Wondering how to fix DirectAdmin error ‘can’t connect to ssl’? We can help you.

DirectAdmin is a graphical web-based web hosting control panel designed to administer websites easily.

Here at Bobcares, we often handle requests from our customers to fix similar DirectAdmin errors. Today we will see how our support engineers fix this for our customers as a part of our Server Management Services.

Causes and fixes for DirectAdmin error ‘can’t connect to ssl’

Now we will see some of the common causes for this issue along with their fix.

Users often notice the following error in the Directadmin error log located at “/var/log/directadmin/error.log”.

1. HTTP to HTTPS redirection

The “Can’t connect to ssl!” error DirectAdmin, can happen if a client connects to HTTP on the https:2222 port. DirectAdmin does catch this and redirects it to HTTPS.
However, DirectAdmin is only assuming this, and the redirection is a guess.

Upon getting this error, we must ensure to check the logs, as there can be an actual SSL error. For the exact timestamp, we can check the logs in real time, for example, 2021-Jan-31.log.

By doing this we will be able to find the IP that attempts to connect to HTTP. Thus we will be able to let them know to try an HTTPS URL instead.

2. Directadmin update

Often users may end up with this error after a Directadmin update. Following are the steps with which we can fix this issue.

1. DirectAdmin might not be running. We can use the following command to check whether ‘directadmin d’ processes is running:

ps ax |grep -v grep | grep directadmin

2. Firewall blocking port 2222. This can be easily checked by simply running the following command (only on redhat systems):

/sbin/service iptables stop
/sbin/chkconfig iptables off

Then test DirectAdmin again.

Newer operating systems
CentOS 7+ uses a different method of firewall control. We can use the following commands to check this:

systemctl disable firewalld
systemctl stop firewalld

In case if the port is not found open in the firewall we can use the following command to add the port 2222.

firewall-cmd --permanent --zone=public --add-port=2222/tcp

3. We can try running DirectAdmin via the command line using the following commands:

cd /usr/local/directadmin
./directadmin b200

3. CA root certificate not included

This error can also trigger when the CA is not installed for the domains. Generally, while SSL installation, we will paste the certificate and key to the corresponding files using the steps below:

certificate: /usr/local/directadmin/conf/cacert.pem
key: /usr/local/directadmin/conf/cakey.pem

We will then edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1 (default is 0). This tells DA to load the certificate and key and to use an SSL connection. DirectAdmin needs to be restarted after making the changes.

If we have a CA Root Certificate, we can add it using the following command into the /usr/local/directadmin/conf/directadmin.conf file:

carootcert=/usr/local/directadmin/conf/carootcert.pem

[Need assistance? We can help you]

Conclusion

In short, we saw how our Support Engineers fix DirectAdmin error ‘can’t connect to ssl’ for our customers.