Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: dallas on March 10, 2025, 06:14:04 AM

Title: SME 10.1 and GoDaddy SSL
Post by: dallas on March 10, 2025, 06:14:04 AM

I'm having a problem updating my expired GoDaddy SSL certificates using Server Manager.
I have also noticed that the server.crt and server.key sections are the same.

I have found Certificate Concepts page in the wiki and it references another page, Certificate Intergration GoDaddy Certificate. This page relates to 7.5.1 and says it should relate to SME 8 and 9.

I tried to copy and paste the new GoDaddy keys into Server Manager and I lost contact with my server and had to use signal-event certificate-revert to recover.

Am I missing something, or should I just use command line and put the files in the correct place?

Title: Re: SME 10.1 and GoDaddy SSL
Post by: Stefano on March 10, 2025, 03:48:15 PM

please, post the output of

Code: [Select]

config show modSSL


Title: Re: SME 10.1 and GoDaddy SSL
Post by: dallas on March 10, 2025, 11:18:27 PM

[root@www home]# config show modSSL
modSSL=service
    CommonName=haggar.id.au
    TCPPort=443
    access=public
    status=enabled

Title: Re: SME 10.1 and GoDaddy SSL
Post by: Stefano on March 11, 2025, 09:06:26 AM

ok.. do you have the key, cert and chain cert?

your config should look like this:

Code: [Select]

[root@sme9 ~]# config show modSSL
modSSL=service
    CertificateChainFile=/etc/dehydrated/certs/mind-at-work.it/chain.pem
    TCPPort=443
    access=public
    crt=/etc/dehydrated/certs/mind-at-work.it/cert.pem
    key=/etc/dehydrated/certs/mind-at-work.it/privkey.pem
    status=enabled


Title: Re: SME 10.1 and GoDaddy SSL
Post by: dallas on March 12, 2025, 03:04:11 AM

GoDaddy provides the following files.

********.crt
********.pem
and a gd_bundle-g2-g1.crt

I assume that the key file is the .crt, the .pem is obvious, where does the gd-bundle fit?

Title: Re: SME 10.1 and GoDaddy SSL
Post by: Stefano on March 12, 2025, 09:20:57 AM

check your files, the first line in key is

Code: [Select]

-----BEGIN PRIVATE KEY-----

the bundle file contains all the certificate chain, so from the CA one to the server one, with one or more intermediate cert

I have a godaddy cert here from a customer of mine, will check on a test machine..
anyway, it seems to me you don't have the key

Title: Re: SME 10.1 and GoDaddy SSL
Post by: dallas on March 15, 2025, 03:40:00 AM

Quote from: Stefano on March 12, 2025, 09:20:57 AM

check your files, the first line in key is

Code: [Select]

-----BEGIN PRIVATE KEY-----

the bundle file contains all the certificate chain, so from the CA one to the server one, with one or more intermediate cert

I have a godaddy cert here from a customer of mine, will check on a test machine..
anyway, it seems to me you don't have the key

I think you are correct about the key. This is a new server since the last SSL update and GoDaddy says to get a new key. I have requested a rekey and will see how that goes.

Title: Re: SME 10.1 and GoDaddy SSL
Post by: dallas on March 26, 2025, 06:19:10 AM

@Stefano Thank you for your help... You were correct. I had to rekey my certificate and get new certificates.

Cheers!