This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Secure your domain with Free SSL/TLS Certificates (Centos 7)
#1
Secure your domain with Free SSL/TLS Certificates (Centos 7)
Installing git & Let’s Encrypt

Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.

Code:
yum install git mod_ssl openssl
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help

Creating a Certificate for your domain

You need to turn off apache before creating a certificate or you will get something like

Quote:The program httpd (process ID XXXX) is already listening on TCP port 80. This will prevent us from binding to that port. Please stop the httpd program temporarily and then try again.

Replace example.com by your domain.tld

Code:
service httpd stop
./letsencrypt-auto certonly --standalone -d example.com -d www.example.com
service httpd start

Adding a Custom Entry on Virtual Host

On Sentora Panel go to Admin -> Module Admin -> Apache Config
On "Override a Virtual Host Setting" Select Vhost for your domain and add a "Custom Entry" like bellow

Don't miss to replace example.com and example_com by your domain tld

Code:
#Redirect
permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias  www.example.com
ServerAdmin zadmin@localhost
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/example_com"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mk$
ErrorLog "/var/sentora/logs/domains/zadmin/example.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/example.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/example.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/example_com">
  Options +FollowSymLinks -Indexes
  AllowOverride All
  Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
#Header
always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"


Save Vhost.


Wait on daemon update or restart it manually and restart apache

Code:
php -q /etc/sentora/panel/bin/daemon.php
service httpd restart


Your domain should now be secured by SSL.
Reply
Thanks given by: Zenirax , jstacklin , Me.B , ijsje , TGates
#2
RE: Secure your domain with Free SSL/TLS Certificates (Centos 7)
Thx a lot it's a great how to Smile

I will try now
Reply
Thanks given by:
#3
Thank you!
(01-17-2016, 12:50 AM)PsyKitty Wrote: Installing git & Let’s Encrypt

Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.

Code:
yum install git mod_ssl openssl
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help

Creating a Certificate for your domain

You need to turn off apache before creating a certificate or you will get something like

Quote:The program httpd (process ID XXXX) is already listening on TCP port 80. This will prevent us from binding to that port. Please stop the httpd program temporarily and then try again.

Replace example.com by your domain.tld

Code:
service httpd stop
./letsencrypt-auto certonly --standalone -d example.com -d www.example.com
service httpd start

Adding a Custom Entry on Virtual Host

On Sentora Panel go to Admin -> Module Admin -> Apache Config
On "Override a Virtual Host Setting" Select Vhost for your domain and add a "Custom Entry" like bellow

Don't miss to replace example.com and example_com by your domain tld

Code:
#Redirect
permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias  www.example.com
ServerAdmin zadmin@localhost
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/example_com"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mk$
ErrorLog "/var/sentora/logs/domains/zadmin/example.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/example.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/example.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/example_com">
  Options +FollowSymLinks -Indexes
  AllowOverride All
  Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
#Header
always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"


Save Vhost.


Wait on daemon update or restart it manually and restart apache

Code:
php -q /etc/sentora/panel/bin/daemon.php
service httpd restart


Your domain should now be secured by SSL.

My friend.. I was about to ask how to do this. Thank you SO MUCH! I LOVE YOU! *cough* I'mma go encrypt my server now. Thanks again!!!!  Big Grin Heart Big Grin Big Grin Big Grin Big Grin Heart
Reply
Thanks given by:
#4
Forced HTTPS?
(01-17-2016, 12:50 AM)PsyKitty Wrote: Your domain should now be secured by SSL.

Uhhhh.. Is it instantaneous if it works? How do I force HTTPS? I'm on Ubuntu, but I assume the commands are just slightly different?  Exclamation
Reply
Thanks given by:
#5
RE: Secure your domain with Free SSL/TLS Certificates (Centos 7)
i am also on ubuntu and would like to try this out.
Reply
Thanks given by:
#6
RE: Secure your domain with Free SSL/TLS Certificates (Centos 7)
Sentora Panel Login Secured with Let's Encrypt: HERE
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by: warmax356
#7
RE: Secure your domain with Free SSL/TLS Certificates (Centos 7)
Thanks Smile
Reply
Thanks given by:
#8
RE: Secure your domain with Free SSL/TLS Certificates (Centos 7)
This procedure should be performed for each domain of my server? for each domain should be created a certificate?
Reply
Thanks given by:
#9
RE: Secure your domain with Free SSL/TLS Certificates (Centos 7)
Thank you for your prompt and kind reply...
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Secure Sentora With SSLForFree Chris L 1 4 ,621 01-22-2020, 09:19 PM
Last Post: ralphharder
Fail2ban for Sentora (Centos 7) bbspike 14 44 ,483 01-14-2020, 07:32 AM
Last Post: Vedran B
[How To] Update from PHP v5.4.16 to v5.6.31 (Includes suhosin patch) [CentOS] betatester3.0 5 16 ,786 03-18-2019, 01:23 AM
Last Post: BigBang

Forum Jump:


Users browsing this thread: 1 Guest(s)