PHP Settings for All New Domains
This is done individually for all domains. This updates PHP.ini file (or is a virtual equivalent). Some PHP Settings weren’t set until now, since the domain was just created. Also, read the Bricks Builder server requirements.
- Operational Notes:
- Several of these PHP Settings typically meet or exceed Kadence & Bricks Template & Block Requirements.
- These PHP Settings are being referenced as PHP Overrides by DirectAdmin.
- From DirectAdmin Control Panel | USER:
- Go to <Account Manager> | <PHP Settings>.
- Ensure correct domain is selected (in top right area).
- Operational Note: Must refresh browser screen to reflect current settings.
- If available, select PHP version and apply the following settings.
- Max execution time helps ensure pCloud file uploads & downloads have a good performance.
- Max upload size is flexible. I have them high so I can upload large files into File Station.
- To prevent an upcoming WP Site Health notification, try to make post_max_size be HIGHER than upload_max_filesize.
- From “Add New Override”, just select setting you want from the dropdown box, Then, tap
. Below are the new settings to Add so you can then update each setting. - Operational Note: This setting does exist but isn’t displayed on the existing list (so, don’t add it again):
- allow_url_fopen: enable
- max_execution_time = 300 (default was 30). Tap to <Add>. 180 is Min for Bricks Builder.
- max_input_vars = 2500 (default was 1000). Tap to <Add>. 2500 is Min for Kadence.
- memory_limit = 368M-1024M (default was 128M). Tap to <Add>. Use higher amount for anticipated large or complex sites. 250M is Min for Kadence.
- At this point, it will start giving a popup msg listing the latest changes. Just tap <Close> each time from this point forward.
- post_max_size = 128M (default was 8). Tap to <Add>. (MUST be larger than upload max)
- upload_max_filesize = 64M default was 2M). Tap to <Add>. (>=64MB for Bricks Builder)
- Tap <Save>.
- Operational Note: This setting does exist but isn’t displayed on the existing list (so, don’t add it again):
- If PHP versions are selectable, repeat above steps for all other PHP versions.
Applying DirectAdmin System Packages Updates
- Logon to DirectAdmin as ‘admin’.
- From DirectAdmin Control Panel | ADMIN
- Go to <Server Manager> | <System Packages> and tap <Update All Packages> | <Confirm>.
- Wait until it’s entirely completed and stay active on the screen during this process.
- Operational Note: Sometimes, a server reboot is desired after this type of update. It has been known to resolve newly experienced issues at times.
Applying DirectAdmin CustomBuild Updates
- Logon to DirectAdmin as ‘admin’.
- From DirectAdmin Control Panel | ADMIN
- Go to <Server Manager> | <CustomBuild> | <Updates> and tap <Update All>. Wait for blue message to go away & read in terminal window “… is done”.
- Operational Note: Sometimes, a server reboot is desired after this type of update. It has been known to resolve newly experienced issues at times.
DNS Zone Removal from QUIC.cloud
There are times when it’s recommended to remove a domain that was registered with QUIC.cloud. Often, it can be just a temporary plan to execute. Sometimes, it’s a recommended practice after making DNS changes or Nameserver assignment changes of a domain. It’s a common practice that’s done to reassure the changed DNS records on a domain’s server get copied back correctly into QUIC.cloud’s system.
- So, start by removing it (from Settings in QUIC.cloud for this domain) from the account. It might be be added back later, with more current DNS records. However, you should only consider adding it back after all DNS updates and Nameserver changes have been applied on your VPS.
Register New Nameservers at Domain’s Registrar
New Account Domain (aka Primary Domain, First Domain, Server Account Domain) only: If the nameservers are not registered at this account domain’s registrar, follow these steps. Go to the Registrar name listed below or click the following list for assistance directly from their site.
Operational Note: Sometimes, it also assigns that domain to same newly registered nameservers.
- Bulk Helpful URLs for upcoming steps
- NameCheap: How to Change DNS for a Domain
- NameCheap: How to Connect a Domain to a Server or Hosting (see section 2)
- NameCheap: “How do I register personal nameservers for my domain?”
- and its Video: “Register Personal Nameservers”
- Operational Note: Ensure unmanaged VPS is running (that has the ns1 & ns2 nameservers).
- These running nameservers were just created in recent previous steps.
iWebFusion: Adding or Registering New NameServers
- Logon to domain registrar (iWebFusion).
- From “Client Portal”, tap on <Domains>.
- Scroll the list of domains, and tap on empty white space of applicable domain record.
- In domain Manage section (left pane), click on “Private Nameservers”.
- In right pane “Register a NameServer Name”, populate the 2 text boxes and <Save Changes>.
- Repeat for registering ns2.
- These nameservers can now be used on this registrar for client’s domains.
NameCheap: Adding or Registering New NameServers
- Logon to domain registrar (NameCheap).
- Go to <Domain List> | <Manage> on applicable domain.
- Click on tab “Advanced DNS”.
- Scroll down to section “Personal DNS Server”.
- Operational Note: You’ll now see if the VPS custom/personal nameservers are registered yet so they can be assigned to the domain account on Namecheap.
- In “Find Nameservers”, select option “Custom Nameservers”
- Populate host with part of nameserver name (e.g., ns1 or ns2) & tap <SEARCH>.
- If correct nameservers are listed, they are registered nameservers, available to be assigned to this domain.
- Note: the videos are confusing when they refer to ns1 & ns2 private nameservers as falling under “Standard Nameservers” to be registered there. A support email confirmed that, if I want my custom nameservers to be used on my VPS, I need to create them under “Custom Nameservers”, which only requests (host) names of my nameservers. No IP is set here.
- If the needed nameservers don’t appear here, proceed to their section named “Register Nameserver (Add Nameserver)”.
Assign Nameservers to Any Domain
These steps show how to assign previously registered nameservers to any domain. This is also how to change previously assigned nameservers. This is done on the domain registrar’s site for a domain. Below are shown several registrar’s methods & some URLs are given for various different ones. So, for the current domain in question, proceed to change the nameservers for it, using the registrar’s site.
Only if your nameservers are already registered at your domain’s registrar, you can the assign them to your domain. Applying these steps will temporarily halt public viewing of any existing, old website on another server. Also, you won’t be able to logon via WP-Admin anymore for that old site, if it exists. You will be able to logon when you create it as a new site on this new server and import in the backed up (exported) copy. Knowing that, from this point forward, continue to pursue these steps in order.
- From the domain’s registrar, change its domain’s nameservers.
- Example for iWebFusion registrar. Tap to open domain from domains list. It shows it’s locked but tap on URL “Change the nameservers your domain points to”. Assuming you named each one to start with ns1 & ns2, followed by the dot and your account domain name, change them to be:
- ns1.<your account domain name>
- ns2.<your account domain name>
The procedure varies with each registrar. So, I cover just a few registrars that I use but some helpful URLs show others. Know that assigning these registered nameservers gives you full DNS control over that domain if assigning the nameservers that exist on this unmanaged VPS.
iWebFusion Registered Domains: Assign Custom Nameservers
- While logged on to iWebFusion, ensure you’re on the Client Portal.
- Then, click on DOMAINS.
- From the Domain List, scroll down to change “Show 10 entries” to be “Show All entries”.
- Then, select check-boxes of all desired domains to reassign their nameservers.
- Click on the tab “Manage Nameservers”.
- This screen does not show current nameservers (by design). It shows the list of just selected domains about to change their nameservers.
- With the option preset to “Use custom nameservers (enter below)”, set the following:
- Assign Nameserver: ns1.<your account domain name>
- Assign Nameserver2: ns2.<your account domain name>
- Click <Change Nameservers>.
- If those nameservers are truly registered nameservers, the confirmation acceptance notification will be revealed. If any of those nameservers entered are not yet fully registered, an error will be shown and 1 or more of those nameservers will not be changed.
- To view the current nameservers assigned to a domain, go to the domains list. Then, click on any blank (non text) area of the desired domain. It will take you to the Manage screen for that domain. Just tap on “Nameservers” and the assigned nameservers will be displayed. Also, this is another way to reassign nameservers.
Namecheap Registered Domains: Assign Custom Nameservers
- Helpful Namecheap article on “How to Change DNS for a Domain”. Focus on section 2 for“CustomDNS” section for custom nameservers.
- While logged on to NameCheap, go to <Domain List> and tap <Manage> on applicable domain.
- You must take notes to copy all DNS records to reapply them, as needed, after the change. Some record might need updated IP addresses, of course. Those previous records will be deleted after any DNS type changing.
- Under the tab “Domain”, scroll down to row named “NAMESERVERS” & change the dropdown selection to “Custom DNS”.
- You must consider to take notes to copy all preexisting DNS records to reapply them, as needed, after the change. Some record might need updated IP addresses, of course. Those previous records will be deleted after any DNS type changing & Namecheap indicates it doesn’t recreate them if changing DNS type back.
- Assign Nameserver: ns1.<your account domain name>
- Assign Nameserver2: ns2.<your account domain name>
- Tap green check mark to “Save”.
- A completion banner will appear that indicates it might take up to 48 hours to propagate. However, there are still more steps to take to fully complete the entire DNS/nameservers process.
- You can confirm the assignments worked if you go to another menu and return back, apply a screen refresh, & see if the assigned NS records remain displayed.
- You must consider to take notes to copy all preexisting DNS records to reapply them, as needed, after the change. Some record might need updated IP addresses, of course. Those previous records will be deleted after any DNS type changing & Namecheap indicates it doesn’t recreate them if changing DNS type back.
About Other Registrars: Assign Custom NameServers
If not using NameCheap, many other registrars won’t have the automated setup for you to view, add, or delete nameserver registrations. Here’s more info on that.
- In trying to assign a custom nameserver to a domain, you get an error, then you must submit a support ticket to request the registrar to register the nameservers for you. Also, you’ll need to provide the IP address to point to.
- You can’t assign these private/custom nameservers to any domain until they’re registered through the domain registrar of that particular domain. Also, it might take time before you can use them to be assignable.
SSL Certificates
Moving Domains ONLY: SSL Removal Tasks
- If domain exists on another server, you MUST ensure to have removed the domain name from any assigned SSL certificate.
- Then, to validate its removal, ensure to request a cert renewal on old server so that the old domain is shown removed. That will free up the SSL validation tasks for the upcoming new server.
- Also, you might have to empty all cache types from that old server as well.
DirectAdmin USER SSL Configuration
- From DirectAdmin Control Panel | USER
- Go to <Account Manager> | <SSL Certificates>.
- Confirm you’re in the correct domain (top right).
- Change option to “Get automatic certificate from ACME Provider” (default was “Use the best match certificate”)
- ACME Provider: Let’s Encrypt
- Common Name:
- Select ckbox: Wildcard
- Selected entries…: Confirm it selected all checkboxes of “Certificate Entries”
- Select check-box of “Force SSL with https redirect”
- Tap small “Save” box.
- Click on large <Save> button.
- You probably will get a popup alert msg advising you it’s already processing another certificate.
- If you get a popup msgtelling you to wait, continue to the next step. Otherwise, if no popup msg, wait until it processes for about 2 minutes & then it provides a popup confirmation of certificates applied. Tap <Close>.
- Operational Note: If anything pops up with a lot of text in a content box, it’s not necessary to copy nor save it.
- You probably will get a popup alert msg advising you it’s already processing another certificate.
- Now, confirm a change of the above option to “Use the best match certificate”.
- Tap <Save>.
- Confirm you’re in the correct domain (top right).
DirectAdmin ADMIN SSL Configuration
- From DirectAdmin Control Panel | ADMIN
- Go to <Server Manager> | <Admin SSL>.
- Select check-box of newly added domain & tap <Settings>. Make these selections.
- Notify administrator account on certificate request failures.
- Notify users on certificate request failures.
- Do NOT select any other options.
- Verify “Fix certificates” section has selection of “LetsEncrypt certificates”.
- Click <Update>.
- From top, Tap <Server TLS Certificate> | <ACME Settings>.
- Confirm selected check-box to “Enable ACME” to automatically renew and replace server TLS certificates.
- ACME account e-mail address (Custom e-mail): admin@<account domain name>. Don’t use email addresses with added domains because, I’m using a chain certificate (i.e., shared by multiple domains with one account admin email address representing all).
- Key Type: ECDSA P-256
- ACME Provider:Let’s Encrypt
- Additional Domains
- ONLY IF this * record does not yet exist for this new domain, continue to next steps to add it.
- Add additional domain (starting with “*.”) to TLS certificate: *.<domain name>
- Tap <+ ADD>.
- Scroll down to bottom & click <Submit>.
- When prompted, Select the checkbox to “ISSUE A NEW…”. That’s because all steps now cover a chained SSL Cert.
- Tap <Confirm>.
- TIP: If you forgot to select the checkbox to “Issue a new…”, then tap <Server TLS Certificate> and tap <Renew Now> at “Automatic Certificates”. Then, tap <Renew Now>.
- Checkif default homepage for this domain is usually now working.
- From DirectAdmin Control Panel | ADMIN
- Go to <Server Manager> | <Admin SSL>.
- You can monitor the status of all domains. Just scroll all the way to the right. When it’s showing “Valid” = <Yes>, you’ll know it’s working. You can periodically refresh the screen; it takes about 3-5 minutes waiting. You’ll see a blue msg box briefly about 1 minute before the SSL cert shows “Valid”. When all 4 items are checked with a green “Yes”, the default site homepage then appears OK.
If SSL Issues Occur & Not Getting Final “Valid” Status on SSL Certificate
- Only if it seems you’re having issues on getting final SSL validations, try & check for any available updates in DirectAdmin Admin | Server Manager | System Packages. If updates are needed, you can apply them by following these sections’ checklists:
- If this is a domain move from an old server, ensure you removed the this domain from the SSL chain cert (or other SSL cert) on the old server.
- Don’t continue with remaining steps until the SSL Certificate shows as “Valid”, and preferably, for all 4 status items to be shown with a green “Yes”
SSL Validation Checks for Account Domain Only
- Now, check these items to verify these items are working correctly:
- Go to this account domain’s (website) Home page & confirm it has a default https page showing.
- You can logon to DirectAdmin using “https” & the path includes the domain name (e.g., server.primaryvps.com) and not its IP address.
- From DirectAdmin Control Panel | USER
- Go to <Extra Features> and tap each of the items listed there to ensure they open.
- Webmail: Roundcube: it uses the DirectAdmin Admin credentials.
- Note: Only confirm you can logon; then close.
- PhpMyAdmin: Just confirm it opens; then close.
- From DirectAdmin Control Panel | ADMIN
- Go to <Extra Features> and tap each of the items listed there to ensure they open.
- ConfigServer Security & Firewall
- If this CSF doesn’t appear, close browser & run the following commands in a terminal shell.
- wget http://files.directadmin.com/services/all/csf/csf_install.sh
- 945 /bin/sh ./csf_install.sh
- If this CSF doesn’t appear, close browser & run the following commands in a terminal shell.
Redis Confirmation Tests & Fixes
Redis has already been set to run under the custom build options for the server. This is for confirmation, as well as to view & copy the “Path to redis socket file” for future use of this domain’s site.
- From DirectAdmin Control Panel | USER
- Go to <Advanced Features> | <Redis>.
- Confirm you have the correct domain shown (top right). Then, refresh the browser screen.
- If you see <Enable> button, tap it. If it’s already enabled, the current status will show “This account has Redis enabled” and a red <Disable> button is showing.
- Copy “Path to redis socket file” for later usage.
- Default path to copy might be: /home/admin/.redis/redis.sock
- Operational Notes & Workarounds/Fixes: Here are various redis commands only for Unix Sockets (aka “sock”), port = 0 that can be run:
- To test if redis is running
- systemctl status redis@admin
- To start redis (but doesn’t mean it will auto-start after a reboot)
- sudo systemctl start redis@admin
- To stop redis (but doesn’t mean it will stay stopped after a reboot)
- sudo systemctl stop redis@admin
- If redis not auto-starting:
- Sometimes, after a backup restoration, redis will no longer auto-start. The workaround fix is to logon to DirectAdmin | User and go to <Advanced Features> | <Redis>. Tap to <Disable> and then tap again to <Enable>. Also, this assumes that the other settings were correct to begin with and this was working before the backup restoration.
- To test if redis is running
How to Enable DKIM in DirectAdmin for Mail
- From DirectAdmin Control Panel | USER, go to <E-mail Manager> | <E-mail Accounts>.
- Select the correct domain (top right); then, tap to <Enable DKIM>.
- If it’s already showing enabled, and you’re having an issue or seeing a failed test of DKIM, tap it to disable it, and then re-tap it to enable DKIM again.
- Select the correct domain (top right); then, tap to <Enable DKIM>.
How to Confirm DKIM Is Enabled for Mail
- Test to Confirm DKIM.
- Go to https://dmarcly.com/tools/dkim-record-checker
- Domain: <your domain name>.
- Selector: x
- Operational Note: The DKIM selector used by DirectAdmin is customized as “x”.
- Tap <Check DKIM Record>.
- If it’s confirmed fine, you’re done. However, if there’s a DKIM issue or failed test, see “How to Enable DKIM in DirectAdmin for Mail”.
- Go to https://dmarcly.com/tools/dkim-record-checker
Test if DMARC Record exists
- Go to https://dmarcly.com/tools/dmarc-checker
- Domain: <your domain name>
- Tap <Check DMARC Record>.
- Generally, there’s no DMARC Record yet so, if that’s still true, proceed to generate one.
Generate a new DMARC Record
DirectAdmin has a built-in DMARC Generator that’s natively a part of adding a DNS record. And it’s an extremely high detailed one.
- From DirectAdmin Control Panel | Admin, go to <Server Manager> | <DNS Administration>.
- Tap on the correct domain from the domains list at the bottom.
- Confirm the “Edit DNS Records for…” shows the correct domain name.
- Click <Add Record> and populate with the following items.
- Record Type: TXT
- Name: _dmarc
- TTL: 3600
- TXT Record Type: DMARC
- Domain policy type: Reject
- Subdomain policy type: Select (choose “same as domain”; the word “Select” will remain)
- Aggregate Email (RUA): add admin@<domain name>, or leave blank to not receive reports); however, skipping this email address here is not recommended.
- Forensic Email (RUF): (leave blank)
- Report Format: (default: “Authentication Failure Reporting Format”)
- Reporting Interval: 86400 (default is 24 hours = 86400)
- Percentage: 100 (default = 100)
- Alignment mode for DKIM: Relaxed (default = Relaxed)
- Alignment mode for SPF: Relaxed (default = Relaxed)
- Value: (automatically generated, based on above selections; however, can now be manually changed if desired).
- Click <Add>.
- Operational Notes
- Confirm DMARC record now is found by testing at https://dmarcly.com/tools/dmarc-checker.
- Sometimes, it takes about 3 minutes after adding the DMARC record to DNS to resolve.
- Results might be in red if a single required minimum item is “not found”, e.g., if a scheduled RUA report’s “Aggregate Email” address is not found or if a “domain policy type” is not assigned, the results will be in red.
- Typically, the result will include having at least 1 item “DMARC record found”.
How to Configure rDNS on the Account Domain Server
This is done only ONCE and it’s only on the account domain’s server UNLESS THE SERVER NAME or IP Address has CHANGED. It stays with a server rebuild but only if the previously used server name is unchanged as well as the same IP because it’s tied to the account & its IP address. But you can use the beginning of this process to check what the current rDNS entry is showing. That’s because this record is not kept on this unmanaged VPS. This is needed for most mail servers to accept emails from my mail server. On SpeedyPage, here are the steps to verify it and to change it.
VPS Host iWebFusion: Configure rDNS on Account Domain Server
- Helpful URL: SpeedyPage “How to configure rDNS records on our VPS platform”
- SpeedyPage states: All entries must have a corresponding forward record already set at the domain’s DNS provider.
- Logon to SpeedyPage Client Area.
- In “My Dashboard”, click <Services>.
- Then, tap on this Virtual Server.
- Scroll down to the “Management Actions” section & click <Open Control Panel>.
- Take note of the displayed FQDN (hostname), e.g., server.<my account domain>
- From the top menu bar, click “Network” tab.
- Scroll down to section “IPv4 Addresses”.
- If <Reverse DNS> is showing, that means it currently does NOT have an rDNS entry and needs it.
- So, click <Reverse DNS> button.
- In the prompt, enter in the previously displayed FQDN (hostname): server.<my account domain>
- Click <Update>. Then, close this popup box.
- Then, when you bring up “Network” in the future, the <Reverse DNS> button no longer appears but the IPv4 Addresses section now has a column named “RDNS” info show up.
- Consider option to forward all emails to personal email address.