DirectAdmin is a graphical web-based web hosting control panel designed to administer websites easily. Can't connect to ssl error in DirectAdmin happens as a result of different factors.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to resolve related DirectAdmin errors.
Users often notice the following error in the Directadmin error log located at "/var/log/directadmin/error.log":
2020:10:06-17:02:16: Can't connect to ssl!
2020:10:06-17:02:16: -> A failure in the SSL library occurred, usually a protocol error.
2020:10:06-17:02:16: -> error:00000001:lib(0):func(0):reason(1)
1. HTTP to HTTPS redirection
The "Can't connect to ssl!" error DirectAdmin, can happen if a client connects to HTTP on the https:2222 port. DirectAdmin does catch this and redirects it to HTTPS.
However, DirectAdmin is only assuming this, and the redirection is a guess.
Upon getting this error, we must ensure to check the logs, as there can be an actual SSL error. For the exact timestamp, we can check the logs in real time, for example, 2021-Jan-31.log.
By doing this we will be able to find the IP that attempts to connect to HTTP. Thus we will be able to let them know to try an HTTPS URL instead.
2. Directadmin update
Often users may end up with this error after a Directadmin update. Following are the steps with which we can fix this issue.
i. DirectAdmin might not be running. We can use the following command to check whether 'directadmin d' processes is running:
ps ax |grep -v grep | grep directadmin
ii. Firewall blocking port 2222. This can be easily checked by simply running the following command (only on redhat systems):
/sbin/service iptables stop
/sbin/chkconfig iptables off
Then test DirectAdmin again.
For Newer operating systems,
CentOS 7+ uses a different method of firewall control. We can use the following commands to check this:
$ systemctl disable firewalld
$ systemctl stop firewalld
In case if the port is not found open in the firewall we can use the following command to add the port 2222:
$ firewall-cmd --permanent --zone=public --add-port=2222/tcp
iii. We can try running DirectAdmin via the command line using the following commands:
cd /usr/local/directadmin
./directadmin b200
3. CA root certificate not included
This error can also trigger when the CA is not installed for the domains. Generally, while SSL installation, we will paste the certificate and key to the corresponding files using the steps below:
certificate: /usr/local/directadmin/conf/cacert.pem
key: /usr/local/directadmin/conf/cakey.pem
We will then edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1 (default is 0). This tells DA to load the certificate and key and to use an SSL connection. DirectAdmin needs to be restarted after making the changes.
If we have a CA Root Certificate, we can add it using the following command into the /usr/local/directadmin/conf/directadmin.conf file:
carootcert=/usr/local/directadmin/conf/carootcert.pem
This article covers methods to fix DirectAdmin error "can't connect to ssl" for our customers. Every SSL/TLS connection begins with a "handshake" – the negotiation between two parties that nails down the details of how they’ll proceed. The handshake determines what cipher suite will be used to encrypt their communications, verifies the server, and establishes that a secure connection is in place before beginning the actual transfer of data. This all happens in the background, thankfully – every time you direct your browser to a secure site a complex interaction takes place to make sure that your data is safe.