Security setup

About certificates:

– For a hostname (with or without a subdomain) a Let’s Encrypt certificate works.
– A server name without a subdomain is stable, in both DirectAdmin and Plesk.
– A practical problem arises in case of a corresponding website on another server, because the domain name with port number of the control panel is no longer accessible.

Warning: A reverse DNS without a subdomain is not a valid hostname.
Note by Most systems won’t care that it is a domain, but since it’s against the RFC guidelines, we show a warning.

– make a Certificate Signing Request (CSR) typing for wildcard: *;
– a CSR may generate and write a new private key;
– check (e.g. in a web tool) for the same MD5 outcome for the private key versus CSR and the private key versus certificate;
back up the private key: letsencrypt=1′ in DirectAdmin’s configuration may damage annual certificate data after three months.
– blocking by HSTS can locally be disabled and enabled again using url chrome://net-internals/#hsts

Check for HTTPS, for incoming and for outbound mail:

Analyze SSL certificates: (the exact expiry time is missing)
Monitor https/incoming SMTP certificates easily:
(one of the mailservers can cause an error message).
For both incoming (and outbound not having a mail service elsewhere) mail servers:
Check encryption of a web server:
Check SSL:
Check security:

The order in the bundle for authorization is relevant to an error message for intermediate eg:
1. Comodo RSA Domain Validation Secure Server CA
2. Comodo RSA CA
3. AddTrust External CA Root

Idea for DirectAdmin:

Visualize where a wildcard domain / server certificate is correct, or not, helps to achieve stability. A new tab in the file editor for certificate data may provide overview. A button to report each file’s date / time and MD5 outcome in a column will make analysis easier.