdomain.com/nonssl.com which would indicate maybe not as I'd have to do that for every user? I'm beginning to think maybe I've misunderstood the serverwide shared cert...?
 
You misunderstand. The error is caused by the Certificate itself; you buy it for a given domain name. Most certificates for www.example.com, for example, will only work without error for https://www.example.com. There are some limited exceptions, we and others sell certificates that will work for https://www.example.com (we do not charge extra for certificates that work with or without the www. prefix) and also for what are called wildcard certificates that work for https://anything.example.com, where anything literally means anything; you can have anything there, but these are significantly more expensive.

I believe I explained carefully in my previous post how to use a shared certificate, but in case you missed it:

https://secure.your.example.com/example.net/

where secure.your.example.com refers to your domain name, and example.net refers to your client domain name. Then you give your client a separate ftp login on your site to that specific directory, and manage yourself the tracking of space, traffic, and other resources.

Jeff
 
You must log in or register to reply here.
Back
Top