Install Let's Encrypt SSL certificate

DirectAdmin supports Let's Encrypt SSL certificates since v1.50.0. This article describes the procedure to install a Let's Encrypt certificate for your DirectAdmin hostname and your individual vhost domains.

 

DirectAdmin hostname:

First, make sure your DirectAdmin is at least at v1.50.0.

/usr/local/directadmin/directadmin v
Version: DirectAdmin v.1.50.0

Since Let's Encrypt is disabled by default we have to enable it before we can go ahead and install a certificate.

/usr/local/directadmin/directadmin c | grep letsencrypt=
letsencrypt=0

Simply change the 0 to 1 to enable Let's Encrypt.

sed -i 's/^letsencrypt=0/letsencrypt=1/' /usr/local/directadmin/conf/directadmin.conf

on CentOS 7 please do the following instead:
echo letsencrypt=1 >> /usr/local/directadmin/conf/directadmin.conf

We need to enable SNI to install a Let's Encrypt certificate on multiple domains on a single IP.

echo "enable_ssl_sni=1" >> /usr/local/directadmin/conf/directadmin.conf

Next step is to restart DirectAdmin and to update the config files.

service directadmin restart
cd /usr/local/directadmin/custombuild
./build update
./build rewrite_confs

Using the free "Let's Encrypt" tool to secure 2222

cd /usr/local/directadmin/scripts
./letsencrypt.sh request your.hostname.com 4096

NOTE: This script will also install the new cert/key/ca files in all respective global places for apache, dovecot, exim, ftp, and DirectAdmin. If you only wish to secure DA then please create a self signed certificate using the following instructions

/usr/bin/openssl req -x509 -sha256 -newkey rsa:4096 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

Now we must enable SSL and make sure DirectAdmin uses the CA root certificate.

cd /usr/local/directadmin/conf
sed -i 's/SSL=0/SSL=1/' directadmin.conf
echo "carootcert=/usr/local/directadmin/conf/carootcert.pem" >> directadmin.conf
echo "force_hostname=your.hostname.com" >> directadmin.conf
echo "ssl_redirect_host=your.hostname.com" >> directadmin.conf
service directadmin restart

 

Individual vhost domains:

login as user in DirectAdmin and navigate to SSL Certificates and fill out the necessary information in the form and click on the save button.

 

Screen_Shot_2016-05-19_at_02.37.15.png

Restart DirectAdmin

service directadmin restart

Done!

Have more questions? Submit a request

0 Comments

Article is closed for comments.