Installing ssl certificates

Installing SSL Certificates

This section describes how to install a certificate, use a generic server certificate, create a self-signed certificate and install a purchased certificate. Any site that processes monetary transactions or accepts sensitive information (such as passwords) needs an SSL certificate to be protected.

SSL management menu in DirectAdmin

Installing ssl certificatesInstalling ssl certificatesTo create an SSL certificate or insert a pre-generated certificate key, open the “Account Manager” from the Control Panel and click the “SSL Certificates” link.

Installing Let’s Encrypt certificate

The easiest way to install a secure, free and trusted browser certificate for your site is a Let’s Encrypt certificate, so we recommend using it if you don’t want to buy a certificate issued through other certificate authorities.

Note: To use Let’s Encrypt, you must turn on its support in the DA. If you don’t find the “Let’s Encrpyt” section in the SSL certificates menu, ask your administrator to enable it. If you are an administrator, you can enable Let’s Encrpyt support by following this guide.Installing ssl certificates

To enable Let’s Encrypt, select “Free and automatic certificate from Let’s Encrypt”.

Enter the domain name and email address.

Note: Do not use “www” or “http(s)://” in the general domain name section.

Select which domains you want to protect with a certificate. You can select a maximum of 20 domains.

Note: Always choose yourdomain.com and www.yourdomain.com entries.

Click the “Save” button. Done.
You have installed the certificate.

Note: Remember to configure private_html as shown here. Also, you may need to wait a few minutes for the changes to take effect.

Installing the purchased certificate

A purchased certificate is the best way to be safe. Because the certificate is secure and trustworthy, visitors will not get a popup warning about an invalid certificate when viewing a secure page.

Step 1: Generating a CSR request

Be sure to select the “Create a certificate request” option.Installing ssl certificates

Then enter your company information.

“Common name” is the address of your site, which will be specified in the SSL certificate.

Your site will only be protected by this address. In the above example https://example.com/anything will be protected, https://www.subdomain.example.com is not.

When you’re done, click the “Save” button at the bottom of the screen. Then you will see a page that looks like this:

Copy this text (including the “BEGIN/END CERTIFICATE REQUEST” sections) into a simple text editor, such as Windows Notepad, and save the file to your hard drive. You will need this CSR request when you buy a certificate.

Step 2: Purchase a certificate

When you purchase a certificate, you will be asked to enter information about yourself or your company, your website and:

  • CSR-request
  • the software that generated the CSR query
  • your common name

CSR-request

Simply insert the CSR provided to you by the control panel, including the “BEGIN / END CERTIFICATE REQUEST” sections. The order form will have a text box to insert. Make sure the CSR is saved and pasted as plain text.

The software that generated the CSR

Select Apache-ModSSL (“OpenSSL”) or “Other” if you do not see Apache-ModSSL listed. Don’t worry about the error, as this information is only collected for statistics.

Your common name

“Common name” refers to the address of your site, which will be listed on the SSL certificate (see Step 1). Enter this address without “http://” unless the seller of the certificate specifies otherwise.

Step 3: Install the certificate

Check the box next to “Insert pre-generated certificate and key”.Installing ssl certificates

As you can see, for you, the key is already inserted in the text box.

Insert the certificate in the “Certificate” field below it and click “Save”.

The domain certificate may be named domain.com.crt
pre-generated ssl certificate

Step 4: Install the root CA certificate

In the picture above you can see the “CA Root Certificate” link. Click the link and paste your root CA certificate into the text box. Alternatively, click the “Use CA certificate” button above. Then click the “Save” button.

Important: Remember to check the “Use CA certificate” selection.

Although installing the root CA certificate is not always required, you may find that your SSL certificate will not work properly without this step.

The CA certificate can sometimes be called gd_bundle.crt, ca_bundle.crt, ca_cert, etc.

Note. Don’t forget to configure private_html as shown here.

Using a common server certificate

One of the easiest ways to create a secure site is to use the server’s built-in self-issued certificate.Installing ssl certificates

Make sure the election option is set next to “Use server certificates” and click the “Save” button at the bottom of the screen.

Understanding untrusted certificates

Warning: Although untrusted certificates provide a high level of encryption, they are not always the best choice because they are self-generated rather than purchased through a certificate authority.Installing ssl certificates

Because of this, visitors to your site may get a warning pop-up window when accessing a protected page. Therefore, we do NOT recommend this method.

Creating a self-signed certificate

An alternative to the self-released shared server certificate is a personal self-signed certificate.

Step 1. Select “Create your own self-signed certificate”.Installing ssl certificates

Step 2: Enter information about yourself and your company.

A list of country codes is available here.

Step 3: Click the “Save” button at the bottom of the screen.

The common name is the exact web address to which the certificate is associated. In the above example https://example.com/anything would be valid, https://www.subdomain.example.com would not.

Understanding untrusted certificates

Warning: Although untrusted certificates provide a high level of encryption, they are not always the best choice because they are self-generated rather than purchased through a certificate authority.Installing ssl certificates

Because of this, visitors to your site may get a warning pop-up window when accessing a protected page. Therefore, we do NOT recommend this method.

Uploading files to your secure site

Installing ssl certificatesAll protected files must be uploaded to /domains/domain.com/private_html. The easiest way to do this is to link private_html with public_html. To do this, go to the “Account Manager” icon on the control panel and select the link “Setting up domains” (you can see the image of the path at the beginning of the page), then select the desired domain. Click the link Installing ssl certificates at the top of the page. Select “use symbolic link” and click “Save”.

Was this article helpful?

Related Articles