Securing communication and data is crucial for the safety of your services. You certainly don't want the communication between visitors and your website(s) to be intercepted by malicious actors. Therefore, it's extremely important to encrypt sensitive information such as customer details and payment information through 'https' traffic. To do this, you need to install an SSL certificate on your VPS.
- Perform the steps in this article as a user with root privileges.
- The steps in this article assume you're using our tutorial series to configure DirectAdmin on your VPS.
- You can choose between your own certificate (e.g., a Sectigo certificate via TransIP) or a free Let's Encrypt certificate. The main differences lie in the warranty offered. In terms of security, there is no significant difference between a paid or free certificate.
- DirectAdmin has SNI enabled by default, allowing you to install multiple SSL certificates on one IP address.
- If you use a CAA record in your DNS settings, make sure to include "comodo.com" (for Sectigo SSL certificates) or "letsencrypt.org" in such a record.
Securing your server with an SSL certificate
Your server uses a self-signed certificate by default, which does not match the hostname of your server. This is why you receive an error when trying to log into your DirectAdmin server via HTTPS.
In this section, we’ll show you how to use a (paid) own certificate or (free) Let's Encrypt/ZeroSSL SSL certificate to secure your server.
- The server certificate is used for the DirectAdmin web interface, Apache, Nginx, LiteSpeed, OpenLiteSpeed, Exim, Dovecot, PureFTPd, and ProFTPD.
- You can choose whether to use your own or a Let's Encrypt certificate (but not both at the same time). Either option is sufficient to secure your server. A benefit of Let's Encrypt is that the certificates are automatically renewed.
- If you use your own certificate, it must match the hostname of your server. You can adjust the hostname as an administrator under ‘Server Manager’ > ‘Administrator Settings’ > ‘Server Settings’.
Step 1
Log into DirectAdmin with an admin account and click on:
- Let's Encrypt: ‘Server Manager’ > ‘Server TLS Certificate’ > ‘Acme Settings'.
- Own certificate: ‘Server Manager’ > ‘Server TLS Certificate’ > ‘Change Certificate’.
Step 2
Click below on the option for Let's Encrypt or your own certificate, depending on which one you want to install.
Let's Encrypt/ZeroSSL
- Check the ‘Enable ACME’ box to automatically generate a certificate.
- Optionally, adjust the email address where the certificate generation confirmation will be sent.
- Set the ‘ACME Provider’ to Let's Encrypt (currently the default server provider) or ZeroSSL (also free).
- Your hostname will automatically be secured, so typically, you don’t need to provide anything under ‘Additional Domains’.
- Leave the ‘External DNS Configuration’ field empty.
- Finally, click ‘Submit’.
You will see a confirmation window like the one below. Check the box ‘Issue a new TLS certificate immediately’ and click ‘confirm’ to proceed, then click ‘Back’ at the top right to return to the previous page.
Your own SSL certificate
- First, open the private key file (certificate.key) of your own certificate with your favorite text editor and copy all the content (including -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----) into the ‘Key’ field.
- Next, open the certificate (certificate.crt) with your favorite text editor, copy all the content (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----), and paste it directly into the ‘Certificate’ field.
- Finally, click ‘Submit’ at the bottom right to save your changes.
Step 3
You are now back on the ‘Server TLS Certificate’ page. We recommend enabling the ‘DirectAdmin Panel over HTTPS’ option by clicking the ‘turn on’ button.
You’ve successfully installed an SSL certificate for your DirectAdmin installation!
Securing your domain with an SSL certificate
DirectAdmin provides a private_html folder for SSL. However, it’s set as a symbolic link by default. This allows you to keep placing files in the public_html folder without affecting the functionality of your SSL connection.
The steps below show you how to add your own, Let's Encrypt, or ZeroSSL certificate to your domain.
Step 1
Your domains are automatically added to DirectAdmin with SSL support. For security reasons, we recommend enabling the option to redirect HTTP traffic to HTTPS. If you’ve already done this or wish to skip it, proceed to Step 3.
Log in as the user under whose name the domain is hosted and click ‘Account Manager’ > ‘Domain Setup’ > the name of your domain.
Step 2
Check the box for ‘Force SSL with https redirect’ and click ‘modify’.
Step 3
Click the instruction below based on the type of certificate you want to install.
Let's Encrypt-/ZeroSSL Certificate
Log in as a user and click under 'Account Manager' (1) on 'SSL Certificates' (2), then select ‘Get automatic certificate from ACME provider’ (3).
You’ll now see a number of options. Select Let's Encrypt or ZeroSSL as the ACME provider (4) if needed, and adjust the other options as desired. By default, your domain name and the www subdomain will be secured. You can select additional subdomains under ‘Certificate Entries’ (5). Finally, click ‘save’ (6).
Your certificate is now linked and will be renewed automatically. If you get an error like ‘No domains pointing to this server to generate the certificate for’, check the DNS settings for your domain.
You've now completed setting up a Let's Encrypt/ZeroSSL certificate.
Your own SSL Certificate
Log in as a user and click under 'Account Manager' on 'SSL Certificates'. Then select ‘Paste a pre-generated certificate and key’. Optionally, click the domain name at the top right of the page to select another domain.
Step 4
This and the next step apply only to the installation of a personal certificate, such as from Sectigo. The installation of a Let's Encrypt/ZeroSSL certificate was completed in the previous step.
- First, open the private key file (certificate.key) of your certificate with your favorite text editor and copy all the content (including -----BEGIN PRIVATE KEY----- & -----END PRIVATE KEY-----) into the ‘Key’ field.
- Then, open the certificate (certificate.crt) with your favorite text editor, copy all the content (including -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----), and paste it directly into the ‘Certificate’ field.
-
Optional: We recommend enabling the ‘Force SSL with https redirect’ option for security reasons, then clicking the ‘Save’ button next to it. This prevents visitors from connecting via HTTP.
- Finally, click ‘Save’ at the bottom right to save your changes.
You will now see a confirmation like the one below. If you were previously using a Let's Encrypt certificate, you will receive a warning about it. In the next step, we will show you how to disable Let's Encrypt renewal. This step is optional: if you don’t see the message ‘the previous Let’s Encrypt config is still set to renew etc’, you’re done with this section.
Step 5 - Optional
To disable Let's Encrypt, click ‘SSL Certificates’ again under the ‘Account Manager’, and this time select ‘Acme Settings’.
Now, uncheck ‘Enable ACME’, scroll down, and click ‘Submit’ at the bottom right. Let's Encrypt is now disabled!
This concludes setting up solid SSL security for your DirectAdmin server. Should you have any further questions based on this article, don't hesitate to contact our support department. You can reach them via the 'Contact us' button at the bottom of this page.