As there is a change within the law we need to have make sure all Personal Data send through a website is securely send. Now as I’m running several DirectAdmin Servers we have the option to use Let’s Encrypt. A great addon / feature to DirectAdmin to generate and secure a website! Except for the thing that my DA server was failing in securing sites… I had to do the following to make sure I could enable this website (https://blog.bram.co.nl and my personal site https://www.bram.co.nl).
Steps taken:
- Enable Let’s Encrypt in the DirectAdmin config
echo “letsencrypt=1” >> /usr/local/directadmin/conf/directadmin.conf
- Restart DirectAdmin to reload the configuration and update some configs
echo “action=directadmin&value=restart” >> /usr/local/directadmin/data/task.queue; /usr/local/directadmin/dataskq d2000
- Now you should be able to see the SSL option Lets Encrypt if logged in as a User (User Level -> SSL Certificates -> Check for the Lets Encrypt options
When trying out i got some Agreement error…
{
“type”: “urn:acme:error:malformed”,
“detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]”,
“status”: 400}.
- To Fix this issue I had to update the SH script for Let’s Encrypt
wget -O /usr/local/directadmin/scripts/letsencrypt.sh http://files.directadmin.com/services/all/letsencrypt.sh
Now I could generate a certificate but still ran into a problem about the .well-known file… This was missing
- Modify the httpd-alias.conf file and add a well-known file
Modify: /etc/httpd/conf/extra/httpd-alias.conf and add:
Alias /.well-known “/var/www/html/.well-known” - Now restart Apache and DirectAdmin
Now you will be able to generate a Let’s Encrypt certificate for you website.