Verify that DirectAdmin allows SSL
By default, DirectAdmin does not allow setting up an SSL certificate. If you are a customer of a hosting company that explicitly says it supports this, you can skip this step. However, if you have your own installation of DirectAdmin running, you would do well to read on. Login to your DirectAdmin panel (often found on port 2222) via your browser, choose the domain to which you want to add SSL and look at ‘Advanced Features’ for the option ‘SSL Certificates’. If you find this option, you can usually add SSL. If you don’t see this option, either your hosting provider hasn’t enabled SSL (send an email or tweet to check), or you, as an administrator, haven’t set it up yet in the DirectAdmin environment. Enabling SNI support allows you to provide one or more websites with ‘valid’ HTTPS connections with 1 IP address. To enable SNI, you need to modify directadmin.conf. To do this, open an SSH connection to the server (via PuTTy for example) and open the directadmin.conf file with nano or another editor:
sudo nano /usr/local/directadmin/directadmin.conf
Add the following line:
enable_ssl_sni=1
Let’s check if port 443 is open (needed to accept HTTPS connections):
sudo netstat -plnt | grep ':443'
Restart DirectAdmin and your Apache web server:
sudo directadmin restart sudo /etc/init.d/apache2 restart
Enable SSL for a domain name within DirectAdmin
To enable SSL for a domain within DirectAdmin, log in to the DirectAdmin environment and go to ‘Domain administration’. Next, click on the domain you want to set up SSL on. Check ‘Secure SSL’. If you want your website to load over both HTTP and HTTPS and to show the same page, check “Use a symbolic link from private_html to public_html – allows for same data in http and https”. Once set up, go to ‘SSL Certificates’.
Certificate Setup
I expect that you already have your certificate and that you know which organization it is with (StartSSL, GeoTrust, Comodo, RapidSSL, AlphaSSL, …). These organizations are also called CAs or Certificate Authority and it is these organizations that declare your certificate valid or not. First of all, we want to import the root and intermediate certificate from this CA. At the very bottom of the page, you’ll find a small text link that will take you to another page that allows you to import the Certificate Authority SSL Certificate as shown below:
What exactly you have to stick in this box depends on the company where you purchased your certificate. You can often find these root and intermediate certificates via the website of these organizations, or you may have received an email with a link to them. Here is a list to get you started:
First you paste the root certificate and just below that the intermediate certificate. You want to copy and paste the entire text, including —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–
-----BEGIN CERTIFICATE----- root certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- intermediate certificate -----END CERTIFICATE-----
Select ‘Use a CA Cert.’ and click ‘Save’. Go back to the previous page and choose ‘Paste a pre-generated certificate and key’. Paste your private key and your certificate here as shown below. Don’t leave a space between the two.
If everything went well, you would get the message ‘Certificate and Key Saved’. It might take a few minutes now, but you should now be able to reach your website on https://voorbeeld.be!
