• Support

  • How to install SSL on aapanel itself

Hey there
I've pointed a domain to aapanel & already have a valid SSL for that. now i need to install SSL on my aapanel too.
I mean when i point to my panel using domain.tld:aapanel-port i need to go through a valid ssl not insecure warning.
I've searched in forum and google before making this thread but no luck.

Thanks in advance for your kind help

From settings, disable SSL on panel first. You can logout and login using non SSL connection. And go to settings again, enable SSL, select Letsencrypt.

    25 days later

    i did this but after that couldn't load panel anymore, i've tried almost everything through bt command in shell but there was several problems after that. finally i made a fresh install of OS to solve the problem!
    after fresh install just did these step:

    1- added domain
    2- generated a ssl script for domain
    3- pointed the domain to panel
    4- enabled ssl for panel

    now everything working just fine

      8 months later

      I tried all of your tips that you choose to stay here. But, nothing works for me. And I still can't access the admin panel

      Panel certs seem to be a little buggy at times. Here's how I setup SSL using nginx proxies.

      1. Keep SSL disabled for the panel.
      2. Create a nginx webserver, with the domain you want. Force HTTPS and generate a cert.
      3. Go into reverse proxy and point to http://127.0.0.1:8888
      4. Now you may access the panel using the domain.

      If you want to keep the security entry and hide it, here's my nginx reverse proxy config:

      #PROXY-START/
location ~* \.(php|jsp|cgi|asp|aspx)$
{
    proxy_pass http://127.0.0.1:8888;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
}
location /
{
    proxy_pass http://127.0.0.1:8888;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;

    #Persistent connection related configuration
    add_header X-Cache $upstream_cache_status;

    #Set Nginx Cache
    add_header Cache-Control no-cache;
    expires 12h;
}
location /login
{
    # Replace the entry pass below
    proxy_pass http://127.0.0.1:8888/7b8f0u9e/;
    proxy_set_header Host $host;
}
#PROXY-END/

      I recommend this config as you don't need to disable ip address logging in. As a domain bind could break due to many reasons, locking you out, as you've found. It'll also require the password when a port crawler attempts to login, and it's completely transparent when using the domain.

      I just did this. But the problem is that, it doesn't create Let's encrypt SSL.

      Step1: Choose Let's encrypt and putting admin email
      Step 2: Tick checkbox then click submit.

      nothing happens.

      My theory is that email server is not yet setup for sending details to admin email?

      Step1: Choose Let's encrypt and putting admin email

      The method I mentioned does not even require your email. Only if you do it in the panel area.

      You don't need an email server for that feature to work though. I just suspect the webserver isn't able to configure itself to serve lets encrypt. Which is the problem I had in the past doing it your way.

      4 years later

      Mansoor
      You just had to connect via ssh and put "bt 27", which means Turn on/off panel SSL