DirectAdmin supports Let's Encrypt SSL certificates since v1.50.0. This article describes the procedure to install a Let's Encrypt certificate for your DirectAdmin hostname and your individual vhost domains.
DirectAdmin hostname:
First, make sure your DirectAdmin is at least at v1.50.0.
/usr/local/directadmin/directadmin v Version: DirectAdmin v.1.50.0
Since Let's Encrypt is disabled by default we have to enable it before we can go ahead and install a certificate.
/usr/local/directadmin/directadmin c | grep letsencrypt= letsencrypt=0
Simply change the 0 to 1 to enable Let's Encrypt.
sed -i 's/^letsencrypt=0/letsencrypt=1/' /usr/local/directadmin/conf/directadmin.conf
on CentOS 7 please do the following instead:
echo letsencrypt=1 >> /usr/local/directadmin/conf/directadmin.conf
We need to enable SNI to install a Let's Encrypt certificate on multiple domains on a single IP.
echo "enable_ssl_sni=1" >> /usr/local/directadmin/conf/directadmin.conf
The next step is to restart DirectAdmin and to update the config files.
service directadmin restart
cd /usr/local/directadmin/custombuild
./build update
./build rewrite_confs
Using the free "Let's Encrypt" tool to secure 2222
cd /usr/local/directadmin/scripts ./letsencrypt.sh request your.hostname.com 4096
/usr/bin/openssl req -x509 -sha256 -newkey rsa:4096 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem chmod 400 /usr/local/directadmin/conf/cakey.pem
Now we must enable SSL and make sure DirectAdmin uses the CA root certificate.
cd /usr/local/directadmin/conf
sed -i 's/SSL=0/SSL=1/' directadmin.conf
echo "carootcert=/usr/local/directadmin/conf/carootcert.pem" >> directadmin.conf
echo "force_hostname=your.hostname.com" >> directadmin.conf
echo "ssl_redirect_host=your.hostname.com" >> directadmin.conf
service directadmin restart
NOTE: This script will also install the new cert/key/ca files in all respective global places for apache, dovecot, exim, ftp, and DirectAdmin.
Individual vhost domains:
Login as user in DirectAdmin and navigate to SSL Certificates and fill out the necessary information in the form and click on the Save button.
Restart DirectAdmin
service directadmin restart
Done!
0 Opmerkingen