Directadmin - Manual Certificate Installation
Immediately after being issued, your SSL certificate will be sent to you by email. It is also possible to download the certificate from the Control Panel. The file containing the certificate will have the same name as the domain name it is meant for (for example: www_sslcertificaten_nl.crt).
Sometimes it happens that a regular installation doesn't work out as expected. In that case we can decide to install the certificate by manually modifying the configuration. This requires root access to the server. In some cases this should be done by your hosting provider, when you are on a shared hosting system.
To make use of an SSL certificate, you need a dedicated own IP address, or the SNI feature enabled in the main directadmin.conf. For using a dedicated own IP address we need to bind that IP address with the user we're installing the certificate for..
- Log in to the DirectAdmin Control Panel.
- Go to Advanced Tools → Install SSL Certificates, or Advanced Features → SSL Certificates (depending on the version in use).
- Make a local copy of all contents from the field Paste a pre-generated certificate and key, and store this on your local machine in a safe spot.
- Login via SSH to your webserver, and change to root.
- Open the httpd.conf file of the useraccount in your favorite texteditor (e.g. onLinux "vi" or for Windows "Notepad"). You can find this file in the following directory:
- Lookup the VirtualHost for this domain, containing port 443. There you should find 3 lines; SSLCertificateFile, SSLCertificateKeyFile en SSLCACertificateFile.
- Verify that those 3 lines contain the correct filenames and paths. You can check their contents by looking into the previously stored file containing your key and certificte. The private key should correspond with the .key file, the certificate with the .cert one, and the intermediates should be in .cacert
- In case all contents match, the certificate has been installed correctly, but the default DirectAdmin certificate makes that it won't show. Therefore we should edit the file "/etc/httpd/conf/extra/httpd-ssl.conf". Search for the lines starting with SSLCertificateFile or SSLCertificateKeyFile. Mark those lines to be ignored by prepending them with a has sign; #. Repeat this action for the file "/etc/httpd/conf/extra/httpd-vhosts.conf".
- Herefter we should restart DirectAdmin, and test the modification via our SSLCheck.
All necessary steps to install your web server certificate have now been completed. Please make sure to adequately secure your certificate files, and to store a backup of your private key and web server certificate in a safe location. You should also install the root and intermediate certificates. Check whether the certificate is correctly installed with the SSLCheck and ensure an optimal configuration with these tips and settings.
Please do not hesitate to contact us if you encounter problems or error messages.