Websites with wildcard subdomains stop working after certificate update

S

Sempiterna

Verified User
Joined
Jun 21, 2014
Messages
21
Location
The Netherlands
I've been manually requesting LetsEncrypt wildcard certificates for years, and replacing them in the "SSL Certificates" section on the directadmin GUI. This has worked for years, but when I renewed and updated the certificates today, all wildcard subdomain domain websites stopped working. The main domain of these websites continued to function, but all the wildcard subdomains acted like they no longer exist (showing something like 'apache is functioning normally') and the certificate visible is the certificate of the directadmin server.

Not knowing what caused it, I performed a full server restore and and verified the subdomains were available. Then as soon as I updated the certificate on one website via the GUI, all the wildcard subdomain websites were broken again. It seems that suddenly (within the past 3 months) something changed with the way Directadmin imports the certificate and reconfigures(?).

Manually changing the certificate and key via the cli, in "/usr/local/directadmin/data/users/USERNAME/domains/" and then reloading apache, works.

Has something changed with Directadmin that causes this serious problem?
 
Hello,

Sempiterna said:
Manually changing the certificate and key via the cli, in "/usr/local/directadmin/data/users/USERNAME/domains/" and then reloading apache, works.
Click to expand...

What exactly did you manually change? Do you mean the following settings?

Code: 
SSLCACertificateFile=
SSLCertificateFile=
SSLCertificateKeyFile=

?

Probably domains settings changed to "Use the best match certificate" option in Directadmin?
 
zEitEr said:
What exactly did you manually change? Do you mean the following settings?

Code: 
SSLCACertificateFile=
SSLCertificateFile=
SSLCertificateKeyFile=

?

Probably domains settings changed to "Use the best match certificate" option in Directadmin?
Click to expand...
No, I worked around the problem by simply copy and pasting the certificate info (key, certificate, chain) to the relevant files in "/usr/local/directadmin/data/users/USERNAME/domains/" and reloading the apache config.

This is not a certificate problem per se, but a problem which is probably caused by a "reconfigure" action/task that starts after pasting and submitting the certificate in the GUI. That action somehow breaks the wildcard subdomains on all websites/accounts that have wildcard subdomains (including those for which i'm not updating the cetificate) while leaving the main website in tact. By breaking, I mean the websites under the wildcards (like subdomain1.domain.ext, subdomain100.domain.ext, etc) are showing a default message instead of the actual website. Along with that, the server certificate is shown for both the main website domain as well as it's wildcard subdomains.

I have used DA for many years, including the wildcard subdomains and LetsEncrypt wildcard certificates, but somehow this problem started in march. It still worked 3 months before that when I last updated the certificates.

Unfortunately DA does not have test licenses, so i'm unable to take proper time to investigate the problem on a test copy of this server. To bring the websites back on online quickly I had to restore the server from a backup and proceed with the workaround.
 
You must log in or register to reply here.
Back
Top