This is how to set up a SSL certificate on your server and running with it, using DirectAdmin on Debian GNU/Linux.

All of the following tasks are done as root, from the command line:

cd /usr/local/directadmin/conf

create a private key:

openssl genrsa -out cakey.pem 4096

generate a certificate request from that key:

openssl req -key cakey.pem -new

Answer the questions as follows (hit Enter after each answer):

  • Country Code: (see:
  • State or Province: I put the province I live in
  • Locality name: I put the city I live in
  • Organization Name: I put a dot (period) which leaves the entry blank
  • Organizational Unit: I put a dot
  • Common Name: I put the fully qualified name of my server.
  • Email Address: I put my email address
  • challenge password: I left this blank
  • optional company name: I left this blank

This generates a certificate request, and displays it on the screen. Copy and paste it into the Server Certificates – New form.

CACert will then generate a certificate. Copy and paste this to a file on the server /usr/local/directadmin/conf

Save the certificate as a file in that directory called myserver.crt

Next, download the intermediate certificate from CACert: and save it in the same directory (/etc/apache2/ssl). Also, download the CACert Class 1 certificate and save it in the same directory.

Combine the secret key, your server’s certificate, and the intermediate and root certificates into one file:

cat cakey.pem myserver.crt class3.crt root.crt > cacert.pem

Change the permissions so nobody else can read that pem files:

chmod 600 cacert.pem

chmod 600 cakey.pem

Also change the owner of the files:

chown diradmin:diradmin cacert.pem

chown diradmin:diradmin cakey.pem

chown diradmin:diradmin carootcert.pem

Edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1  (default is 0).  This tells DA to load the certificate and key and to use an SSL connection. Ensure your directadmin.conf has the values set:


but can be changed as needed.

DirectAdmin needs to be restarted after any changes to the directadmin.conf.

If you also have a CA Root Certificate, this can be specified by adding:


into the /usr/local/directadmin/conf/directadmin.conf file (won’t exist by default) and by pasting the contents of the caroot cert into that file.

Pin It on Pinterest

Share This