Directadmin Docs

Version 1.666

Released: 2024-08-05

Server TLS Certificate page evolution new

A new page is added to Evolution skin. It is available on the admin access level, located in Server Management -> Server TLS Certificate. This page shows detailed information about the main server TLS certificate. The main TLS certificate is used by the DirectAdmin service when the interface is accessed via default server hostname, this certificate is also used by the web, email, and FTP services.

This page will show certificate validity problems, missing files, and certificate or private key mismatch errors. If the DirectAdmin service is not configured to use TLS, it will show an action to enable TLS.

Example:

Server TLS Certificate Page

In the next release, this page will be extended to allow manual upload of a new certificate and control automatic certificate issuance using the ACME protocol.

Support for MySQL with partial_revokes turned on new

MySQL starting version 8.0 introduced a new configuration option called partial_revokes. Turning this option on changes how database permissions work in a significant way. With this option turned on, user permissions can no longer be granted to database patterns (using % or _ symbols). It also changes how the database name escaping should work (symbols % and _ no longer need to be escaped). More details in the official MySQL documentation:

Previous DirectAdmin versions would refuse to connect and use MySQL server when the partial_revokes setting is turned on. This mode is turned off by default on the locally installed MySQL servers. However, it can cause problems on servers using an externally managed MySQL. Some managed DB providers turn this option ON by default.

This release adds support for partial_revokes mode. When partial_revokes is turned on, DirectAdmin will start using different DB name escaping rules. Access rules with patterns matching multiple databases will not be used anymore to stay compatible with any mode.

Support for Debian 13 and Ubuntu 24 new

DirectAdmin and CustomBuild now supports running on Debian 13 (Trixie) and Ubuntu 24 (Noble Numbat) systems.

SSL Certifiate/Key Paste: Automatically check for valid keys from ~/.ssl_keys new

New option for CMD_SSL and CMD_API_SSL for case:

action=save
type=paste

where, if a new variable is passed:

find_matching_key=yes

should the pasted key not match the pasted certificate, DirectAdmin will search in the User's path ~/.ssl_keys for any of those keys which might match the pasted certificate.

If there's a match, the current/live key will be backed up to ~/.ssl_keys/domain.com.BACKUP.12345.key, where domain.com is swapped with the domain in question, and 12345 is the timestamp of when the key was backed up.

Obviously, it's best to be pasting the correct key, but there's sometimes confusion during CSR creation, where a new key type is selected, which does not match the current/live key, thus the CSR must generate a new key which cannot be immediately pushed live, else the current/live certificate would not match it. The solution for that was to simply show the key to the client, as well as making a backup of this CSR's new key into ~/.ssl_keys. As long as DA was used to create the CSR, there's a high likelihood it will still be there.

A new checkbox should be available in the Paste Certificate area: Find matching key if mismatch

Change multiple CustomBuild options with a single command custombuild improved

The CustomBuild command da build set... now supports passing multiple options as key value pairs.

$ da build set php1_release 8.3 php1_mode php-fpm php_gmp yes webserver apache
php1_mode is already set to php-fpm
webserver is already set to apache
Changed php1_release option from 8.1 to 8.3
Changed php_gmp option from no to yes

The configuration is only updated if all option and value pairs are valid.

This can be useful when configuration needs to be changed atomically. Partially changed options are never written to the disk and never need to be rolled back if one of the options is malformed.

All options in single options.conf file custombuild improved

CustomBuild used to keep most of the configuration options in the .../custombuild/options.conf file, with one exception. The configuration of PHP extensions used to be stored in the .../custombuild/php_extensions.conf file.

Starting with this release, CustomBuild will keep all its configuration in the single options.conf file.

For backwards compatibility, both files are still being used. However, file options.conf will include a copy of PHP extensions configuration.

Configuration migration will be performed automatically when DirectAdmin is updated.

Precise LiteSpeed version tracking custombuild improved

The LiteSpeed web server does have multiple different builds for the same software version. Recently, LiteSpeed version 6.3 received a new build that fixes some server crashes.

Because CustomBuild tracked only the version numbers, this update was not visible. Removing the cache and building LiteSpeed again would silently install a new build.

Now CustomBuild will track not only the LiteSpeed version but also the build ID. The latest LiteSpeed version is now 6.3-2, which means a second build of version 6.3.

Default PHP version will be 8.3 custombuild improved

Fresh installations will use PHP 8.3 as a default PHP version. Previously PHP 8.1 was the default version.

Software version changes custombuild improved

  • modsecurity3_nginx updated from v1.0.3 to 1.0.3
  • litespeed updated from 6.3 to 6.3-3
  • roundcubemail updated from 1.6.7 to 1.6.8
  • xapian-core updated from 1.4.25 to 1.4.26
  • MySQL 8.0 updated from 8.0.37 to 8.0.39
  • MySQL 8.4 updated from 8.4.0 to 8.4.2
  • imagemagick updated from 7.1.1-34 to 7.1.1-36
  • ioncube_loaders updated from 13.3.0 to 13.3.1
  • PHP 8.3 updated from 8.3.9 to 8.3.10
  • PHP 8.2 updated from 8.2.21 to 8.2.22
  • modsecurity_owasp_rules updated from 4.4.0 to 4.5.0

Notes:

  • litespeed version now includes build ID after the - symbol.
  • modsecurity3_nginx version no longer uses v prefix.

One click phpMyAdmin access is enabled by default improved

The default value of one_click_pma_login option is changed to be enabled by default.

File system information will exclude bind mounts improved

The System Information page will no longer show mount points created with mount -o bind ... option. CloudLinux systems use bind mounts extensively. Prior to this change, the system information overview page on CloudLinux systems used to show excessive file system mount point entries.

Bind mount points will also be excluded from the system information API responses.

Change placement and appearance of email forwarder delete button evolution improved

The delete button within email forwarders page (E-mail Manager -> Forwarders) now appears similarly to how delete buttons do in other pages which use tables.

Handle system info blocks when features are disabled, data is missing or an error occurred evolution improved

Previously when some parts of the system info page (located in System Info & Files -> System Information) were disabled via options in directadmin.conf the block which represented that feature showed "N/A". It also showed "N/A" when an error occurred or data was missing. This made it difficult to differentiate why parts of the page wouldn't display data.

The page now appropriately shows when an error occurs, data is missing or doesn't show the block at all if it's disabled in directadmin.conf.

Better handling of missing zone file evolution improved

Within the MX records page (E-mail Manager -> MX Records) users are now informed when mx records cannot be shown or edited due to missing zone file.

It is also no longer possible to try adding or editing MX records when zone file is missing.

Request preview when creating or modifying email forwarders evolution improved

Email forwarders creation (available by going to E-mail manager -> Forwarders -> Create E-mail Forwarder) and modification pages (E-mail manager -> Forwarders -> click "modify" found next to any entry in table) now show what will be created once the form is submitted.

In the example below, with the given inputs, once the form is submitted two forwarders will be created ("example@exampledomain.com" and "example2@exampledomain.com"). Both of which have the same destination.

Forwarder Request Preview

Changing suspended user cron jobs using impersonation fixed

When the direct_cron feature is enabled, suspended user cron jobs used to not be visible in the UI for the administrator or reseller using an impersonation feature to login as a suspended user.

Trying to modify suspended user cron jobs ends up replacing the cron jobs used had prior to being suspended.

The issue is fixed by making suspended user cron jobs visible to the administrator doing the impersonation.

Deleted or currupted git repositories will be visible in UI fixed

When git reposotory files were manually removed (or main repository files corrupted), the repository will now be visible in the UI. There will be an indication that the repository has problems, and the user will be able to finish the repository removal via GUI.

Without properly cleaning up the repository in the GUI, users were unable to re-create the repository with the same name.

Allow master accounts control of MX records evolution fixed

If connected to a user which has dns control disabled, the master account (admin or reseller user which connected via master login) can now edit MX records within the MX records page (E-mail Manager -> MX Records).

Minor fixes to the admin and reseller level "Resource Limits" pages evolution fixed

The admin and reseller level resource limits pages (System Info & Files -> Resource Limits) have seen a few minor fixes and improvements:

  • Previously to load limit hits data user had to select a date (via the "Newer Than" input) and click "Load Hits". Now selecting the date alone is enough.
  • Limit Hits table no longer allows items to be selected. Previously they were selectable despite having no associated actions.
  • Admin and reseller levels resource limit pages can now be found via the global search. Which is available on all layouts except "Standard".
  • Navigating back from the limit hits page (available in System Info & Files -> Resource Limits -> Limit Hits) returns user to the previously effective tab. For example, if we navigated to the limit hits page from the "Limit Hits" tab and then clicked "Back", we would be returned to the "Limit Hits" tab. Where as before we were returned to "Live Usage" tab.

New table and minor fixes within "Admin SSL" pages evolution fixed

The table inside the admin ssl page (available by going to Server Manager -> Admin SSL) has been replaced with a new one. In the process the following fixes have been applied:

  • URL domain query parameter has been changed to sslDomain and directly manipulating URL by giving an incorrect domain name as a query parameter no longer breaks the page. For example, loading a similar URL directly in browser's search bar will no longer cause problems: https://hostname:2222/evo/admin/ssl?ssldomain=thisdomaindoesnotexist.com
  • When viewing a specific domain (one can get there by clicking the name of any subdomain within admin ssl page's table), its subdomains are no longer clickable.

Incorrectly shown network error in process monitor and Nginx url rewrites pages evolution fixed

These actions will no longer incorrectly show network error:

  • sending a signal in process monitor page (Admin Tools -> Process Monitor)
  • adding a template in nginx url rewrites page (Advanced Features -> Nginx URL Rewrites -> Add Template)

Missing translations if the server has no default locale configured fixed

If DirectAdmin service is started with a missing LANG environment variable (this can happen if server-wide default locale is not set up correctly), then translations in Enhanced would not switch to the user-selected language.

This problem would only happen on the already misconfigured servers (missing default locale). DirectAdmin is updated to have a fallback LANG variable and make sure translations would work even on systems without a default locale.

Toggling domain SSL settings could create a private_html directory fixed

Changing domain SSL option between on and off states it was possible to create a private_html directory instead of it being a symlink.

With this release, it will always create a symlink.

Letsencrypt: Correct failed renewal schedule to match settings fixed

The variable letsencrypt_renewal_failure_notice_after_attempt=5 was stopping renewal after 5 failed attempts, even when letsencrypt_disable_renew_after_renew_failure=0 was set.

This fix reorganizes the logic to only stop renewal attempts if letsencrypt_disable_renew_after_renew_failure=1 or until the certificate itself expires. Changes you may notice:

  1. Because more attempts will be made, assuming default settings are used, the client will be notified each day, starting 25 days before expiry about the failures (which would imply there have already been 5 failures).
  2. The renewal attempts will continue each day until certificate expiry. An expired certificate is never renewed without some User action (it already had 30 failed attempts)
  3. If you only wish to be notified once, and stop the renewal after 5 attempts, then use the letsencrypt_disable_renew_after_renew_failure=1 setting. This would grant you the same behaviour as before the fix.
  4. A new directadmin.conf variable: letsencrypt_renew_before_expiry_days=30 to replace letsencrypt_renewal_days=60. It will be dynamically swapped to a new value in the directadmin.conf if a non-default letsencrypt_renewal_days value was used. Eg, if you had letsencrypt_renewal_days=70, then DA will add letsencrypt_renew_before_expiry_days=20, based on the 90 day expiry of the LetsEncrypt certificates.

This change will allow a certificate more attempts right up until it expires to try and renew, in case there was some temporary issue preventing the renewal for days 30-25 before expiry (assuming letsencrypt_disable_renew_after_renew_failure=0).

Hotfix: August 14th: a hotfix was pushed to address an issue with the sliding renewal window which was preventing some certificates renewals from being triggered.

Removed the fm_hour_offset configuration option from directadmin.conf removed fixed

The option fm_hour_offset is no longer needed. File Manager in Enhanced skin will show date and time information in the configured server timezone.

Prior to this change, the date and time values shown in File Manager used a fixed timezone offset. A fixed timezone offset can not accurately show time values in the time zones that use daylight saving rules. It used to show accurate times only for one of the seasons.

Removed the allow_db_underscore configuration option from directadmin.conf removed

This option is no longer needed, underscore symbol _ is always allowed in database names.

CustomBuild will not show DirectAdmin updates removed

CustomBuild will stop checking and reporting if the update to DirectAdmin is available.

Performing a DirectAdmin update usually brings changes to the default CustomBuild versions file, which in turn causes more updates to be available. Updating DirectAdmin with CustomBuild also bypassed the built-in gradual rollout logic. To avoid all the circular dependency and multiple upgrade paths problems, it was decided to keep built-in DirectAdmin updated as the main way of receiving updates.

We recommend all production systems to have automatic DirectAdmin updates enabled. If auto-updates were disabled, it can be enabled back with commands:

da config-set autoupdate 1       # Receive main updates automatically
da config-set autopatch 1        # Receive hot-fixes automatically

Changing database user password together with DA account password removed

It is no longer possible to change the database user account password when changing the main DirectAdmin account password. Changing the database passwords without updating it in all of the places where the password is used (website configuration) is error-prone.

To discourage sharing the password between the database and main DirectAdmin account, the password of database users will never be changed when changing the main DirectAdmin account password.

Last Updated: