TCAdmin 2.0.162 and greater supports automatically creating Let's Encrypt certificates for the control panel website and remote server. This feature requires the MVC control panel.
- Supports custom domain or subdomain (make sure it resolves to your server's primary IP).
- If you don't specify a subdomain the primary IP's reverse DNS name will be used. If this fails it will fall back to [server-ip].dyn.tcadmin.net
- Improved speed in file manager uploads and downloads.
- When using the control panel with https the file manager upload/downloads go directly to the remote server instead of being uploaded to the master first then to the remote. This improves performance when the master and remote are on different datacenters.
- Port 80 on the primary IP must be available. This is required by Let's Encrypt the verification process.
- [Linux] Port 80 must not be used by other web servers.
- [Linux] On your master the control panel website must use the built in web server not Nginx. If you are using Nginx follow these instructions.
- [Windows] On your master the control panel website must use the built in web server not IIS. If you are using IIS use https://www.win-acme.com/
- [Windows] Port 80 may be used by IIS or by the monitor but not by other web servers.
Configure Let's Encrypt
- Go to Sever Management > Servers > Select your server
- Under "Let's Encrypt Configuration" check "Enable support for Let's Encrypt"
- Specify a custom domain or sub domain. If it's not specified it will be generated automatically.
- Save then select Tools > Restart Monitor.
- The certificate will be generated in less than 5 minutes.
- If you didn't specify a domain you should see the autogenerated domain in the server settings after it has been configured correctly.
- You should be able to access your control panel using https://domain:secureport
Open a command prompt as administrator and execute these commands to check for errors while creating a certificate. Replace <your-ip> with your server's primary IP.
cd C:\Program Files\TCAdmin2\Monitor\Tools\LetsEncrypt-Windows create.bat <your-ip>.dyn.tcadmin.net
Execute these commands from SSH to check for errors while creating a certificate. Replace <your-ip> with your server's primary IP.
cd /home/tcadmin/Monitor/Tools/LetsEncrypt-Linux ./create.sh <your-ip>.dyn.tcadmin.net
- Use the control panel without the port (https://domain)
- [Windows] Set the monitor's secure port to 443, save and restart.
- [Linux] Edit /home/tcadmin/Monitor/tcadmin-config and set SECURE_WEB_PORT to 443. Then restart the monitor.
- Enable Let's Encrypt for many remote servers.
- Execute this command on your database:
UPDATE tc_servers SET direct_fileman_allowed=1 WHERE server_id <> 1;
- Then go to Server Management > Servers > Restart Remotes.
- Force https
- Go to Settings > Security Settings. Set SSL Access = All pages
- Confirm the file manager is uploading directly to the remote
- Before uploading a file press F12. This will open the web browser's developer console. Select the network tab. Start the upload. You should see the upload requests go to the remote's domain.