1. Tilaa support desk
  2. Tilaa knowledge base
  3. DirectAdmin

Install Let's Encrypt SSL certificate

Avatar
Sven Appel

DirectAdmin supports Let's Encrypt SSL certificates since v1.50.0. This article describes the procedure to install a Let's Encrypt certificate for your DirectAdmin hostname and your individual vhost domains.

 

DirectAdmin hostname:

First, make sure your DirectAdmin is at least at v1.50.0.

/usr/local/directadmin/directadmin v
Version: DirectAdmin v.1.50.0

Since Let's Encrypt is disabled by default we have to enable it before we can go ahead and install a certificate.

/usr/local/directadmin/directadmin c | grep letsencrypt=
letsencrypt=0

Simply change the 0 to 1 to enable Let's Encrypt.

sed -i 's/^letsencrypt=0/letsencrypt=1/' /usr/local/directadmin/conf/directadmin.conf

on CentOS 7 please do the following instead:
echo letsencrypt=1 >> /usr/local/directadmin/conf/directadmin.conf

We need to enable SNI to install a Let's Encrypt certificate on multiple domains on a single IP.

echo "enable_ssl_sni=1" >> /usr/local/directadmin/conf/directadmin.conf

Next step is to restart DirectAdmin and to update the config files.

service directadmin restart
cd /usr/local/directadmin/custombuild
./build update
./build rewrite_confs

Using the free "Let's Encrypt" tool to secure 2222

cd /usr/local/directadmin/scripts
./letsencrypt.sh request your.hostname.com 4096

NOTE: This script will also install the new cert/key/ca files in all respective global places for apache, dovecot, exim, ftp, and DirectAdmin. If you only wish to secure DA then please create a self signed certificate using the following instructions

/usr/bin/openssl req -x509 -sha256 -newkey rsa:4096 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

Now we must enable SSL and make sure DirectAdmin uses the CA root certificate.

cd /usr/local/directadmin/conf
sed -i 's/SSL=0/SSL=1/' directadmin.conf
echo "carootcert=/usr/local/directadmin/conf/carootcert.pem" >> directadmin.conf
echo "force_hostname=your.hostname.com" >> directadmin.conf
echo "ssl_redirect_host=your.hostname.com" >> directadmin.conf
service directadmin restart

 

Individual vhost domains:

login as user in DirectAdmin and navigate to SSL Certificates and fill out the necessary information in the form and click on the save button.

 

Screen_Shot_2016-05-19_at_02.37.15.png

Restart DirectAdmin

service directadmin restart

Done!

Hebt u meer vragen? Een aanvraag indienen

0 Opmerkingen

Artikel is gesloten voor opmerkingen.

Verwante artikelen