Secure Sentora Domains with Let's Encrypt

[ogika]

Pfa help me someone i have a problem i maded a encript for a domain and all my server accounts are down ( 

i used that command form up

please help

[worksmarter]

Pfa help me someone i have a problem i maded a encript for a domain and all my server accounts are down ( 

i used that command form up

please help

Look for the file located at:

Code:

/etc/httpd/conf.d/ssl.conf

Open the file and look for the Listen 443 and comment it out with a # sign (

#Listen

443). Restart apache, run the Sentora daemon in bash/ssh and you should be back in business, that is unless you monkeyed with the httpd.conf or worse yet the httpd-vhosts.conf file. You can make changes to the file that will be over ridden in short order by SENTORA, but in some circumstances you cannot log back in to the panel to enter the correct data into the Apache Config module in SENTORA without making a short term change in that file. Remember it WILL get written over when the job runs that takes the data from in SENTORA and rewrites your httpd-vhosts.conf file at regular intervals.

Finally, while I should have mentioned this first, is the fact you have given us next to no information to go on. Please try and supply the community here with pertinent data about your server setup so we may help assist you further.

...and if your statement that follows:

i used that command form up

refers to you running out of authorizations with Let's Encrypt and need to wait a week or so for them to reset the system and allow you to try again, there is no one including Let's Encrypt that can help you with that - you must be banned for a term, otherwise they would be inundated with requests that are wrong, or illegitimate. So if they have told you you are out of authorizations, you will have to wait the term stated by them before even attempting to use Let's Encrypt for whatever domain you got temporarily banned from securing.

Keep in mind too, that the first thing you might want to investigate is all of your server logs. In your case I would guess the Apache log might be where to start, but if you find odd errors in any of the log files, repost them here for people to assist. Please use the <code block> icon above so your logs are not pages long on the forum.

[Bobses]

How to autorenew all SSL certificates (login Sentora and domains) - without our interventions?
It's ok to create a cron job like the following to run every 2 months?

Code:

1 0 * */2 * /path/to/letsencrypt-auto renew

Or there is another command?

[worksmarter]

A cron job should be the thing you do to renew all of them automatically, and yes use "letsencrypt-auto renew" to renew all of the certificates at once. You also could use epressions and list the month, but your idea is the most compact.

Code:

0 1 1 */2 * /path/to/letsencrypt-auto renew

This should run on the first day of every second month at 1:00.

[TGates]

I think a weekly or even daily crontab task would be more effective to ensure your sites stay active. (I use a daily crontab at 4am) I had issues when setting it monthly because it will only auto-renew a week or so before expiration.

[Bobses]

Thank you both.
I assume that a daily cron job is better than weekly or monthly, especially if we have certs who are going to expire at different moments. So, my cron job is:

Code:

01 0 * * * /path/to/folder/letsencrypt/./letsencrypt-auto renew >> /var/log/letsencrypt/letsencrypt_renew.log

[rpuig]

Thank you both.
I assume that a daily cron job is better than weekly or monthly, especially if we have certs who are going to expire at different moments. So, my cron job is:

Code:

01 0 * * * /path/to/folder/letsencrypt/./letsencrypt-auto renew >> /var/log/letsencrypt/letsencrypt_renew.log

do i have to use this code as root ? nothing else to do before?

[andykimpe]

require remplace this code on doc

Code:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help

retrun errorr

Code:

bash: ./letsencrypt-auto: No such file or directory

by this

Code:

git clone https://github.com/certbot/certbot
cd certbot/letsencrypt-auto-source
./letsencrypt-auto --help

or this

Code:

wget https://github.com/certbot/certbot/raw/master/letsencrypt-auto-source/letsencrypt-auto
chmod +x letsencrypt-auto
./letsencrypt-auto --help

or for new system

Ubuntu/Debian

Code:

apt-get -y install certbot

CentOS/RHEL/AlmaLinux/Rocky Linux/Fedora

Code:

dnf -y install certbot

easy use in full silent mode

not require stop apache

not require email adresse

Code:

certbot --non-interactive --agree-tos --register-unsafely-without-email --renew-by-default --standalone --http-01-port 90 certonly -d www.softwarecollections.org -d softwarecollections.org



letsencrypt-auto --non-interactive --agree-tos --register-unsafely-without-email --renew-by-default --standalone --http-01-port 90 certonly -d www.softwarecollections.org -d softwarecollections.org