Let's Encrypt

TCAdmin 2.0.162 supports automatically creating Let's Encrypt certificates for the control panel website and remote server. This feature requires the MVC control panel.

Features

  • Supports custom domain or subdomain (make sure it resolves to your server's primary IP).
    • If you don't specify a subdomain the primary IP's reverse DNS name will be used. If this fails it will fall back to [server-ip].dyn.tcadmin.net
  • Improved speed in file manager uploads and downloads.
    • When using the control panel with https the file manager upload/downloads go directly to the remote server instead of being uploaded to the master first then to the remote. This improves performance when the master and remote are on different datacenters.

Requirements

  • Port 80 on the primary IP must be available. This is required by Let's Encrypt verification.
    • [Linux] Port 80 must not be used by other web servers.
    • [Windows] Port 80 may be used by IIS but not by other web servers.

Configure Let's Encrypt

  • Go to Sever Management > Servers > Select your server
  • Under "Let's Encrypt Configuration" check "Enable support for Let's Encrypt"
  • Specify a custom domain or sub domain. If it's not specified it will be generated automatically.
  • Save then select Tools > Restart Monitor.
  • The certificate will be generated in less than 5 minutes.
    • If you didn't specify a domain you should see the autogenerated domain in the server settings after it has been configured correctly.
  • You should be able to access your control panel using https://domain:secureport

How to...

Use the control panel without the port (https://domain)
[Windows] Set the monitor's secure port to 443, save and restart.
[Linux] Edit /home/tcadmin/Monitor/tcadmin-config and set SECURE_WEB_PORT to 443. Then restart the monitor.


Enable Let's Encrypt for many remote servers.
Execute this command on your database:
UPDATE tc_servers SET direct_fileman_allowed=1 WHERE server_id <> 1;
Then go to Server Management > Servers > Restart Remotes.


Force https
Go to Settings > Security Settings. Set SSL Access = All pages
Retrieved from "https://help.tcadmin.com/index.php?title=Let%27s_Encrypt&oldid=2406"