Article overview

Help article

I'd like to use an SSL certificate in DirectAdmin

Securing communication and data is increasingly important. After all you don't want the communication between visitors and your website(s) can be viewed by malicious parties. That's why it's very important to encrypt sensitive information such as customer data and payment information using 'https' traffic. In order to do this you'll need an SSL certificate on your VPS.

This guide explains the following parts:

  • We try to keep this guide as much up-to-date as possible and applicable for as many different installations as possible. We cannot guarantee however that this guide works for every installation (as it depends on your configuration). Should you encounter a problem, you are welcome to contact our support department.

Used installation:

 

  • DirectAdmin 1.51.4
  • CentOS 7.2.1511

 

Prerequisites for installing your own certificate:

  • An SSL certificate if you don't want to use Let's Encrypt.
  • It is vitally important that you've saved the (correct) passphrase for your SSL certificate.
  • A working installation of DirectAdmin. If you'd like to use Let's Encrypt, DirectAdmin should be at least version 1.50.1.
  • DirectAdmin has SNI enabled by default, which allows the installation of multiple SSL certificates on 1 IP.
  • This guide assumes you already added a domain / website on the user level.
  • If you're using a CAA-record in your DNS-settings, make sure that you've added 'Comodo' (or other CA-name) or 'Lets Encrypt' in the record.

Installing your own SSL certificate in DirectAdmin

 

Step 1

First enable SSL support for your domain in DirectAdmin. Log in to the 'User Level' as the user under whose name the domain is hosted.

DirectAdmin select domain


 

Step 2

Click the name of your domain. If you are currently hosting a single domain you will not see this step and will immediate arrive at Step 3.

DirectAdmin Domain list


 

Step 3

Make sure 'Secure SSL' is selected and click 'Save'.

DirectAdmin enable secure SSL

If you're only using one folder on your website (and not distinguish between http and https), select the option 'Use a symbolic link from private_html to public_html - allows for same data in http and https'.


 

Step 4

At the User Level navigate to 'Advanced Features' and click on 'SSL Certificates'.

SSL certificates in DirectAdmin


 

Step 5

The SSL certificate and the corresponding private key must be provided under 'Paste a pre-generated certificate and key'. Don't use the current server-certificate or CSR.

  • Open the private key first (certificate.key) using your favorite text editor and copy all contents (including the part  -----BEGIN PRIVATE KEY----- & -----END PRIVATE KEY-----) into the field under 'Paste a pre-generated certificate and key'.
     
  • Open the certificate itself (certificate.crt) using your favorite text editor and copy all contents again (including the part -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----) directly below the private key part.

directadmin paste ssl certificate key


 

Step 6

Click on 'Save'. In the field immediately under the certificate the information from the certificate will be shown.
Informatie over het SSL-certificaat
 


 

Step 7

Now you'll need to install the 'root- and intermediate certificate'. These certificates contain all information about the certificates above it and enable a 'Chain of Trust' with the SSL certificate provider. By default many desktop browsers will contain a copy of this  'root- and intermediate certificate', but not all mobile browsers, which is why you should add these certificates.

Click on 'Click Here to paste a CA Root Certificate'.



Step 8

Open the bundle containing the root- and intermediate certificates (cabundle.crt) using your favorite text editor and copy all contents. Next, paste the content into the field below 'Certificate Authority SSL Certificate' and select 'Use a CA Cert'.
Root- en intermediate certificaten


 

Step 9

Click on 'Save' to install these certificates. The SSL certificate is now succesfully installed! If you visit your website you'll now see a green lock indicating it's secure.

Een succesvolle test via https


Installing a Let's Encrypt SSL certificate in DirectAdmin

Let's Encrypt is a free, automated and open 'Certificate Authority' provided by the non-profit organisation Internet Security Research Group (ISRG). The goal of Let's Encrypt is to help secure the internet by giving everyone the option to use SSL. On the website of DirectAdmin there's a short guide of how to enable Let's Encrypt in DirectAdmin, but we'll delf into the steps in more detail below.

The following steps must be followed using commandline over SSH or our VPS console. (Please note! Let's Encrypt only works in DirectAdmin 1.50.1 or more recent versions):

Step 1

First enable SSL support for your domain in DirectAdmin. Log in to the 'User Level' as the user under whose name the domain is hosted.

DirectAdmin select domain


 

Step 2

Click the name of your domain. If you are currently hosting a single domain you will not see this step and will immediate arrive at Step 3.

DirectAdmin Domain list


 

Step 3

Make sure 'Secure SSL' is selected and click 'Save'.

DirectAdmin enable secure SSL


 

Step 4

Connect to your VPS using SSH or the VPS console and enter the following command as root user to ensure your VPS has the script required for generating Let's Encrypt certificates.

wget -O /usr/local/directadmin/scripts.letsencrypt.sh http://files1.directadmin.com/services/all/letsencrypt.sh

 

Step 5

In directadmin.conf you'll instruct DirectAdmin to use Let's Encrypt and force the usage of your hostname (your hostname will be secured with Let's Encrypt using these steps). Open directadmin.conf:

sudo nano /usr/local/directadmin/conf/directadmin.conf

Add the contents below / adjust the existing values in the file that opens:

SSL=1
carootcert=/usr/local/directadmin/conf/carootcert.pem
force_hostname=server.yourdomain.com
ssl_redirect_host=server.yourdomain.com
enable_ssl_sni=1
letsencrypt=1

Replace server.yourdomain.com again by your actual hostname. When done, close nano and save the changes (ctrl+X > Y > enter)



Step 6

Enter the commands below to process the changes to your configuration:

cd /usr/local/directadmin/custombuild
./build rewrite_confs

 

Step 7

Check / ensure that you're using the most recent version of Let's Encrypt:

./build update
./build letsencrypt

 

Step 8

Enter the command below (still as root user) to ensure Let's Encrypt uses your hostname correctly and not 'localhost'  (adjust server.yourdomain.com to your actual host name).

cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single server.yourdomain.com

 

Step 9

Finally, restart DirectAdmin to process all previous changes:

systemctl restart directadmin

 

Step 10

Log in to DirectAdmin at the 'User Level' and click 'SSL Certificates' under 'Advanced Features'.


 

Step 11

Select 'Free & automatic certificate from Let's Encrypt' next. Provide your e-mail address and click 'Save'.

When you now open the your website in your browser (using https:// of through a.htaccess redirect to https://) you'll see a green lock in your url indicating your website is now secured  with the Let's Encrypt certificate!Het geïnstalleerde Let's Encrypt SSL-certificaat


 

Would you like to use Let's Encrypt for more websites? Repeat step 1,2,3, 10 and 11. Don't forget to have your domain point to your VPS in its DNS settings.

Do you have a good idea?

Give us your idea! If it's popular we'll add it to the wishlist!

Has this article been helpful?

Create an account or log in to leave a rating.

Comments

Create an account or log in to be able to leave a comment.

Are you stuck?

Ask one of our specialists to assist you

Contact us