Version 1.62.3
Released: 2021-06-28
SSL: warning about older SHA1 certificates: Signature Algorithm: sha1WithRSAEncryption new
Some older certificates may have this info:
Signature Algorithm: sha1WithRSAEncryption
Newer versions of openssl 1.1 no longer support them, so if they're loaded into apache, it will fail to start.
Domain Pointers not getting their own certs fixed
The new Automatic SSL system allows pointers to have their own certificates. The bug is that they were not being found when apache was being written for: pointers_own_virtualhost=1
T33572
Creating new CSR with Auto SSL enabled fixed
This affects anyone who has Auto SSL enabled (most boxes) and who create a new Certificate Signing Request (CSR) while there is an active cert/key pair in the "paste cert/key" textarea on the SSL Certificates page. Previously, when creating a CSR, if the new key was of a different bit-size, DA write the key into the "live" location and disable the live cert/key pair by having it revert to using the server certificate.
However, with the automatic SSL certificates system, this setting tells DA to use the "best match", in which case, DA then tries to use the old cert and new key, which would not be valid.
Solution: Should a CSR create a new key (due to size/type mismatch), the new key will no longer overwrite the current cert/key pair (it can continue to work on the website). The key will be displayed in the resulting page (as if include_key=yes was passed) along with the request, and the new key will be saved to the Users home path, in a directory, eg: /home/fred/.ssl_keys/ssltest.com-secp384r1-bit.CSR.1624321109.key
This directory is not used by DA at all, so you can delete the contents at any time. It's only there in case the client forgot to save the key after creating the CSR, thus providing them with a place to grab the required key.
This applies to all system, even those without Auto SSL being active, but if Auto SSL is active, it would cause the services to try and load an invalid pair, hence the need for change.
T33678
CSF: Deletion from BFM skip list to also remove from /etc/csf/csf.ignore fixed
With full integration of CSF now supported, if an IP was added to the skip list for the BFM, when removed, the IP will now be removed from both the BFM skip list, and from the /etc/csf/csf.ignore file.
T33675 EVO2141
FireFox: Download .sql: wrong headers fixed
When downloading an .sql file from the MySQL Manager, if .sql is selected, the header:
Content-Type: application/x-gzip
was being set, even though it was plaintext.
This affected Chrome as well, but it didn't seem to change the behavior. Firefox on the other hand, correctly got confused, as it should have.
Fix:
Content-Type: application/sql
for .sql files.
T33767
Dovecot SNI: not using snidomains lookup for Automatic SSL fixed
Domains using the automatic SSL Certificate tool did not get a dovecot SNI entry during the task.queue
The task.queue call:
echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
will now ONLY rewrite the /etc/dovecot/conf/sni/* files.
It previously did a rewrite on the /etc/virtual/snidomains file: no more.
Please use:
echo "action=rewrite&value=snidomains" >> /usr/local/directadmin/data/task.queue
to rewrite the /etc/virtual/snidomains file.
T33777
UTF-8 html encoding: FileManager, Vacation/Autoreply, Tickets fixed
Enhanced Skin for most scenarios.
Instead of html-encoding the UTF-8 characters, as they're not dangerous to html, they will be left as raw UTF-8 characters for far simpler usage. Only for Skins that are using UTF-8 (Enhanced does not by default, but can be via lf_standard or user.conf [encoding]=UTF-8)
The change applies to: File Manger: Edit file textarea (both Enhanced and Evolution) Vacation/Auto-Reply messages: Enhanced Ticket System: Enhanced
Test Character: Rocket: 🚀
T33754