This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

HOWTO : Sentora (on Centos) Letsencrypt with Python 2.7
#1
HOWTO : Sentora (on Centos) Letsencrypt with Python 2.7
As Letsencryp states that 2.6 is no longer supported in the future here is my guide to set it up with 2.7

Install Python 2.7 op Centos (with alternate install which leaves 2.6 also in place)
Code:
yum install gcc
cd /usr/src
wget https://www.python.org/ftp/python/2.7.10/Python-2.7.10.tgz
tar xzf Python-2.7.10.tgz
cd Python-2.7.10
./configure
make altinstall

Install numpy for Python (because we can)
Code:
yum install python27-numpy

Install the letsencrypt Virtual Environment based on Python 2.7 this also removes an already installed letsencrypt version
Code:
yum install git
cd /root/tools
rm -rf /root/tools/letsencrypt
rm -rf /etc/letsencrypt
rm -rf /var/lib/letsencrypt
rm -rf /root/.local/share
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
sed -i "s|--python python2|--python python2.7|" letsencrypt-auto
./letsencrypt-auto --verbose

If you get somekind of ascii error just ignore @ this stage..

Code:
service httpd stop
./letsencrypt-auto certonly --standalone -d <your vhost domain>
service httpd start

Changing Sentora port:
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select VHost] ->
Tick Port Override.
Forward Port 80 to Overriden Port: 443

Custom Entry:
Code:
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/support.randomsolutions.nl/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/support.randomsolutions.nl/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/support.randomsolutions.nl/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
# SSLCompression off

Wait on daemon update or run it manually and restart apache.
Code:
php -q /etc/sentora/panel/bin/daemon.php
service httpd restart

When you get an error on starting stating that 443 is already in use
Code:
vi /etc/sentora/configs/apache/httpd-vhosts.conf
put a # before listen 443

How to get an A rating on SSLlabs (Qualys) we also need to disable SSLv3 in the main ssl.conf file
Code:
vi /etc/httpd/conf.d/ssl.conf
add -SSLv3 behind SSLProtocol ALL -SSLv2

Code:
service httpd start
done

NOW FOR THE AUTOMATIC RENEWAL PART make a Cronjob

Code:
sudo crontab -e
30 2 * * 1 /root/.local/share/letsencrypt/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log
35 2 * * 1 service httpd restart

Save and exit. This will create a new cron job that will execute the letsencrypt-auto renew command every Monday at 2:30 am, and reload Nginx at 2:35am (so the renewed certificate will be used). The output produced by the command will be piped to a log file located at /var/log/le-renewal.log.

You can verify if it was set OK by
Code:
crontab -l

Done! No Thanks
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Is Sentora dead? rajeevrrs 2 2 ,879 12-17-2022, 09:20 AM
Last Post: TGates
Sentora debug and error files johnnyp 0 1 ,098 10-27-2022, 06:16 PM
Last Post: johnnyp
Transfer Account to another Sentora BenI 1 2 ,487 07-21-2022, 07:19 PM
Last Post: Nigel

Forum Jump:


Users browsing this thread: 1 Guest(s)