Install Let's Encrypt SSL certificate

DirectAdmin supports Let's Encrypt SSL certificates since v1.50.0. This article describes the procedure to install a Let's Encrypt certificate for your DirectAdmin hostname and your individual vhost domains.


DirectAdmin hostname:

First, make sure your DirectAdmin is at least at v1.50.0.

/usr/local/directadmin/directadmin v
Version: DirectAdmin v.1.50.0

Since Let's Encrypt is disabled by default we have to enable it before we can go ahead and install a certificate.

/usr/local/directadmin/directadmin c | grep letsencrypt=

Simply change the 0 to 1 to enable Let's Encrypt.

sed -i 's/^letsencrypt=0/letsencrypt=1/' /usr/local/directadmin/conf/directadmin.conf

on CentOS 7 please do the following instead:
echo letsencrypt=1 >> /usr/local/directadmin/conf/directadmin.conf

We need to enable SNI to install a Let's Encrypt certificate on multiple domains on a single IP.

echo "enable_ssl_sni=1" >> /usr/local/directadmin/conf/directadmin.conf

Next step is to restart DirectAdmin and to update the config files.

service directadmin restart
cd /usr/local/directadmin/custombuild
./build update
./build rewrite_confs

Using the free "Let's Encrypt" tool to secure 2222

cd /usr/local/directadmin/scripts
./ request 4096

NOTE: This script will also install the new cert/key/ca files in all respective global places for apache, dovecot, exim, ftp, and DirectAdmin. If you only wish to secure DA then please create a self signed certificate using the following instructions

/usr/bin/openssl req -x509 -sha256 -newkey rsa:4096 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

Now we must enable SSL and make sure DirectAdmin uses the CA root certificate.

cd /usr/local/directadmin/conf
sed -i 's/SSL=0/SSL=1/' directadmin.conf
echo "carootcert=/usr/local/directadmin/conf/carootcert.pem" >> directadmin.conf
echo "" >> directadmin.conf
echo "" >> directadmin.conf
service directadmin restart


Individual vhost domains:

login as user in DirectAdmin and navigate to SSL Certificates and fill out the necessary information in the form and click on the save button.



Restart DirectAdmin

service directadmin restart


Have more questions? Submit a request


Article is closed for comments.