yum -y update
/usr/bin/openssl req -x509 -newkey rsa:2048 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem
cd /usr/local/directadmin/conf/
perl -pi -e ‘s/SSL=0/SSL=1/’ directadmin.conf
service directadmin restart
echo “letsencrypt=1” >> directadmin.conf
echo “enable_ssl_sni=1” >> directadmin.conf
cd /usr/local/directadmin/custombuild
./build update
./build rewrite_confs
./build letsencrypt
vi /etc/httpd/conf/extra/httpd-alias.conf
###### And make sure you see this line
Alias /.well-known “/var/www/html/.well-known”
service httpd restart
service directadmin restart
Then login to DirectAdmin UI and select menu named “SSL Certificates” at the user level.
Note: If you want the server hostname using LetsEncrypt then do below:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request your.hostname.com 4096
cd /usr/local/directadmin/conf
perl -pi -e ‘s/SSL=0/SSL=1/’ directadmin.conf
echo “carootcert=/usr/local/directadmin/conf/carootcert.pem” >> directadmin.conf
echo “force_hostname=your.hostname.com” >> directadmin.conf
echo “ssl_redirect_host=your.hostname.com” >> directadmin.conf
service directadmin restart
—– Troubleshoot —-
Cannot Execute Your Request
Details
Getting challenge for parniagroup.com from acme-server…
User let’s encrypt key has been found, but not registered. Registering…
Account registration error. Response: HTTP/1.1 100 Continue
Expires: Wed, 03 Aug 2016 08:08:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 265
Boulder-Request-Id: vdS0ublv2yTS3g8BkAW4mjM9f-HCiYV6DgYrfCkaLqI
Replay-Nonce: QUnGB2x_ZY1sJRrGG3MgS9fwtegzDawR8xj1uJ4E50o
Expires: Wed, 03 Aug 2016 08:08:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 Aug 2016 08:08:27 GMT
Connection: close
{
“type”: “urn:acme:error:malformed”,
“detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]”,
“status”: 400
}.
———————————————-
Well, they have changed their license agreement and that broke the Let’s Encrypt client used in DA. Please use CustomBuild 2.0 (at least rev. 1572) to update letsencrypt.sh script:
cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt
Alternatively, “./build update_versions” can be used as well. The newest version of CustomBuild 2.0 is only available on files1.directadmin.com and files2.directadmin.com fileservers at the moment, other mirrors might take up to 24 hours to update.
To download the file manually (without CustomBuild), just execute:
wget -O /usr/local/directadmin/scripts/letsencrypt.sh http://files1.directadmin.com/services/all/letsencrypt.sh
Will Master's Blog 