Web Certificate
By default, TCAdmin uses a self-signed certificate for HTTPS, which causes your browser to show a security warning every time you visit the panel. This guide shows you how to replace it with a free, trusted certificate from Let's Encrypt so the warning goes away.
An SSL certificate encrypts the connection between your browser and the TCAdmin panel, keeping your login credentials and data safe. A self-signed certificate provides encryption but isn't trusted by browsers (hence the warning). A Let's Encrypt certificate is free, trusted by all browsers, and auto-renews.
Before You Begin
You need one of the following:
- A domain name pointing to your server (e.g.,
panel.yourdomain.com) — set up a DNS A record that points to your server's public IP address - OR you can use TCAdmin's built-in dynamic DNS (explained below) if you don't have a domain
You also need:
- Ports 80 and 443 open and accessible from the internet (Let's Encrypt uses port 80 to verify you own the domain)
- No other web server (like Apache or Nginx) running on ports 80/443
Step 1: Change TCAdmin to Use Ports 80 and 443
By default, TCAdmin runs on ports 31000/31001. Let's Encrypt requires your site to be on the standard web ports (80 for HTTP, 443 for HTTPS).
Edit the web configuration file:
- Windows
- Linux
Edit C:\Program Files\TCAdmin3\config\web\appsettings.Production.json:
{
"TCAdmin": {
"Type": "Web",
"Web": {
"Port": 80,
"SecurePort": 443,
"Prerender": true
}
}
}
Edit /opt/tcadmin3/config/web/appsettings.Production.json:
{
"TCAdmin": {
"Type": "Web",
"Web": {
"Port": 80,
"SecurePort": 443,
"Prerender": true
}
}
}
Restart the Web Service
After editing the config, restart the web service for the changes to take effect:
- Windows
- Linux
Restart-Service TCA3Web
sudo systemctl restart tca3web
Make sure ports 80 and 443 are open in your firewall. Let's Encrypt connects to port 80 to verify that you control the domain — if it can't reach your server, certificate generation will fail.
Your panel URL changes too! Instead of https://YOUR-IP:31001, you'll now access it at https://YOUR-IP (port 443 is the default HTTPS port, so you don't need to type it).
Step 2: Generate the Certificate
- Log in to your control panel
- Go to Settings > Web Certificate
- In the Domains field, enter your domain name (one per line if you have multiple)
- Optionally enter your Email address — Let's Encrypt will send you a reminder if your certificate is about to expire
- Check Accept terms of service (after reviewing the Let's Encrypt Terms of Service)
- Click Create
TCAdmin will:
- Create a test certificate first to make sure everything works
- If the test passes, create the real certificate
- Automatically configure the web service to use it
TCAdmin offers a free dynamic DNS service. Use this as your domain:
YOUR-PUBLIC-IP.dyn.tcadmin.net
Replace dots in your IP with dashes. For example, if your IP is 192.168.1.100, use:
192-168-1-100.dyn.tcadmin.net
Checking Your Certificate
After generating a certificate, the Web Certificate page shows:
| Field | What It Shows |
|---|---|
| Domain | The domain name the certificate was issued for |
| Expires on | When the certificate expires (Let's Encrypt certs last 90 days) |
| Issued by | Who issued the certificate (Let's Encrypt or self-signed) |
Automatic Renewal
Let's Encrypt certificates are valid for 90 days. TCAdmin automatically renews them before they expire — you don't need to do anything.
Troubleshooting
"Website must be accessible over http on port 80"
The web service isn't listening on port 80. Go back to Step 1 and make sure you updated the config file and restarted the service.
Certificate generation fails
| Possible Cause | How to Fix |
|---|---|
| Port 80 not accessible | Open port 80 in your firewall. Test by visiting http://YOUR-DOMAIN — you should see the TCAdmin panel (without HTTPS). |
| Domain doesn't point to your server | Make sure your domain's DNS A record points to your server's public IP. You can check with nslookup YOUR-DOMAIN or an online DNS checker. DNS changes can take up to 24 hours to propagate, but usually take 5-30 minutes. |
| Rate limiting | Let's Encrypt limits how many certificates you can request per domain per week. If you've been testing repeatedly, wait an hour and try again. |
| Another service on port 80 | If Apache, Nginx, or another web server is using port 80, stop it first. Only one service can listen on a port at a time. |
What's Next?
- Plugin Repository — import game configurations to start hosting
- Remote Server Configuration — add more servers to your setup