Configuring Let's Encrypt for Sentora and Domains http://docs.sentora.org/?node=102

[marvoh]

Hi,

I followed this tutorial http://docs.sentora.org/?node=102 Let's Encrypt: Sentora Login to the letter except the part installing let's encrypt from git because the repository couldn't be found.

My server is a droplet hosted on digital ocean running ubuntu 14.04.

I forwarded my sentora port to 443 and added the following to the global sentora config 

SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCMH+AESGCM:ECDH+AES256H+AES256:ECDH+AES128H+AES:ECDH+3DESH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/panel.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/panel.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/panel.mydomain.com/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off



The problem now is that I cannot access the domain without typing https://panel.mydomain.com. When I enter the address http://panel.mydomain.com/, I get a 500 internal server error.

Second issue is, in the panel, when I try to click on sentora config, the url resolves to https://panelmydomain.com/?module=sentoraconfig removing the '.' subdomian demoninator meaning I am unable to make any changes here.

Issue number three is I have mydomain.com which has no SSL cert yet. trying to open mydomain.com also gives me the 500 internal server error. 

Where I'm I going wrong?

[TGates]

Please post your httpd-vhosts.conf file so we can take a better look at what is going on.

[marvoh]

Here it is 

Code:

Listen 443
Listen 80

# Configuration for Sentora control panel.
<VirtualHost *:443>
ServerAdmin zadmin@localhost
DocumentRoot "/etc/sentora/panel/"
ServerName panel.mydomain.com
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
   AllowOverride All
   Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/panel.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/panel.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/panel.mydomain.com/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost>

################################################################
# Sentora generated VHOST configurations below.....
################################################################

# DOMAIN: mydomain.com
<virtualhost *:80>
ServerName mydomain.com
ServerAlias  www.mydomain.com
ServerAdmin zadmin@localhost
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/mydomain_com"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/mydomain_com:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mk$
ErrorLog "/var/sentora/logs/domains/zadmin/mydomain.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/mydomain.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/mydomain.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/mydomain_com">
 Options +FollowSymLinks -Indexes
 AllowOverride All
 Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)

# Custom VH settings (if any exist)
</VirtualHost>

# Configuration for WebMail
<VirtualHost *:80>
ServerAlias webmail.*
DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/etc/apps/webmail/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
</virtualhost>
# END DOMAIN: mydomain.com
################################################################

[TGates]

You are getting the 500 error because their is no vhost entry for http for the panel login sub domain which would then redirect to https.

If you add this to the end of your custom virtual host for mydomain.com it should accept http://panel.mydomain.com and redirect it to https://

Code:

</VirtualHost>
<VirtualHost *:80>
    ServerName panel.mydomain.com
    DocumentRoot "/etc/sentora/panel/"
    Redirect permanent / https://panel.mydomain.com

Sorry, but I do not have time to test it first.

There is also another way of doing this that is more proper, but it requires a bit more knowledge and editing files through SSH. If the above doesn't work, I'll walk you through how to do it using the proper method.

[marvoh]

Thank you this worked like a charm.

Now I have one remaining issue.

mydomain.com which is a joomla website is giving me the same problem 500 internal server error with the v-host config shown above.

My intention is to get a certificate for it so that I can be able to then add SSL/ TLS for encrypted email.

Are you in a position to walk me through that?

[TGates]

If it is the same exact issue, then just edit the above to match the mydomain.com settings.

Code:

</VirtualHost>
<VirtualHost *:80>
    ServerName mydomain.com
    DocumentRoot "/var/sentora/hostdata/[username]/public_html/mydomain_com/"
    Redirect permanent / https://mydomain.com

[marvoh]

It appears to be the same issue but I don't have an SSL certificate for mydomain.com. Should I then proceed to give it a certificate then redirect as above?

[TGates]

Well, yes. You said you wanted to add SSL to mydomain.com

[marvoh]

When I add SSL to my domain, it affects subdomians redirect setup eg. webmail.mydomain.com.

My primary problem right now is to have the website up even without the SSL but when I type www.mydomain.com, I get the 500 internal server configuration problem. 

Can you assist with this?

[TGates]

working on it...