da-letsencrypt icon indicating copy to clipboard operation
da-letsencrypt copied to clipboard
verified publisher icon zenire

Add certificate request for directadmin webportal

Open ictabc opened this issue 10 years ago • 11 comments

Would be nice if it is possible to request a certificate for the web portal in the admin panel.

ictabc avatar Dec 28 '15 20:12 ictabc

Badly enough I do not understand what you would like to see. What do you mean with web portal?

Do you want to issue a SSL certificate for the hostname?

zenire avatar Jan 06 '16 10:01 zenire

What ictabc probably meant was:

Can the option be added to request a certificate for the DirectAdmin control panel? So yes, the hostname.

Since the DA SSL certificate and the hostname certificate (e.g. da.yourdomain.com:2222 and da.yourdomain.com) are at different locations (I found that out manually installing the cert on both), automatically using / installing the same cert for both would be preferred.

I hope this clears it up a bit. I would like to see this functionality too :)

Azerdion avatar Jan 06 '16 10:01 Azerdion

Would be an awesome functionality. We'll look into this.

Wouter0100 avatar Jan 06 '16 12:01 Wouter0100

@Azerdion That is what i meant. Maybe was a bit quick with filling out the form.

Should be no problem http://daserver.domain is going to /var/www/html (Centos) so requesting it isn't a problem. Next step is to link it da itself, automagicly or manual.

ictabc avatar Jan 07 '16 15:01 ictabc

Isn't it an idea to just run the python client for that? I don't there we can do that by directadmin's API..

Wouter0100 avatar Jan 07 '16 15:01 Wouter0100

I looked on my server (CentOS) and /var/www/html seems to be owned by root, so the directadmin user probably doesn't have access to it. So it can't make the request. I don't think there is a way to run LetsEncrypt as root, is there?

Azerdion avatar Jan 07 '16 16:01 Azerdion

We could run as diradmin, but the idea is to keep it secure by not running it as root (or diradmin).

Wouter0100 avatar Jan 07 '16 16:01 Wouter0100

If that works no problem, maybe just create a custom script that runs the python script at da-letsencrypt install time and an other script that is run after the request that add the certificates and enables SSL when needed in directadmin.conf and restarts directadmin.

But will the python script follow the complete apache2 config and includes all other domains or only the default DA server domain. Haven't tested the python script yet on a DA server.

ictabc avatar Jan 07 '16 16:01 ictabc

If the option is only available on the admin level (because why should users have this option) then running it as diradmin might not be that much of a risk?

Azerdion avatar Jan 07 '16 16:01 Azerdion

I don't mind running a script as root to update this certificate and the DA web portal, but will updates to the certificates also require root access. Or do I need to run python script every time to update the certificates.

ictabc avatar Jan 07 '16 16:01 ictabc

Well, I know you don't mind but this plugin is for everyone :) So we have to avoid it as much as possible. It will probably need root access every time since everything is owned by root. (Correct me if I'm wrong)

  • Read something wrong, deleted last sentence -

Azerdion avatar Jan 07 '16 16:01 Azerdion