Secure your domain with Free SSL/TLS Certificates (Centos 7)
01-17-2016, 12:50 AM
(This post was last modified: 01-17-2016, 01:39 AM by PsyKitty.)
Installing git & Let’s Encrypt
Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.
Creating a Certificate for your domain
You need to turn off apache before creating a certificate or you will get something like
Replace example.com by your domain.tld
Adding a Custom Entry on Virtual Host
On Sentora Panel go to Admin -> Module Admin -> Apache Config
On "Override a Virtual Host Setting" Select Vhost for your domain and add a "Custom Entry" like bellow
Don't miss to replace example.com and example_com by your domain tld
Save Vhost.
Wait on daemon update or restart it manually and restart apache
Your domain should now be secured by SSL.
Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.
Code:
yum install git mod_ssl openssl
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --helpCreating a Certificate for your domain
You need to turn off apache before creating a certificate or you will get something like
Quote:The program httpd (process ID XXXX) is already listening on TCP port 80. This will prevent us from binding to that port. Please stop the httpd program temporarily and then try again.
Replace example.com by your domain.tld
Code:
service httpd stop
./letsencrypt-auto certonly --standalone -d example.com -d www.example.com
service httpd startAdding a Custom Entry on Virtual Host
On Sentora Panel go to Admin -> Module Admin -> Apache Config
On "Override a Virtual Host Setting" Select Vhost for your domain and add a "Custom Entry" like bellow
Don't miss to replace example.com and example_com by your domain tld
Code:
permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
ServerAdmin zadmin@localhost
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/example_com"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mk$
ErrorLog "/var/sentora/logs/domains/zadmin/example.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/example.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/example.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/example_com">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"Save Vhost.
Wait on daemon update or restart it manually and restart apache
Code:
php -q /etc/sentora/panel/bin/daemon.php
service httpd restartYour domain should now be secured by SSL.
