Page 1
Standard

Enable Let’s Encrypt on DirectAdmin 1.50.1

As there is a change within the law we need to have make sure all Personal Data¬† send through a website is securely send. Now as I’m running several DirectAdmin Servers we have the option to use Let’s Encrypt. A great addon / feature to DirectAdmin to generate and secure a website! Except for the thing that my DA server was failing in securing sites… I had to do the following to make sure I could enable this website (https://blog.bram.co.nl and my personal site https://www.bram.co.nl).

Steps taken:

  1. Enable Let’s Encrypt in the DirectAdmin config

    echo “letsencrypt=1” >> /usr/local/directadmin/conf/directadmin.conf

  2. Restart DirectAdmin to reload the configuration and update some configs

    echo “action=directadmin&value=restart” >> /usr/local/directadmin/data/task.queue; /usr/local/directadmin/dataskq d2000

  3. Now you should be able to see the SSL option Lets Encrypt if logged in as a User (User Level -> SSL Certificates -> Check for the Lets Encrypt options

When trying out i got some Agreement error…

{
“type”: “urn:acme:error:malformed”,
“detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]”,
“status”: 400

}.

  1. To Fix this issue I had to update the SH script for Let’s Encrypt

    wget -O /usr/local/directadmin/scripts/letsencrypt.sh http://files.directadmin.com/services/all/letsencrypt.sh

Now I could generate a certificate but still ran into a problem about the .well-known file… This was missing

  1. Modify the httpd-alias.conf file and add a well-known file

    Modify: /etc/httpd/conf/extra/httpd-alias.conf and add:
    Alias /.well-known “/var/www/html/.well-known”

  2. Now restart Apache and DirectAdmin

Now you will be able to generate a Let’s Encrypt certificate for you website.