DST Root CA X3 expired on September 30, 2021. Because of this I got invalid certificate error when visiting Directadmin login in Chrome. Certificate itself was valid. CA certificate is problem. What you have to do is update system CA certificates. Also update letsencrypt via custombuild if you didn’t already.
Error was:
[root@server]# /usr/local/directadmin/scripts/letsencrypt.sh renew my.server.com Setting up certificate for a hostname: my.server.com 2021/09/30 14:49:15 Could not create client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": x509: certificate signed by unknown authority Certificate generation failed.
You have to update system CA certificates ( Centos in this case ):
[root@server ~]# yum install ca-certificates -y .... [root@server ~]# update-ca-trust
Then try to create new certificate for server hostname:
[root@server]# /usr/local/directadmin/scripts/letsencrypt.sh request_single my.server.com 4096 Setting up certificate for a hostname: my.server.com 2021/09/30 14:51:50 [INFO] [my.server.com] acme: Obtaining SAN certificate 2021/09/30 14:51:51 [INFO] [my.server.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/35702261650 2021/09/30 14:51:51 [INFO] [my.server.com] acme: Could not find solver for: tls-alpn-01 2021/09/30 14:51:51 [INFO] [my.server.com] acme: use http-01 solver 2021/09/30 14:51:51 [INFO] [my.server.com] acme: Trying to solve HTTP-01 2021/09/30 14:51:57 [INFO] [my.server.com] The server validated our request 2021/09/30 14:51:57 [INFO] [my.server.com] acme: Validations succeeded; requesting certificates 2021/09/30 14:52:01 [INFO] [my.server.com] Server responded with a certificate. Certificate for my.server.com has been created successfully! DirectAdmin certificate has been setup. ...
Recent Comments