Skip to main content

Lets Encrypt

TCAdmin 2.0.162 and greater supports automatically creating Let's Encrypt certificates for the control panel website and remote server. This feature requires the MVC control panel.

Features

  • Supports custom domain or subdomain (make sure it resolves to your server's primary IP).
    • If you don't specify a subdomain the primary IP's reverse DNS name will be used. If this fails it will fall back to [server-ip].dyn.tcadmin.net
  • Improved speed in file manager uploads and downloads.
    • When using the control panel with https the file manager upload/downloads go directly to the remote server instead of being uploaded to the master first then to the remote. This improves performance when the master and remote are on different datacenters.

Requirements

warning

Port 80 on the primary IP must be available. This is required by Let's Encrypt the verification process.

  • Linux : Port 80 must not be used by other web servers.
  • Linux : On your master the control panel website must use the built in web server not Nginx. If you are using Nginx follow these instructions.
  • Windows : On your master the control panel website must use the built in web server not IIS. If you are using IIS follow these instructions.
  • Windows : Port 80 may be used by IIS or by the monitor but not by other web servers.

Configure Let's Encrypt

  • Go to Sever Management (on the left hand navigation) > Servers > Select your server
  • Under Let's Encrypt Configuration check Enable support for Let's Encrypt
  • Specify a custom domain or sub domain. If it's not specified it will be generated automatically.
  • Save then select Tools > Restart Monitor.
  • The certificate will be generated in less than 5 minutes.
    • If you didn't specify a domain you should see the autogenerated domain in the server settings after it has been configured correctly.
  • You should be able to access your control panel using https://domain:secureport

Troubleshooting

Open a command prompt as administrator and execute these commands to check for errors while creating a certificate. Replace <your-ip> with your server's primary IP. Check the logfile named last.log in that folder.

cd C:\Program Files\TCAdmin2\Monitor\Tools\LetsEncrypt-Windows
create.bat <your-ip>.dyn.tcadmin.net

How to...

Use the control panel without the port (https://domain.com)

Windows : Set the monitor's secure port to 443, save and restart. Linux : Edit /home/tcadmin/Monitor/tcadmin-config and set SECURE_WEB_PORT to 443. Then restart the monitor.

Enable Let's Encrypt for many remote servers.

Execute this command on your database:

UPDATE tc_servers SET direct_fileman_allowed=1 WHERE server_id <> 1;

Then go to Server Management (on the left hand navigation) > Servers > Restart Remotes.

Force https

Go to Settings > Security Settings. Set SSL Access = All pages

Confirm the file manager is uploading directly to the remote

Before uploading a file press F12. This will open the web browser's developer console. Select the network tab. Start the upload. You should see the upload requests go to the remote's domain.