How to Install a Free SSL Certificate in DirectAdmin

In the modern web, an SSL certificate is no longer a luxury—it is a necessity. It provides a secure, encrypted connection (HTTPS) between your visitors and the server, secures sensitive data, and significantly boosts your Google search rankings.

DirectAdmin offers a built-in "Let's Encrypt" tool that allows you to generate a free, auto-renewing certificate in just a few clicks. In this guide, we will walk you through the installation process, how to force your site to load securely, and how to troubleshoot common errors.

Prerequisites Before You Start

To avoid errors during the installation, please ensure the following:

Domain Propagation: Your domain must point to the server's IP address. If you recently changed your nameservers or DNS records, please wait 1–4 hours for the changes to propagate globally.
Site Accessibility: Let's Encrypt validates ownership by trying to reach your website. If your site is offline, the validation will fail.
SSL Enabled: Ensure SSL support is enabled on your hosting account (this is usually on by default).

Installation Steps

Follow these steps within your DirectAdmin control panel:

1. Navigate to SSL Certificates

Click on the SSL Certificates icon.

Note: If you are using an older skin of DirectAdmin, this option might be located under "Advanced Features."

2. Let's Encrypt Configuration

You will see the current status of your certificate. To create a new one, click the tab or radio button labeled:

Get automatic certificate from ACME Provider

You will now see the configuration settings. It is important to select the correct entries:

Common Name: This should be your main domain name (e.g., yourdomain.com).
Key Size (bits): Leave as default (usually 4096 or secp384r1).
Certificate Type: SHA256.

Which entries should you select?

In the "Selected Entries" list, you will see various subdomains. We recommend checking the following:

yourdomain.com (The root domain)
www.yourdomain.com (The www version)
mail.yourdomain.com (Critical if you use email clients like Outlook or mobile mail apps)

A note on "Wildcard": You will see a Wildcard option. We do not recommend this for beginners, as it requires DNS-based validation which is more complex. For standard websites, simply checking the specific boxes is sufficient.

Once selected, click the Save button.

3. Force HTTPS Redirect

Seeing the green "Certificate has been created successfully" message means the certificate is installed, but your site might still load via the insecure http:// protocol. You must force the redirect.

Stay in the SSL Certificates menu.
Look for the setting (usually at the top or bottom): Force SSL with https redirect.
Check the box and click Save.

Now, any visitor typing your address without "https" will be automatically redirected to the secure version.

How to Verify the Certificate

Open your website in a browser (preferably in Incognito/Private mode). You should see a padlock icon next to your domain in the address bar.

For a deep technical analysis, you can use external tools like the SSL Labs Server Test. This will confirm the certificate is valid and correctly installed.

Troubleshooting Common Errors

If you receive an error while clicking "Save", check the following:

Error: "Challenge verification failed"

This is the most common error. It means Let's Encrypt tried to visit your site to verify you own it, but failed.

Likely Cause: Your domain is not pointing to this server yet, or DNS cache hasn't cleared.
Solution: Check your domain on whatsmydns.net. If the IP is correct, wait an hour and try again.

Issues with .htaccess

If you have existing redirect rules in your .htaccess file, they might be blocking the validation file.

Solution: Temporarily rename your .htaccess file, generate the certificate, and then rename it back.

Cloudflare Users

If you use Cloudflare, their firewall or proxy settings sometimes block the validation.

Solution: In your Cloudflare DNS settings, temporarily switch the "Proxy Status" to DNS Only (Grey Cloud) for your domain. Generate the certificate in DirectAdmin, then switch the Cloudflare Proxy (Orange Cloud) back on.

Congratulations! Your website is now secure. DirectAdmin will automatically renew this certificate every 90 days, so you do not need to take any further action.