Enabling SNI on DirectAdmin

Back when the internet was in its infancy, a unique IP address was needed for every single SSL certificate on a server. As the internet started to grow, a technology called Server Name Identification, often abbreviated as SNI, was developed. This technology allows for multiple SSL certificates on a single IP. This prevents the extra costs for an IP address.

DirectAdmin is one of the control panels which requires manual intervention to work with SNI. In most cases, we want to enable SNI.

Step 1: Enabling SNI on DirectAdmin

Open the DirectAdmin configuration file using your favourite editor:

vi /usr/local/directadmin/conf/directadmin.conf

On a default DirectAdmin installation, enable_ssl_sni is set to 0. Enable SNI by replacing enable_ssl_sni=0 with enable_ssl_sni=1.

Changing this option will disable the check if the website has a dedicated IP address and will not mess with any other configurations on your server.

Step 2: Restarting DirectAdmin

Restart the DirectAdmin service for the changes to become effective:

service directadmin restart

Step 3: Generating an SSL certificate

Last but not least, logged in as a user on the “User Level”, you will have the option to generate and/or install an SSL certificate without DirectAdmin requiring a dedicated IP address.

Note: a very select number of older browsers are not compatible with SNI and will not be updated to integrate this. One of these browsers is Windows XP Internet Explorer. With people upgrading their operating systems and browsers every day, this is generally not something to worry about. The “caniuse” website has more details.