• 7
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I'd like to use Let's Encrypt certificates for my domains on a directadmin server...

For the hostname is working and I'm able to visit the hostname and the directadmin control panel over SSL, the issue is I can't get certificates to work for my other domains using the directadmin control panel or SSH.

What did I try to solve the issue?

  1. How to enable LetsEncrypt
  2. Manually debugging /.well-known/acme-challenge/letsencrypt_12345

Screenshots enter image description here enter image description here

If I login to SSH: I'm able to add up to 100 (sub)domains to the hostname, how can I add Let's Encrypt certificate's for my domain's and get them to work? I don't want to use the hostname certificate for the domains..

edit 1

directadmin.conf

SSL=1

enable_ssl_sni=1

letsencrypt=1

Output: grep well-known /etc/httpd/conf/extra/httpd-alias.conf

Alias /.well-known /var/www/html/.well-known

Services screenshot directadmin Let's Encrypt is running and the certificates renew automatically, the only domains that can use it are the hostname and some related domains, The latest version of letsencrypt.sh for directadmin servers is installed. I'm not able to use certificates for my other domains hosted on this server..

Please ask in the comments If you're in need of more information regarding this issue..

      • 2
    • @030 No, I'd like to get Let's Encrypt to work. Certificates are created by the directadmin cp and the certificates are valid but not working as the domain and it's subdomains are not secured by the certificate(s) at this moment the only way to get SSL secured websites is to add domains to the hostname certificate. I would like to create certificates for a domain and its subdomains, I'd like to be able to create working certificates using the directadmin cp or SSH without using the hostname certificate.. All domains should have their own SSL certificate without using the hostname certificate
      • 2
    • So you need a SAN certificate or a way for Let's Encrypt to issue a unique certificate for each of the URIs that are served up from that host?

Let's Encrypt doesn't offer wildcard certificates, but it offers multi-domain certificates. From their FAQ:

Let’s Encrypt offers Domain Validation (DV) certificates. We do not offer Organization Validation (OV), Extended Validation (EV), or wildcard certificates, primarily because we cannot automate issuance for those types of certificates.

Yes, the same certificate can contain several different names using the Subject Alternative Name (SAN) mechanism.

With SAN you have one certificate that covers all your domains. As TLS connection is established before the browser sends the Host: header, your HTTPD doesn't know which certificate to use for the handshake and matches the first one available that matches the IP address. Therefore there was a long era you actually needed one IP address for every single certificate. SAN was the only way to have several HTTPS sites on same IP and the certificate needed to be reissued whenever a new alias was added.

That was until Server Name Indication SNI, an extension of TLS which allows the client to include the requested hostname in the first message of its SSL handshake. SNI has been there since OpenSSL 0.9.8f from Oct 2007. It has been supported by all major browsers for years. You can easily configure it on Apache, it has been supported by Nginx since 0.5.23 and was introduced in IIS 8.0.

As you already have multiple certificates rather than SAN, you should use SNI. Allowing SNI is possible on DirectAdmin. Unfortunately Serverfault won't give support for web hosting control panels.

  • 0
Reply Report
      • 1
    • Yes I know it's possible to have a Let's Encrypt certificate for my domains certificates can be requested/created by the control panel or SSH. certificates are created and renewed but they do not secure my domains, how can I get my individual domains to be protected by a Let's Encrypt certificate valid for the individual domain and it's subdomains only?

Trending Tags