Author Topic: AutoSSL is a mess  (Read 141 times)

0 Members and 1 Guest are viewing this topic.

AutoSSL is a mess
« on: February 14, 2021, 12:00:36 PM »
* 1 Automatic SSL generation is ignored.
On Webserver Settings, Configure. I have "Automatic SSL generation, Active" _not_ checked.
However after installing a new domain, I received an email "Hello, the domains name below have an SSL certificate which was been created automatically". And indeed the new domain has got an Lets-Encrypt certificate (I don't want this an EV-certificate is in setup)

* 2 When the certficate of the host (/etc/pki/tls/certs/hostname.bundle) has been renewed, there is no restart of Dovecot so dovecot will stil use the old certificate.

* 3 If you use the host certificate for pureFTP (/etc/pki/tls/private/hostname.pem) you must build this file yourself: cat /etc/pki/tls/private/hostname.key /etc/pki/tls/certs/hostname.bundle > /etc/pki/tls/private/hostname.pem, and restart pure-ftpd.

* 4 If a zone has no A-record, CWP cannot renew the zone with www

* 5 CAA-records in DNS seemed to be ignored by CWP, resulting in acme-errors.

Re: AutoSSL is a mess
« Reply #1 on: February 14, 2021, 12:33:27 PM »
It's OK though - you get to install GoAccess/Shoutcast/Netdata and see SAR.  ::)
I've said it before, CWP need to fix the basics first.