da-letsencrypt
da-letsencrypt copied to clipboard
zenire
SSL installed with da-letsencrypt but not activated
Hi,
I've tried using the plugin but when creating a Let's encrypt certificate with it, SSL setting in the domain config file isn't changed. Therefore, SSL was not activated in the end.
/usr/local/directadmin/data/users/admin/domains/somedomain.ext.conf ssl=OFF
I'm using custombuild with nginx_apache combination.
Couldn't you visit the website over https:// with the valid Let's Encrypt certificate when ssl=OFF ?
Apparently it does work now when using https://, although there is still an issue with the location as the webpage does only display: "Nginx is functioning normally". So the VirtualHost configuration was not updated somehow.
Activating ssl via http://IP:2222/CMD_ADDITIONAL_DOMAINS?action=view&domain=somedomein.ext helped. Could we add this to the flow somewhere or activating it by default when creating a ssl certificate for a domain?
Hmm, good point. I'll think we've to disable the Let's Encrypt-plugin page when SSL isn't enabled for this domain. I don't see any reason to enable this automatically.
For example yes. Can't we use this inside the plugin? |_if USERSSL="ON"| Show scipt |_else| Show message to activate SSL first including the link |*endif|
I want to offer my clients a free Let's Encrypt certificate, but not the option to install other certificates. For me it would be nice if the plugin works without the DirectAdmin SSL being enabled for the user.
Are you using custombuild v2 with nginx_apache ? Because if SSL is not enabled, the nginx config (and also the apache config if I recall correctly) won't have the listeners configured on port 443.
Yes.
Apache and Nginx will always listen on 443.
The error you will get with SSL disabled is: Successfully received certificate from Let's Encrypt. Error while executing first API request: You are not allowed to modify your ssl settings
Apache and Nginx are both listening to 443 but in the vhost file, there wasn't any configuration with a vhost for port 443. (Although it was the first SSL certificate on the server and on that specific IP) Also I did not see the above error. If SSL is not set to ON, there was no vhost configuration created or SSL and therefore, SSL did not work. Only after enabling/activating SSL via the old method, it worked.
@Petertjuh360, that's not possible. SSL must be enabled and we can't change this requirement.
I just experienced it and it isn't possible indeed.
What shall we do when an user does not have SSL access and he uses the plugin? The suggestion of @Bramzor looks good.
Yeah, I already had something like that in mind. Unfortunately, his example isn't in PHP, but I'll implement this when I have the change :). Shouldn't be that hard, we could use the Logger for this.
Which of the 2 will you implement? Hiding the functionality when SSL isn't activated showing a link to activate SSL seems the best option. I'm also going to place a warning on the normal SSL certificate page pointing to the plugin to avoid confusion after enabling SSL functionality.