How to Setup Wildcard SSL in Directadmin


This guide above works for the most part, but below are some details for those who got lost in the process.

1 –

  • Follow the guide and make sure all the flags are correct.
  • By default a few of these do not even exist, you will have to add
  • You can add using directadmin set or edit directadmin.conf directly
    • /usr/local/directadmin/conf/directadmin.conf

The documentation forgot to tell you this. You also need to set this in the same config file (Source:

  • If you do not do this step, the subdomains may not use the wildcard ssl even after it is made.
    • Took me hours to debug this. I suspect it may be because my server was older before the default was set to dns_ttl=1
  • restart the server
cd /usr/local/directadmin
service directadmin restart

2- Ignore this. This is telling you how to turn it off

3 – For some reason, I actually can’t find this option. I think it is renamed as “Use the best match certificate” but they did not update documentation.

4 –

  • Now to test if this works, create a new account with the root domain
  • According to #5 – the SSL creation should be automatic by default
  • If you then create a subdomain (new account, or same account), then it will start using the wildcart cert

5 – Verify this

  • Go to the URL with root domain on your browser https://[rootdomain]
    • First of all, you should get the lock on your address bar. If not, it means this did not work
    • Look into cert details, you will see a cert is issued to the root domain
    • Details: Subject alternative name you will see a wildcard path *.[rootdomain] – this means the wildcard cert is set
  • Then go to the URL with the subdomain on your browser https://subdomain.[rootdomain]
    • First of all, you should get the lock on your address bar. If not, it means this did not work
    • If setup properly, any subdomain will use the wildcard cert so when you create new account ssl should work right away
    • Look at your cert details, it will show same above
  • If root works with wildcard, but subdomains have ssl error / not using the wild card, see #1
    • need to set dns_ttl=1


For Step 4, if the account was already there before you change the settings in Step 1, just force a reset

  • Login as that [rootdomain] account
  • Click SSL Certificates
  • If this domain’s SSL is not enable, please do so first by selecting this “Use the best match certificate”, save
    • Do not select “Free & automatic cert from Let’s encrypt” or it will not work (The next step, the Automated SSL won’t show up)
  • Bottom of page is a new section “Automated SSL Certificates Information”
    • note that this is new – you would not have seen this before you change the options in step 1
  • Certificates tab, check the domain
    • If no domain showing, go to “Manual Trigger” tab
      • make sure wildcard option is selected
  • Click Retry
  • Make sure your DNS is set correctly, etc. Because if there is problems it will not tell you on the UI, unfortunately
    • Also even if it works it takes 5-10  minutes so give some patience

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>