Version 1.62.3

Released: 2021-06-28

SSL: warning about older SHA1 certificates: Signature Algorithm: sha1WithRSAEncryption new

Some older certificates may have this info:

Signature Algorithm: sha1WithRSAEncryption
1

Newer versions of openssl 1.1 no longer support them, so if they're loaded into apache, it will fail to start.

Read more

Domain Pointers not getting their own certs fixed

The new Automatic SSL system allows pointers to have their own certificates. The bug is that they were not being found when apache was being written for: pointers_own_virtualhost=1


T33572

Creating new CSR with Auto SSL enabled fixed

This affects anyone who has Auto SSL enabled (most boxes) and who create a new Certificate Signing Request (CSR) while there is an active cert/key pair in the "paste cert/key" textarea on the SSL Certificates page. Previously, when creating a CSR, if the new key was of a different bit-size, DA write the key into the "live" location and disable the live cert/key pair by having it revert to using the server certificate.

However, with the automatic SSL certificates system, this setting tells DA to use the "best match", in which case, DA then tries to use the old cert and new key, which would not be valid.

Solution: Should a CSR create a new key (due to size/type mismatch), the new key will no longer overwrite the current cert/key pair (it can continue to work on the website). The key will be displayed in the resulting page (as if include_key=yes was passed) along with the request, and the new key will be saved to the Users home path, in a directory, eg: /home/fred/.ssl_keys/ssltest.com-secp384r1-bit.CSR.1624321109.key

This directory is not used by DA at all, so you can delete the contents at any time. It's only there in case the client forgot to save the key after creating the CSR, thus providing them with a place to grab the required key.

This applies to all system, even those without Auto SSL being active, but if Auto SSL is active, it would cause the services to try and load an invalid pair, hence the need for change.


T33678

CSF: Deletion from BFM skip list to also remove from /etc/csf/csf.ignore fixed

With full integration of CSF now supported, if an IP was added to the skip list for the BFM, when removed, the IP will now be removed from both the BFM skip list, and from the /etc/csf/csf.ignore file.


T33675 EVO2141

FireFox: Download .sql: wrong headers fixed

When downloading an .sql file from the MySQL Manager, if .sql is selected, the header:

Content-Type: application/x-gzip
1

was being set, even though it was plaintext.

This affected Chrome as well, but it didn't seem to change the behavior. Firefox on the other hand, correctly got confused, as it should have.

Fix:

Content-Type: application/sql
1

for .sql files.


T33767

Dovecot SNI: not using snidomains lookup for Automatic SSL fixed

Domains using the automatic SSL Certificate tool did not get a dovecot SNI entry during the task.queue

The task.queue call:

echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
1

will now ONLY rewrite the /etc/dovecot/conf/sni/* files.

It previously did a rewrite on the /etc/virtual/snidomains file: no more.

Please use:

echo "action=rewrite&value=snidomains" >> /usr/local/directadmin/data/task.queue
1

to rewrite the /etc/virtual/snidomains file.


T33777

UTF-8 html encoding: FileManager, Vacation/Autoreply, Tickets fixed

Enhanced Skin for most scenarios.

Instead of html-encoding the UTF-8 characters, as they're not dangerous to html, they will be left as raw UTF-8 characters for far simpler usage. Only for Skins that are using UTF-8 (Enhanced does not by default, but can be via lf_standard or user.conf [encoding]=UTF-8)

The change applies to: File Manger: Edit file textarea (both Enhanced and Evolution) Vacation/Auto-Reply messages: Enhanced Ticket System: Enhanced

Test Character: Rocket: 🚀


T33754

Last Updated: 12/27/2021, 10:28:50 AM