Knowledge Base

How Can We Help?

LetsEncrypt Support in DirectAdmin Control Panel

You are here:
< All Topics

LetsEncrypt is a certificates authority that provides complimentary SSL/TLS certificates for an internet server. It offers a free TLS encryption utilizing an automated process. Typically enabling SSL is a complicated process which requires manual creation, validation, signing, installation, and renewal of certificates in order to achieve a secure private connected website. The automated process eliminates the need for the aforementioned steps. Additionally, LetsEncrypt is supported by all major web browsers. This tutorial describes LetsEncrypt support on a DirectAdmin web server. LetsEncrypt support is a built-in feature or is available natively since DirectAdmin version 1.50. Help can either be easily integrated or can be enabled by manually logging in to the server through SSH for older versions.

 

Enabling as a built-in feature

1) First, update DirectAdmin control panel and the server to the latest versions.

2) Execute a specific command for changing the DirectAdmin configuration file to enable LetsEncrypt. This can be manually executed by modifying the configuration file /usr/local/directadmin/conf/directadmin.conf. By changing the value zero to 1 it enables LetsEncrypt software.

The command for doing that is as below.

$ grep -q ‘letsencrypt=1’ /usr/local/directadmin/conf/directadmin.conf || echo ‘letsencrypt=1’ >> /usr/local/directadmin/conf/directadmin.conf

For allowing multiple SSL enabled websites on single IP address SNI support of TLS protocol must be enabled on the server. The command below is used to enable SNI

$ grep -q ‘enable_ssl_sni=1’ /usr/local/directadmin/conf/directadmin.conf ||echo ‘enable_ssl_sni=1’ >>/usr/local/directadmin/conf/directadmin.conf

 

3) After changing the configuration file, we have to restart DirectAdmin.

4) Help is enabled and the next step is to provision the certificates. Login with the user for whom we need to request the certificates for and navigate to Advanced Options >> SSL certificates.

5) Select the third option, “Free & automatic certificates” from Let’s Encrypt and fill in the fields. It will enable the SSL certificates and will display the message “Certificate and Key Saved” with certificates details.

 

Enabling manually

It is necessary to SSH to the server and install the Git Clone LetsEncrypt code to the server. This can be done by using the commands below.

$ git clone https://github.com/letsencrypt/letsencrypt

$ cd letsencrypt

You need to provide your Webroot path. The user places the authentication challenge files there to do the actual certificate domain ownership validation. You can find that in your webserver configuration. For DirectAdmin it’s like this: /home/USERNAME/domains/DOMAIN.EXT/public_html.

Now execute the LetsEncrypt command to obtain the certificates.

$ ./letsencrypt-auto –server https://acme-01.api.letsencrypt.org/directory certonly –agree-tos –email ‘user@domain.tld’ –webroot –webroot-path ‘/home/USERNAME/domains/DOMAIN.COM/public_html/’ -d domain.com -d www.domain.com

If you need a certificate with multiple subdomains or with www.domain.tld and domain.tld, specify the -d domain option multiple times. Make sure the Webroot is the same. If you only need one domain, change the example and remove the last -d option. The user will then do some work with the LetsEncrypt service to validate domain ownership. If all goes well it will print out the below message:

Version: 1.1-20080819

Version: 1.1-20080819

IMPORTANT NOTES:

– Congratulations! Your certificate and chain have been saved at

/etc/letsencrypt/live/DOMAIN.COM/fullchain.pem. Your cert

will expire on 2017-03-31. To obtain a new version of the

certificate in the future, simply run Let’s Encrypt again.

– If you like Let’s Encrypt, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt:   https://letsencrypt.org/donate

Donating to EFF:                    https://eff.org/donate-le

 

Now LetsEncrypt certificates is added and you can proceed with the installation. The certificates are located on your system and you can check them with the following command:

$ ls -la /etc/letsencrypt/live/DOMAIN.COM/

 

Get the contents of the certificate, private key, and chain with the following commands. Remember to replace certificatemonitor.org with your domain:

$ cat /etc/letsencrypt/live/certificatemonitor.org/cert.pem

$ cat /etc/letsencrypt/live/certificatemonitor.org/privkey.pem

$ cat /etc/letsencrypt/live/certificatemonitor.org/chain.pem

 

After you’ve installed the certificate in the control panel (DirectAdmin), we need to symlink these files to the LetsEncrypt files so that auto renewal will work. We do need to first install them through the control panel so that the configuration gets updated in the correct way. Most control panels overwrite manual changes. Login to your DirectAdmin control panel and navigate to your website. Under “Advanced Options” click “SSL Certificates”. Select the radio button for the “Paste a pre-generated certificate and key” option. In the text field below, first paste the contents of the cert.pem file. Below that, paste the contents of the privkey.pem file.

Letsencrypt

 

 

Click on the Save button. Now return to the main domain screen, and navigate to “Advanced Options” –> “SSL Certificates” again. Scroll down and open the link Click Here to paste a CA Root Certificate. Mark the checkbox “Use a CA Cert”. Paste the contents of the chain.pem file there. Click the Save button. If you haven’t already enabled SSL for your domain, do that now. Navigate to the main domain screen. Click “Domain Setup”. Open your domain. Mark the Secure SSL checkbox and click the save button. Now, under private_html setup for DOMAIN.COM – (SSL must be enabled above) mark the radio button. Use a symbolic link from private_html to public_html – allows for same data in http and https and click the save button again. Now navigate to https://yourdomain and verify the certificate.

 

Leave a Comment

24x7 Hotline

We love to help. Seriously.

Login Secure Client Area

Knowledge Base

Blog Articles

WhatsApp Live Chat

Telephonic @ 91 88 00 563434

WebHostingPeople 24x7 Hotline Support

THE IDEAL SOLUTION FOR YOU

Try TODAY Cloud Web Hosting

and Get The First Month
50% OFF
GET STARTED NOW

Our Business & Technology Partners

cPanel-WHM
Cloudflare
Alma Linux
MySql
Parallels` Plesk Panel
Microsoft Windows
Microsoft Sql Server

Hosting

Linux Shared Hosting

Unlimited cPanel Hosting

Business Shared Hosting

Direct Admin Reseller Hosting

cPanel Reseller Hosting

WordPress Cloud Hosting

Google Workspace

Server

Rapid Deploy Dedicated Server

Storage Dedicated Server

cPanel Dedicated Server

Managed Dedicated Server

Bare Metal Server

DomAINS

Domain Registration

Transfer Domain to us

WHOIS Lookup

VPS HOSTING

Virtual Private Server

Linux VPS Hosting

Managed VPS Hosting

helpdesk

Login Client Area

Forgot Password

Company Blog

Knowledge Base

Knowledge Base Index

WebHostingPeople News

Site Map

Contact Us

WebHostingPeople

At WebHostingPeople, we are passionate about providing world-class web hosting solutions for businesses and individuals. We were founded in 2001 with the goal of delivering industry-leading web hosting services that offer unparalleled speed and security, along with 24/7 support from our knowledgeable team. Our team is constantly innovating and working hard to ensure that our clients are getting the best service possible. With us, you can be sure that your website will be up and running at all times so you can stay connected with your customers. Trust us to provide you with a reliable, secure web hosting solution for your business.
Our GSTIN:09AGTPM1596Q1Z6

Contact Us

Get In Touch

+91 88 00 563434

sales@webhostingpeople.net

Trustpilot

We Accept:

ccAvenue
PayTM for Business
PayPal Checkout
Master, VISA Credit Cars
Paytm UPI

Copyright © 2024 WebHostingPeople All Rights Reserved.

Terms of Service | Privacy Policy | Site Map