One of the main tutorial sites I use other than my Gridpane and Instawp accounts is a NameCrane direct admin account; it is a pretty generous DA shared account which comes with 100 GB storage, 2 CPU cores, and 4GB RAM, SSH access too, which is more than enough for pretty much all of my tutorials. Their support has been excellent, and their technical knowledge of their solutions is also great I highly recommend them there’s a link on the first NameCrane in this article
I submitted a support ticket the other evening about email forwarding and catching all domains as I wanted to replicate the behaviour I have on wpcode.dev on the other domains. I.e. wpcode.dev uses Cloudflare forwarding for emails and forwards them to my tutorials/demo Gmail account, but before I did this, I wanted to check if this was ok or if they had a way I could link into the API for wildcard DNS so Cloudflare could host, but I’d still have SSL within literal seconds, I got a reply saying I could do it, and it shouldn’t be an issue for there system, to mimic the forwarding arrangements.
I replied to Francisco email with a thank you for the quick reply and some more details about what I was trying to achieve and I got a reply this time from Mike saying “DirectAdmin has that functionality when you select a wildcard, instead of “local” for DNS validation, you pick CloudFlare and it asks for API access/etc” with the caveat he hadn’t tried it.
So I set about trying it, and for initial testing, it works perfectly and allows me to keep my DNS with Cloduflare and subsequently use their email forwarding and be able to use the domains in my gridpane box while retaining the convenience and speed of the Direct Admin Solution.
Note: Since I started testing this solution and writing this article. I have changed from IP-based mapping to Cname mapping for the same reasons as this article here and have had the same success. Mike also checked the domain and said it has retained credentials for the API for renewals so they should work as planned too.
How to Setup your DNS & get working Wildcard Subdomains / SSL
Setup your Cloudflare account for the domain as usual, then we need to edit the domain DNS records, I have assumed you know how to edit zone records and how to generate access tokens.
Setup your records as normal, please note the image shows A records and IP addresses, I have switched to CNAME and CNAME records to a single CNAME going to the IP address utilising Cloudflares CNAME flattening
We are setting up a proxied redirection to the apex domains (@) and all subdomains * via a wildcard in the above picture.
This now means that all *.domain.com and doman.com enquiries will go to the Direct Admin instance where the IP address points to, in my case, NameCrane.
Now, we need to generate an API key to use in our domain(s) with direct admin for generating the DNS records during Wildcard SSL creation with letsencrypt, it does support, but I don’t recommend Global API and email setu,p but I prefer very narrow scope, token-based for domain setup as its much more secure
So we navigate to API generation, and we are going to generate a new token that is based on the Edit Zone DNS template, making sure it has the following permissions: Zone Zone Edit and Zone DNS Edit. This means it can edit the given zone and the zone’s DNS, which is what we need for this to work
In the image below, you can see this option for the same domain as the other image above; this is what your token setting should look like except for your domain(s)
Continue to summary and make the token and then copy the API Token, its important to note this is the only time you will be able to see this token once generated so you need to keep it secure if you plan on reusing it for multiple domains or other such use
Now we need to head over to direct admin, and I am going to assume the domain is not already setup if it is you can skip the next two steps.
Add your domain to your direct admin account I strongly recommend disabling SSL the highlighted red checkbox does this, the reason for this is that it is faster and will avoid running an SSL cert for the domain straight away, and thus, you no longer need to wait for that to finish to carry on
You now need to navigate to SSL certificates. If you’ve followed my advice above, you will get a notification about SSL being disabled. This is easy to fix: just click enable, and this will then show you the SSL generation screen without trying to generate a certificate first.
Now we need to create our SSL certificate the default options are shown below; the bit we need to make sure for wildcard setup is as follows: the wildcard box is checked at common name, and we need to change DNS Provider from local to in our case Cloudflare
Once you’ve set the wildcard and the DNS provider to Cloudflare you push Save, and the following box pops up
You now need to paste your generated token in the boxes marked 1 & 2 above, as you can see you can also use your global API key and Account Email, but I prefer the more secure and targeted approach
Once you push save, it will then save and tell you it will generate, and like any SSL, you will get a notification within a few minutes. You should get one that tells you it is all approved.
Additional Notes:
- If you do this for your main domain, you will not be able to log in via 2222 anymore unless you set your domain to DNS only rather than proxied (No orange cloud) I get around this by actually adding a DNS-only subdomain called da.domain.com, which has this option set and this is how I choose to access DirectAdmin’s 2222 without affecting the rest of my setup
- Now, at the time of writing this, I haven’t had a renewal of the SSL certificate yet to 100% confirm they will auto-renew they should as long as your token hasn’t been deleted or modified and Cloudflare is still controlling the domain, I will update this article with that information once my first renewal happens sometime in May 2025
