Free SSL with Let's Encrypt in DirectAdmin

Let's Encrypt provides free, automated SSL certificates that are trusted by all major browsers. DirectAdmin includes built-in support for Let's Encrypt, making it simple to secure your websites without purchasing a certificate. This guide covers everything you need to know about using Let's Encrypt with DirectAdmin.

What Is Let's Encrypt?

Let's Encrypt is a free, automated, and open certificate authority (CA) that provides Domain Validated (DV) SSL certificates. Key features include:

1. Completely free — no cost for certificate issuance or renewal
2. Automated — certificates can be issued and renewed automatically
3. Trusted — recognized by all major browsers and operating systems
4. 90-day validity — shorter than paid certificates, but auto-renewal handles this
5. Rate limits — up to 50 certificates per registered domain per week

Tip: Let's Encrypt certificates from {{COMPANY_NAME}} hosting accounts are automatically managed. In most cases, you do not need to do anything manually.

Enabling Let's Encrypt for Your Domain

Method 1: Through SSL Certificates Page

1. Log in to your DirectAdmin control panel
2. Navigate to Account Manager > SSL Certificates
3. Ensure the Secure SSL checkbox is enabled
4. Select the option Free & automatic certificate from Let's Encrypt
5. Configure the certificate options:

- Certificate Entries: Select which domains and subdomains to include

- At minimum, include your domain.com and www.domain.com

- You can also include mail.domain.com, webmail.domain.com, etc.

1. Check Enable Wildcard if you need *.domain.com coverage (requires DNS validation)
2. Click Save

DirectAdmin will automatically request and install the certificate. This typically takes less than a minute.

Method 2: Through Domain Setup

1. Go to Account Manager > Domain Setup
2. Click on your domain name
3. Check the Secure SSL option
4. Select Let's Encrypt as the SSL type
5. Choose the subdomains to include
6. Click Save

Understanding Certificate Coverage

Standard Let's Encrypt Certificate

A standard Let's Encrypt certificate covers specific hostnames:

• example.com
• www.example.com
• mail.example.com (if selected)
• Additional subdomains you specify

Each hostname is listed as a Subject Alternative Name (SAN) on the certificate.

Wildcard Let's Encrypt Certificate

A wildcard certificate covers all subdomains under your domain:

• *.example.com (covers any subdomain)
• example.com (the base domain)

Important: Wildcard certificates require DNS validation instead of HTTP validation. This means your domain's DNS must be managed through DirectAdmin or a supported DNS provider, or you must manually add TXT records.

Automatic Renewal

Let's Encrypt certificates are valid for 90 days. DirectAdmin handles renewal automatically:

1. Renewal check runs daily on the server
2. Certificates are renewed approximately 30 days before expiration
3. No action is required from you for renewal
4. The renewal process is seamless with no downtime

You can verify your certificate's expiration date:

1. Go to Account Manager > SSL Certificates
2. View the certificate details showing the "Not After" date
3. Or click the padlock in your browser to see expiration details

Forcing HTTPS After Installation

Once Let's Encrypt is active, redirect all HTTP traffic to HTTPS:

1. In DirectAdmin, go to Account Manager > SSL Certificates
2. Enable Force SSL with https redirect
3. Click Save

Alternatively, add to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Troubleshooting Let's Encrypt Issues

Certificate Issuance Failed

If Let's Encrypt fails to issue a certificate, check:

1. DNS Resolution: Your domain's A record must point to your hosting server's IP address. Let's Encrypt validates domain ownership by connecting to your server.

1. Proxy/CDN Interference: If using Cloudflare or another proxy, temporarily set DNS to "DNS Only" mode (disable the proxy), issue the certificate, then re-enable the proxy.

1. Firewall or .htaccess Blocking: The validation process accesses a file at http://yourdomain.com/.well-known/acme-challenge/. Ensure this path is not blocked by firewall rules or .htaccess restrictions.

1. Rate Limits: Let's Encrypt has rate limits. If you have requested too many certificates recently, you may need to wait before trying again. The limit is 50 certificates per registered domain per week.

1. Document Root: Ensure your domain has a valid, accessible document root directory.

Certificate Not Renewing Automatically

If your certificate is approaching expiration without renewal:

1. Manually trigger a renewal from the SSL Certificates page
2. Check if DNS still points to the correct server IP
3. Verify that .well-known/acme-challenge is accessible
4. Review DirectAdmin error logs for renewal failures
5. Contact {{SUPPORT_EMAIL}} if the problem persists

Mixed Content Warnings

After enabling SSL, mixed content warnings may appear:

• Update all internal URLs from http:// to https://
• Check your CMS configuration (WordPress Settings > General)
• Look for hardcoded HTTP URLs in themes and plugins
• Use browser developer tools to identify mixed content sources

Let's Encrypt vs. Paid SSL Certificates

Best Practices

1. Let auto-renewal handle things — do not manually delete or reinstall unless troubleshooting
2. Include all subdomains — add www, mail, and other subdomains when issuing the certificate
3. Monitor expiration — even though renewal is automatic, periodically verify certificates are current
4. Use Force SSL — always redirect HTTP to HTTPS for complete security
5. Update application URLs — ensure your CMS and applications use https:// URLs
6. Keep DNS stable — DNS changes can break Let's Encrypt validation and renewal

Related Articles

• How to Install an SSL Certificate in DirectAdmin
• Understanding SSL Certificate Types
• Troubleshooting SSL Certificate Errors

For assistance with Let's Encrypt or any SSL-related issues, contact our support team at {{SUPPORT_EMAIL}} or visit {{SUPPORT_URL}}. We are here to help you keep your website secure.