How to install an SSL for hostname in DirectAdmin

It’s always a good choice to install an SSL certificate for the DirectAdmin server’s hostname. By doing so, you and your clients will have a secure connection to the DirectAdmin control panel.

The command that should be run to request and install an SSL certificate on the hostname is:

# /usr/local/directadmin/scripts/ request_single HOSTNAME 4096

Example for our case, where the hostname is

[root@web21 custombuild]# /usr/local/directadmin/scripts/ request 4096
Setting up certificate for a hostname:
2020/12/20 10:41:08 No key found for account Generating a 4096 key.
2020/12/20 10:41:10 Saved key to /usr/local/directadmin/data/.lego/accounts/
2020/12/20 10:41:11 [INFO] acme: Registering account for
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/usr/local/directadmin/data/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2020/12/20 10:41:11 [INFO] [] acme: Obtaining SAN certificate
2020/12/20 10:41:11 [INFO] [] AuthURL:
2020/12/20 10:41:11 [INFO] [] acme: Could not find solver for: tls-alpn-01
2020/12/20 10:41:11 [INFO] [] acme: use http-01 solver
2020/12/20 10:41:11 [INFO] [] acme: Trying to solve HTTP-01
2020/12/20 10:41:17 [INFO] [] The server validated our request
2020/12/20 10:41:17 [INFO] [] acme: Validations succeeded; requesting certificates
2020/12/20 10:41:24 [INFO] [] Server responded with a certificate.
Certificate for has been created successfully!
DirectAdmin certificate has been setup.
Setting up cert for Exim...
Setting up cert for WWW server...
Setting up cert for FTP server...
The services will be restarted in about 1 minute via the dataskq.
[root@web21 custombuild]#

To check the certification status, use:

# openssl x509 -in /etc/httpd/conf/ssl.crt/server.crt -text -noout | grep "Issuer"
[root@web21 ~]# openssl x509 -in /etc/httpd/conf/ssl.crt/server.crt -text -noout | grep "Issuer"
        Issuer: C = US, O = Let's Encrypt, CN = R3
                CA Issuers - URI:
[root@web21 ~]#
directadmin hostnamessl
DA Hostname SSL Cert

For this command to work you must have the servername value set the actual hostname in the directadmin.conf file. Otherwise, you will get an error message when trying to run the command:

[root@web21 ~]# /usr/local/directadmin/scripts/ request_single 4096
Domain does not exist on the system. Unable to find in /etc/virtual/domainowners, and domain is not set as hostname (servername) in DirectAdmin configuration. Exiting...
no valid domain found - exiting
[root@web21 ~]# 

You can also get an error message if you are using a CAA record on the main domain DNS zone.

[root@web21 ~]# /usr/local/directadmin/scripts/ request_single 4096
Setting up certificate for a hostname:
CAA record prevents issuing the certificate: ""
[root@web21 ~]# 

In our case, the CAA record was set to “”. DirectAdmin uses Let’s Encrypt certificates so the CAA record should be:

CAA   0   issue

DirectAdmin SSL on hostname
DirectAdmin check SSL

Leave a Reply