DirectAdmin Acquires Valid Certificate but Doesn't Install It


#1

I’ve installed ssl through DirectAdmin. But now when I check through ssllabs.com
Error Try these other domain names (extracted from the certificates): localhost - see?

My second: torfehnegar.club
Server: centos 6
Web Server: Apache


#2

It appears your server either doesn’t support SNI and the cert for localhost is the default cert or your Let’s Encrypt certificate isn’t properly installed.

But you’ve removed most of the questions of the initial questionnaire, so I can’t help you further without it costing me much effort to ask the same questions again.


#3

@Osiris is right

you should fill out all the questions to narrow down the problem please fill out the ones below.

Note you are serving up a self singed certificate currently

A) What Client did you use to install the certificate
B) What commands did you use
C) Did you restart APACHE
D) Did you update your SSL config
E) Are you sure you updated the correct config file

Andrei


#4

hi @ahaw021

A/B= I am use DirectAdmin panel for install letsencrypt
C= service restart
D= I did not catch (Because use DirectAdmin)
E= I have no information on this subject


#5

hi @shaahin

thanks for that

the good news is that a certificate has been issued for your domain (covering www. version as well)

https://crt.sh/?q=%torfehnegar.club

have a look at these instructions: https://help.directadmin.com/item.php?id=629

there is also a generic topic for LetsEncrypt here: https://help.directadmin.com/?topic=34

can you check the configuration file here: /usr/local/directadmin/conf

my perl is very rusty but i believe the first line turns ssl=0 to ssl=1

the other two lines point direct admin to your new certificate

Andrei


#6

Hi @shaahin

confirmed regarding the perl function

https://help.directadmin.com/item.php?id=15

Installing a Purchased Certificate

If you already have your own certificate and key, then paste them into the following files:

certificate: /usr/local/directadmin/conf/cacert.pem
key: /usr/local/directadmin/conf/cakey.pem

Edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1 (default is 0). This tells DA to load the certificate and key and to use an SSL connection.
Ensure your directadmin.conf has the values set:

cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem
but can be changed as needed.

DirectAdmin needs to be restarted after any changes to the directadmin.conf.

If you also have a CA Root Certificate, this can be specified by adding:

carootcert=/usr/local/directadmin/conf/carootcert.pem
into the /usr/local/directadmin/conf/directadmin.conf file (won’t exist by default) and by pasting the contents of the caroot cert into that file.


#7

@ahaw021 Thank you very much ، half of my problem was resolved!

1- ssl was installed on the hostname and access to Directadmin was possible with ssl
server.tnchost.ir
2- But ssl not act on torfehnegar.club (with www or not)
Your connection is not secure in firefox and eg…

Anderi , To torfehnegar.club What should I do? The generic topic DirectAdmin not find anything!


#8

hi @shaahin

Reach out to the DirectAdmin community.

Unfortunately I do not have expertise in this particular panel

Andrie


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.