newSSL: warning about older SHA1 certificates: Signature Algorithm: sha1WithRSAEncryption
Some older certificates may have this info:
Signature Algorithm: sha1WithRSAEncryption
Newer versions of openssl 1.1 no longer support them, so if they're loaded into apache, it will fail to start.
fixedDomain Pointers not getting their own certs
The new Automatic SSL system allows pointers to have their own certificates. The bug is that they were not being found when apache was being written for:
fixedCreating new CSR with Auto SSL enabled
This affects anyone who has Auto SSL enabled (most boxes) and who create a new Certificate Signing Request (CSR) while there is an active cert/key pair in the "paste cert/key" textarea on the SSL Certificates page. Previously, when creating a CSR, if the new key was of a different bit-size, DA write the key into the "live" location and disable the live cert/key pair by having it revert to using the server certificate.
However, with the automatic SSL certificates system, this setting tells DA to use the "best match", in which case, DA then tries to use the old cert and new key, which would not be valid.
Solution: Should a CSR create a new key (due to size/type mismatch), the new key will no longer overwrite the current cert/key pair (it can continue to work on the website). The key will be displayed in the resulting page (as if
include_key=yes was passed) along with the request, and the new key will be saved to the Users home path, in a directory, eg:
This directory is not used by DA at all, so you can delete the contents at any time. It's only there in case the client forgot to save the key after creating the CSR, thus providing them with a place to grab the required key.
This applies to all system, even those without Auto SSL being active, but if Auto SSL is active, it would cause the services to try and load an invalid pair, hence the need for change.
fixedCSF: Deletion from BFM skip list to also remove from /etc/csf/csf.ignore
With full integration of CSF now supported, if an IP was added to the skip list for the BFM, when removed, the IP will now be removed from both the BFM skip list, and from the
fixedFireFox: Download .sql: wrong headers
When downloading an .sql file from the MySQL Manager, if .sql is selected, the header:
was being set, even though it was plaintext.
This affected Chrome as well, but it didn't seem to change the behavior. Firefox on the other hand, correctly got confused, as it should have.
for .sql files.
fixedDovecot SNI: not using snidomains lookup for Automatic SSL
Domains using the automatic SSL Certificate tool did not get a dovecot SNI entry during the task.queue
The task.queue call:
echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
will now ONLY rewrite the
It previously did a rewrite on the
/etc/virtual/snidomains file: no more.
echo "action=rewrite&value=snidomains" >> /usr/local/directadmin/data/task.queue
to rewrite the
fixedUTF-8 html encoding: FileManager, Vacation/Autoreply, Tickets
Enhanced Skin for most scenarios.
Instead of html-encoding the UTF-8 characters, as they're not dangerous to html, they will be left as raw UTF-8 characters for far simpler usage. Only for Skins that are using UTF-8 (Enhanced does not by default, but can be via lf_standard or user.conf
The change applies to: File Manger: Edit file textarea (both Enhanced and Evolution) Vacation/Auto-Reply messages: Enhanced Ticket System: Enhanced
Test Character: Rocket: