Creating new CSR with Auto SSL enabled

Version 1.62.3


This affects anyone who has Auto SSL enabled (most boxes) and who create a new Certificate Signing Request (CSR) while there is an active cert/key pair in the "paste cert/key" textarea on the SSL Certificates page. Previously, when creating a CSR, if the new key was of a different bit-size, DA write the key into the "live" location and disable the live cert/key pair by having it revert to using the server certificate. However, with the automatic SSL certificates system, this setting tells DA to use the "best match", in which case, DA then tries to use the old cert and new key, which would not be valid. Solution: Should a CSR create a new key (due to size/type mismatch), the new key will no longer overwrite the current cert/key pair (it can continue to work on the website). The key will be displayed in the resulting page (as if the include_key=yes was passed) along with the request, and the new key will be saved to the Users home path, in a directory, eg: /home/fred/.ssl_keys/ This directory is not used by DA at all, so you can delete the contents at any time. It's only there in case the client forgot to save the key after creating the CSR, thus providing them with a place to grab the required key. This applies to all system, even those without Auto SSL being active, but if Auto SSL is active, it would cause the services to try and load an invalid pair, hence the need for change. ---- T33678

Interested to try DirectAdmin? Get a 30-day Free Trial!