Wrong user SSL common name on :2222

W

websterPL

Verified User
Joined
Oct 7, 2021
Messages
83
Hello,
I have latest DirectAdmin panel with LetsEncrypt installed. SSL for all users is working great but not after go to user domain :2222. In that case the browser return certificate bad common name error - certifacate gives <server name> common name instead of user domain name. How can I fix that without redirection user to <server name> or maybe turn on redirection to <server name> but without SSL common name user warning ?

Already done:

https://help.directadmin.com/item.php?id=629 (<server name>)

Self signed certificate also dont work.

When I go to <server name>:2222 SSL is working fine.

directadmin.conf

Code: 
enable_ssl_sni=1
force_hostname=
letsencrypt=1
mail_sni=1
servername=<server name>
ssl=1
ssl_redirect_host=<server name>
 
It might not have any effect, but if you don't use a line, you can better remove it from directadmin.conf just to be sure.
So remove the:
force_hostname=
line from directadmin.conf and restart directadmin. This way you are sure that is having no odd effects.
websterPL said:
(<server name>)
Click to expand...
I presume you used the server hostname and it matches the "servername" in directadmin.conf?

Check if these are present in directadmin.conf:
cacert=/usr/local/directadmin/conf/cacert.pem cakey=/usr/local/directadmin/conf/cakey.pem carootcert=/usr/local/directadmin/conf/carootcert.pem

and check if your hostname is also present in the /etc/virtual directory and the /etc/virtual/domains file (NOT domainowners).

Also don't forget to restart the httpd service.
 
<server name> is for example s1.mydomain.com but I have also site under mydomain.com.

force_hostname= removed from directadmin.conf.
Yes <server name> is the same servername in directadmin.conf.

Added to directadmin.conf:

Code: 
cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem

<server name> dont exist in /etc/virtual but exist in /etc/virtual/domains

After restart DA / httpd the problem still exist.
 
Ok, after fresh install of LetsEncrypt by DirectAdmin its working now ! Thanks You ! Is there some possibility to refresh all certificates by ssh for all users or I must do it user after user ?
 
websterPL said:
<server name> dont exist in /etc/virtual but exist in /etc/virtual/domains
Click to expand...
It should be present.

If your hostname is for example s1.mydomain.com then check your DNS manager if it's present like that.
If not create it, just click on create new domain and fill in s1.mydomain.com so it will exist.

You can also leave it out, but for some reasons it's better to have it.

Anyway, if you don't create it in DNS manager, you have to create it manually in /etc/virtual anyway.
It's just a directory, and it should look like this.
Code: 
drwxr-xr-x    2 mail      mail   4.0K 2021-02-12 22:45   s1.mydomain.com

As for the refresh of all certificates you can check this:

How to force renew all Let's Encrypt cert?

I just got this mail "We recently discovered a bug in the Let's Encrypt certificate authority code, described here: https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591 Unfortunately, this means we need to revoke the certificates that were affected by this bug, which...
forum.directadmin.com forum.directadmin.com
 
You must log in or register to reply here.
Back
Top