Skip to main content

Directadmin

Verbeter de prestaties en beveiliging van uw webserver

Link SSL certificates

Door | 19 Januari 2019

SSL in DirectAdmin (versions may differ in setup)

Source of certificate:
/usr/local/directadmin/data/users/username/domains/domain.com.key
/usr/local/directadmin/data/users/username/domains/domain.com.cert
/usr/local/directadmin/data/users/username/domains/domain.com.cacert
/usr/local/directadmin/data/users/username/domains/domain.com.cert.combined

Create symlinks with:
ln -sf /path/to/filetolinkto /path/to/linktocreate

Webserver Apache level:
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/server.ca

Controlpanel DirectAdmin level:
/usr/local/directadmin/conf/cakey.pem
/usr/local/directadmin/conf/cacert.pem
/usr/local/directadmin/conf/carootcert.pem

Webserver Nginx level:
when proxy: /etc/httpd/conf/ssl.crt/server.crt.combined
in case being used: /etc/nginx/ssl.crt/server.crt.combined

Mail Transfer Agent Exim level:
/etc/exim.key (private key)
/etc/exim.cert (certificate followed by bundle)

IMAP / POP3 server Dovecot:
in /etc/dovecot/conf/ssl.conf and /etc/dovecot/conf/sni/domain.com.conf
/etc/exim.key
/etc/exim.cert

in my setup leading to:
/usr/local/directadmin/data/users/username/domains/domain.com.key
/usr/local/directadmin/data/users/username/domains/domain.com.cert.combined

ProFTPd:
/etc/proftpd.conf easily links to the exim certificate files.
Note: I needed in /etc/ssh/ for restart of ProFTPd: chmod 600 ssh_host_rsa_key

Pure-FTPd:
/etc/pure-ftpd.pem cannot easily link to one file containing private key followed by certificate and bundle.

Let’s Encrypt renewal time:
/usr/local/directadmin/data/users/username/domains/domain.com.cert.creation_time

Let’s Encrypt server domain(s) to renew:
/usr/local/directadmin/conf/ca.san_config

SSL in PHP and for database connections is not in my scope right now
set up for ODBC is on a separate page