Directadmin/Letsencrypt – Domain does not exist on the system. Unable to find your.hostname.com in /etc/virtual/domainowners

A few days ago I was doing complete migration of old Directadmin server to new Directadmin server which had different hostname. Everything went well but I was unable to register Letsencrypt SSL certificate for new server hostname.

I was getting error like this:

[root@myserver scripts]# ./letsencrypt.sh request my.server.com 4096
Domain does not exist on the system. Unable to find my.server.com in /etc/virtual/domainowners. Exiting...
no valid domain found - exiting

First thing I did is I add new hostname as domain to user admin. Certificate was indeed registered than, but not as server hostname (/usr/local/directadmin/conf/cacert.pem). I deleted domain than.

After a little search I found out that I forgot to change servername variable in directadmin.conf. So I changed it, restart directadmin but I was getting the same error. At the end I found out that the easiest way to fix this is to change hostname in Directadmin administration.

  1. Go to Directadmin as admin user and navigate to Administrator Settings, then set some temporary hostname in Server’s Hostname. Let’s say my.server2.com.
  2. Wait until cron will make changes – you should see new hostname in Administrator Settings when refreshing page.
  3. Go in Administrator Settings again and change Server’s Hostname to your old hostname – my.server.com.
  4. Run letsencrypt.sh again.

This time, certificate was registered successfully.

[root@myserver scripts]# ./letsencrypt.sh request my.server.com 4096
Setting up certificate for a hostname: my.server.com
Generating 4096 bit RSA key for let's encrypt account...
openssl genrsa 4096 > "/usr/local/directadmin/conf/letsencrypt.key"
Generating RSA private key, 4096 bit long modulus
...

Directadmin – find all email forwarders on server for specific email account

Here is simple one liner for finding all mail aliases on Directadmin server that are forwarding to your email account – in this example your@email.com. All aliases are saved in files /etc/virtual/<domain_name>/aliases.

[root@directadmin ~]# grep -ri "your@email.com" /etc/virtual/*/aliases | awk -F '/|:' {'print $4 ": " $6 " ->" $7'}
email.com: alias1 -> your@email.com
somedomain.net: sales -> your@email.com,mail2@somedomain.net
anotherdomain.com: chacha -> myaddress@anotherdomain.com,this@email.com,your@email.com
.
.
.

Bulk TTL change in Directadmin

You may want to change TTL values for all domains and their DNS records on your Directadmin server. This can be done very easily. Here is how.

  • Go to templates directory.
    cd /usr/local/directadmin/data/templates
  • Directadmin’s default TTL value is 14400, so let’s say we want to change it to 300. You will have to edit template file named.db.
    sed -ie 's/14400/300/g' named.db
  • Rewrite all configuration files for each user
    echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue

Wait a minute or two, then check if user configs were rewrited with new values. Go to /etc/namedb and than open .db file of some domain. It should contain new TTL value.

Directadmin – install Letsencrypt SSL certificate on server hostname

Letsencrypt is a revolutionary step forward on web security. Free, valid SSL certificates for everyone. I won’t write about how to install and config letsencrypt on Directadmin machine. I will show only how to generate and install letsencrypt certificate on your Directadmin hostname.

When you installed Letsencrypt on Directadmin and tried to install certificate for your server hostname, there is a possibility that you came to this problem: HTTP/1.1 400 Bad Request

Just do this:

cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt

And than install certificate on your server hostname:

/usr/local/directadmin/scripts/letsencrypt.sh request my.serverhostname.com 4096

Open your Directadmin configuration file and change

SSL=0 to SSL=1

Also add this:

carootcert=/usr/local/directadmin/conf/carootcert.pem

Restart your Directadmin and you should be set.

Directadmin – block zip attachments with ClamAV and Exim

A lot of viruses and malware is sent in emails with zip attachments. Sometimes your antivirus like ClamAV wont catch nasty email. This is a big problem when you receiving tons of this kind of messages. So if you’re receiving tons of nasty emails containing zip attachments with viruses in it, good way to solve this is by simply reject emails with zip attachments. This was done on Directadmin server with Custombuild 2.0. Even if you’re not using Directadmin, configuration for ClamAV should be very identical.

  • If you built Exim and Clamav with Custombuild 2.0, than you should see this line in your /etc/exim.conf. Uncomment if it’s not already. If you’re using Custombuild 1.2, then this should be changed in /etc/exim.conf directly – settings in step 2 bellow.
    .include_if_exists /etc/exim.clamav.conf
  • Open file /etc/exim.clamav.conf and find word demime within that file. Then simply add zip to it. It should look like this:
    #1.0
    deny message = This message contains malformed MIME ($demime_reason)
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}
    deny message = This message contains a virus or other harmful content ($malware_name)
    demime = *
    malware = *
    deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
    demime = bat:com:pif:prf:scr:vbs:zip
    warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

Now any email with zip attachment will be rejected. Sender will receive error message like this:

The error that the other server returned was: 
550 This message contains an attachment of a type which we do not accept (.zip)

Directadmin – enable and configure Spamassassin automatically on creating user

By default, when you add new user in Directadmin, Spamassassin is disabled. Some users are not aware about Spamassassin, so they’ll have it disabled and will receiving a lot of spam. It is good practice to enable Spamassassin by default and also set some settings. You can do that by adding below code in your /usr/local/directadmin/scripts/custom/user_create_post.sh script. The first step is well described on Directadmin documentation. But you may also want to define some parameters for Spamassassin when user is created. It’s really simple. You can do that by manipulating filter.conf file. Steps below are preformed on Directadmin running on FreeBSD. It should be the same for Linux also.

Continue Reading

Install PHP extension on Directadmin – fast and easy way (without custombuild)

Directadmin is pretty good, lightweight, control panel for providing web hosting service or to host your own websites/projects, managing mail … Through the years, I recompiled PHP with custombuild countless times. Problem is, that every time that you want to install some new PHP extension – exif, in this example – you’ll have to rebuild whole PHP with Directadmin’s custombuild also. That can be very annoying and time-consuming. Expesialy when things go wrong. So, there is simple way on how to quickly install PHP extensions without using custombuild. I used this way many times. In this case, installation was done on CentOS 7.2 server with Directadmin and PHP version 5.6.23.

I hope this was helpful to you in any way.

Continue Reading

Directadmin – install cloudflare module (mod_cloudflare) on apache 2.4

Be careful that you’ll download proper package from cloudflare repository. In my case, I’m using Apache 2.4 on Directadmin installation. At first, I downloaded wrong version of mod_cloudflare.c and was constantly getting errors while trying to build module.

Download mod_cloudflare

wget https://www.cloudflare.com/static/misc/mod_cloudflare/mod_cloudflare.c

Install mod_cloudflare using apxs

apxs -a -i -c mod_cloudflare.c

Check if module was installed into Apache

[root@server ~]# httpd -M | grep cloud
cloudflare_module (shared)

Directadmin and wrong JPEG library version – FreeBSD

I came across this error a few times on DirectAdmin installations. I first noticed this error when I installed Nextgen Gallery plugin on some WordPress installation. When I tried to upload some pictures, php should resize them and create thumbnails, but instead of thumbnails I’ll get error about JPEG library (checked in error log). Below is procedure on how to fix that error. At least it worked for me. This Directaadmin was installed on FreeBSD 9.1.

  • Login as root
  • Update ports
[root@lala ~]# portsnap fetch update
  • Delete currently installed JPEG library
[root@lala ~]# pkg_info | grep jpeg
[root@lala ~]# pkg_delete jpeg
  • Install jpeg library with custombuild
  • Edit your configuration script for php in custombuild. Add or edit values as bellow. Notice that path is not /usr/local/lib anymore.
–with-gd \
–with-jpeg-dir=/usr/local \
  • Rebuild PHP with custombuild
[root@lala ~]# cd /usr/local/directadmin/custombuild
[root@lala /usr/local/directadmin/custombuild]# ./build php n
  • When build is complete, restart Apache and try it again. It should work.
[root@lala ~]# /usr/local/etc/rc.d/httpd restart

 

Directadmin – auto block IP with firewall on FreeBSD

I wanted to block IP adressess which Directadmin recognized as source of brute force attacks. There is documentation about this for Linux and FreeBSD. I’m using PF as firewall on my system and not IPFW. There is only documentation how to create this with IPFW. So here is a little tweak and IP’s are blocked with PF automatically. Here is how:

In /etc/pf.conf create new table spammers that will persist on file /etc/spammers.

table  persist file “/etc/spammers”

Create block rule so that IP addresses from spammers table will be blocked. Ifext is my network card so change this to your needs.

block drop in quick on $ifext from  to any

In /usr/local/directadmin/scripts/custom/ create new script block_ip.sh and add code below.

#!/bin/sh
echo “Blocking $ip with pf …
”;
pfctl -t spammers -T add $ip
echo $ip >> /etc/spammers
exit $?

As you can see we are using command pfctl -t spammers -T add $ip which is PF syntax. When IP will be recorded it will be immediately added to table spammers and file /etc/spammers that we’ll create in next step. When pf restarts, rule is deleted from ram. But in this case IP is also stored in file /etc/spammers so it will be loaded in spammers table.

Create file /etc/spammers and save it. Thats were blocked IP’s will save.
This script must be manualy started from Directadmin administration. We can make it to run automatically. In /usr/local/directadmin/scripts/custom/ create another script named brute_force_notice_ip.sh. As specified in directadmin documentation you do that like so:

cd /usr/local/directadmin/scripts/custom
wget http://files.directadmin.com/services/all/brute_force_notice_ip.sh
chmod 700 brute_force_notice_ip.sh

IP’s that are listed as source of brute force attacks will now be automaticly blocked with PF.

© 2017 geegkytuts.net
Hosted by Hosterdam


About author