This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
#1
How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
Can somebody help with configuration of RapidSSL on Ubuntu/Apache2 for virtual host not Sentora panel?
Reply
Thanks given by:
#2
RE: How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
(06-23-2015, 10:09 PM)hotshot Wrote: Can somebody help with configuration of RapidSSL on Ubuntu/Apache2 for virtual host not Sentora panel?

Have you read this?

http://forums.sentora.org/showthread.php?tid=994

Because I have with no results
I tried several ways but I just managed to get apache not working and I have to restore the initial configuration.

Or the Sentora Docs? (I´m trying this method now, will return with results in a moment)
http://docs.sentora.org/?node=64
Reply
Thanks given by:
#3
RE: How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
/ssl/folder/domain_cer.crt
<VirtualHost *:443>
ServerAdmin you email
ServerName domian
DocumentRoot /var/sentora/hostdata/username/public_html/domain/
SSLEngine on
SSLCertificateFile /ssl/folder/domain_cer.crt
SSLCertificateKeyFile /ssl/folder/domain_key.key
SSLCACertificateFile /ssl/folder/intermediate.crt
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
<Directory '/var/sentora/hostdata/username/public_html/domain/'>
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Sentora 1.0.3 on [Image: DO_Logo_Horizontal_Blue-3db19536.png]

-= Github =-  -= My Repo =-

My Modules
Reply
Thanks given by:
#4
RE: How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
(06-24-2015, 03:53 AM)stiuvert0007 Wrote:
(06-23-2015, 10:09 PM)hotshot Wrote: Can somebody help with configuration of RapidSSL on Ubuntu/Apache2 for virtual host not Sentora panel?

Have you read this?

http://forums.sentora.org/showthread.php?tid=994

Because I have with no results
I tried several ways but I just managed to get apache not working and I have to restore the initial configuration.

Or the Sentora Docs? (I´m trying this method now, will return with results in a moment)
http://docs.sentora.org/?node=64

Yes, I tried everything I could google out with no result...
Reply
Thanks given by:
#5
RE: How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
(06-24-2015, 04:47 AM)Diablo925 Wrote: /ssl/folder/domain_cer.crt
<VirtualHost *:443>
ServerAdmin you email
ServerName domian
DocumentRoot /var/sentora/hostdata/username/public_html/domain/
SSLEngine on
SSLCertificateFile /ssl/folder/domain_cer.crt
SSLCertificateKeyFile /ssl/folder/domain_key.key
SSLCACertificateFile /ssl/folder/intermediate.crt
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
<Directory '/var/sentora/hostdata/username/public_html/domain/'>
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

Paste this to Virtual Host Overide, change paths and thats it? Or where to put this please? That first row is right? Sorry for these questions bro but I made it so many times that I am crazy from thisBig Grin
Reply
Thanks given by:
#6
RE: How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
(06-24-2015, 06:36 AM)hotshot Wrote:
(06-24-2015, 04:47 AM)Diablo925 Wrote: /ssl/folder/domain_cer.crt
<VirtualHost *:443>
ServerAdmin you email
ServerName domian
DocumentRoot /var/sentora/hostdata/username/public_html/domain/
SSLEngine on
SSLCertificateFile /ssl/folder/domain_cer.crt
SSLCertificateKeyFile /ssl/folder/domain_key.key
SSLCACertificateFile /ssl/folder/intermediate.crt
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
<Directory '/var/sentora/hostdata/username/public_html/domain/'>
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

Paste this to Virtual Host Overide, change paths and thats it? Or where to put this please? That first row is right? Sorry for these questions bro but I made it so many times that I am crazy from thisBig Grin

I´m in the same situation as you. Can´t install PositiveSSL certificate from Comodo.
I´ve used this:

</virtualHost>


<virtualhost *:443>
ServerName tilabmx.com
ServerAlias  www.tilabmx.com
ServerAdmin hcmarcos@tilabmx.com
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/tilabmx_com"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/tilabmx_com:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid$
SSLEngine on
SSLCertificateKeyFile /etc/apache2/ssl/tilabmx_com.key
SSLCertificateFile /etc/apache2/ssl/tilabmx_com.crt
SSLCertificateChainFile /etc/apache2/ssl/tilabmx.com.ca-bundle
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!A$
SSLHonorCipherOrder on
ErrorLog "/var/sentora/logs/domains/zadmin/tilabmx.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/tilabmx.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/tilabmx.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/tilabmx_com">
  Options +FollowSymLinks -Indexes
  AllowOverride All
  Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 510 /_errorpages/510.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm

 
In the custom entry of Virtual host Override with no results. I can acces http but https doesn´t work.
When I check port override to 443 apache stops working.
Reply
Thanks given by:
#7
RE: How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
I even checked permissions of my certificate files to 755 but https isn´t working
Reply
Thanks given by:
#8
RE: How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
SSLCertificateChainFile /etc/apache2/ssl/tilabmx.com.ca-bundle <-- Worng

need to be pem,crt,cer
Sentora 1.0.3 on [Image: DO_Logo_Horizontal_Blue-3db19536.png]

-= Github =-  -= My Repo =-

My Modules
Reply
Thanks given by: stiuvert0007
#9
RE: How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
Code:
################################################################
# Apache VHOST configuration file
# Automatically generated by Sentora 1.0.0
# Generated on: 11:30 24th Jun 2015 CEST
#==== YOU MUST NOT EDIT THIS FILE : IT WILL BE OVERWRITTEN ====
# Use Sentora Menu -> Admin -> Module Admin -> Apache config
################################################################

Listen 80
Listen 443

# Configuration for Sentora control panel.
<VirtualHost *:80>
ServerAdmin marek@hotshot.sk
DocumentRoot "/etc/sentora/panel/"
ServerName hshot
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
    AllowOverride All
    Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)

</VirtualHost>

################################################################
# Sentora generated VHOST configurations below.....
################################################################

<virtualhost *:443>
ServerAdmin marek@hotshot.sk
ServerName fitcity.sk
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/fitcity_sk"
SSLEngine on
SSLCertificateFile /var/sentora/hostdata/zadmin/ssl/fitcityfinal.sk.crt
SSLCertificateKeyFile /var/sentora/hostdata/zadmin/ssl/fitcityfinal.sk.key

SSLCertificateChainFile /var/sentora/hostdata/zadmin/ssl/intermediate.crt
#SSLCACertificateFile
/var/sentora/hostdata/zadmin/ssl/intermediate.crt

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

ErrorLog "/var/sentora/logs/domains/zadmin/fitcityX-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/fitcityX.tld-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/fitcityX-bandwidth.log" common

<Directory "/var/sentora/hostdata/zadmin/public_html/fitcity_sk">
  Options +FollowSymLinks -Indexes
  AllowOverride All
  Require all granted
</Directory>


</virtualHost>

# <virtualhost *:80>
# ServerName fitcity.sk
# Redirect permanent / https://fitcity.sk/
# </virtualhost>

# END DOMAIN: fitcity.sk
################################################################

This is my Sentora VHOST config file (httpd-vhosts.conf). I tried both intermediate.crt with same result. With this configuration, when I open fitcity.sk it opens Sentora CP except my site...

When I put to my console: openssl s_client -connect fitcity.sk:443
I get:
Code:
openssl s_client -connect fitcity.sk:443                          CONNECTED(00000003)
depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/OU=GT06217787/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=fitcity.sk
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIElzCCA3+gAwIBAgIDBTatMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNTA2MjEwMzQ0MzBaFw0xNjA2MjQxMjQwMjJaMIGOMRMw
EQYDVQQLEwpHVDA2MjE3Nzg3MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE1MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTETMBEGA1UEAxMKZml0Y2l0eS5zazCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVENShvjeKewXS0nipy17UNPhod
bVGd903wfVKPTGPtMOMa3+cHS1XAX8ZNTzFSnp1n3t2a/+8TcGPjrg+fyddRGfpu
S7EaHrdfPUHP1HyvfRnWTTwKFltdkhnpZzVVZl3XcLVIsVISgz4HBGC/Jj04aCCO
6xWKEwCzhkw/ahYRASN6CfQsZda7bciAmPMXDkgAf/dSc5zDTQx4ZV8ZOZk1AtW/
exH1hHEL7Yp/ic0GG3HggCGO04brVLPHyIyNTtVDY5nJntiZX6f9rZUaZXftyI4g
t5amdT8bf0UJgQk+Bul7Ar3nSj1Lj/i51ln5ugv5Ut3iBgtwyJqDrMXna9MCAwEA
AaOCAUIwggE+MB8GA1UdIwQYMBaAFMOc8/zTRgg0u85Gf6B8W/PiCMtZMFcGCCsG
AQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2d2LnN5bWNkLmNvbTAmBggr
BgEFBQcwAoYaaHR0cDovL2d2LnN5bWNiLmNvbS9ndi5jcnQwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAVBgNVHREEDjAMggpm
aXRjaXR5LnNrMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9ndi5zeW1jYi5jb20v
Z3YuY3JsMAwGA1UdEwEB/wQCMAAwQQYDVR0gBDowODA2BgZngQwBAgEwLDAqBggr
BgEFBQcCARYeaHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2FsMA0GCSqGSIb3
DQEBCwUAA4IBAQAh1z4+BpoRzwcwzY6o3g2Yty6ZuPPrHrs6XUQJl/DXglDv8lR7
71vaHSuuvQ65ccC6r3pmx259I0MWTEHLpy9eclejfO2v34dTWk79iDRY0YkcP5cf
++OfoCFARRlksw45i6uqDBjlp/CB3rOJBMHpdM2YSM1/W5MHyB0M9xyn01E+rnlI
LgeUz4eeWT9+K9Xt1qTX9shifmGxQOmH2tDSv71e08vCz7PXNxPSFm4NRMdX/HDh
zhz36WcIqv3SS7dZxVlPqL1GarmAl+FZ1kc9p9FvEqWxVtXBSn6ei3O9jT2xZQf0
vxkq/w/7xbiDIvqYLyWKcEeE1aVMeUepypYS
-----END CERTIFICATE-----
subject=/OU=GT06217787/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=fitcity.sk
issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 2994 bytes and written 477 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: B9C8CE17E687E59323A448496BB440A7CA25083658C7EE7929E895BA7F2CA1AC
    Session-ID-ctx:
    Master-Key: 34B07A28EFCBA4CC09DAA693041E800A0EB7A473D15B2B14AFF87A4B3B5A2BEC4ECA86987EF2EAEB3E8B8B9D713BA43D
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 00 7f 92 68 75 04 8c e5-a0 0f 9b 4c cb aa ad a2   ...hu......L....
    0010 - 29 e0 68 0d 1a c6 ed 2d-8c ba a2 21 99 28 2a e5   ).h....-...!.(*.
    0020 - e3 d1 83 7f 18 84 a6 8e-0d 7c a8 2e d8 bb 52 c9   .........|....R.
    0030 - 22 26 10 26 4c 3f 6d 54-06 d8 b4 91 08 dc 1d 0e   "&.&L?mT........
    0040 - 1c ca 28 dd 06 9a 2e 29-ae 05 16 83 62 af 54 89   ..(....)....b.T.
    0050 - 56 03 50 f8 cf 58 53 92-35 88 d4 d0 71 47 9b 2f   V.P..XS.5...qG./
    0060 - 39 7f c5 49 29 9c ab 85-95 88 4a 6c bf 46 7b a2   9..I).....Jl.F{.
    0070 - ce 45 6c d9 b3 8c 48 39-04 92 bf 9c 43 03 2f dd   .El...H9....C./.
    0080 - 9b b8 3a ed 77 13 39 ee-fc 16 cd f9 c8 90 47 3b   ..:.w.9.......G;
    0090 - 27 16 b5 a5 98 c0 e9 2b-e6 72 d5 29 b9 d4 84 43   '......+.r.)...C
    00a0 - 9b c3 1b 97 a9 5f dc 0e-a0 35 f2 dd e6 b5 a4 98   ....._...5......
    00b0 - 34 fa fc eb ef 61 6c 3d-a7 fd 31 42 36 ce 80 f5   4....al=..1B6...

    Start Time: 1435001436
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

CAN SOMEBODY HELP PLEASE??? Smile
Reply
Thanks given by:
#10
RE: How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
(06-24-2015, 07:49 PM)hotshot Wrote:
Code:
################################################################
# Apache VHOST configuration file
# Automatically generated by Sentora 1.0.0
# Generated on: 11:30 24th Jun 2015 CEST
#==== YOU MUST NOT EDIT THIS FILE : IT WILL BE OVERWRITTEN ====
# Use Sentora Menu -> Admin -> Module Admin -> Apache config
################################################################

Listen 80
Listen 443

# Configuration for Sentora control panel.
<VirtualHost *:80>
ServerAdmin marek@hotshot.sk
DocumentRoot "/etc/sentora/panel/"
ServerName hshot
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
   AllowOverride All
   Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)

</VirtualHost>

################################################################
# Sentora generated VHOST configurations below.....
################################################################

<virtualhost *:443>
ServerAdmin marek@hotshot.sk
ServerName fitcity.sk
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/fitcity_sk"
SSLEngine on
SSLCertificateFile /var/sentora/hostdata/zadmin/ssl/fitcityfinal.sk.crt
SSLCertificateKeyFile /var/sentora/hostdata/zadmin/ssl/fitcityfinal.sk.key

SSLCertificateChainFile /var/sentora/hostdata/zadmin/ssl/intermediate.crt
#SSLCACertificateFile
/var/sentora/hostdata/zadmin/ssl/intermediate.crt

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

ErrorLog "/var/sentora/logs/domains/zadmin/fitcityX-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/fitcityX.tld-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/fitcityX-bandwidth.log" common

<Directory "/var/sentora/hostdata/zadmin/public_html/fitcity_sk">
 Options +FollowSymLinks -Indexes
 AllowOverride All
 Require all granted
</Directory>


</virtualHost>

# <virtualhost *:80>
# ServerName fitcity.sk
# Redirect permanent / https://fitcity.sk/
# </virtualhost>

# END DOMAIN: fitcity.sk
################################################################

This is my Sentora VHOST config file (httpd-vhosts.conf). I tried both intermediate.crt with same result. With this configuration, when I open fitcity.sk it opens Sentora CP except my site...

When I put to my console: openssl s_client -connect fitcity.sk:443
I get:
Code:
openssl s_client -connect fitcity.sk:443                          CONNECTED(00000003)
depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/OU=GT06217787/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=fitcity.sk
  i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
  i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIElzCCA3+gAwIBAgIDBTatMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNTA2MjEwMzQ0MzBaFw0xNjA2MjQxMjQwMjJaMIGOMRMw
EQYDVQQLEwpHVDA2MjE3Nzg3MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE1MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTETMBEGA1UEAxMKZml0Y2l0eS5zazCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVENShvjeKewXS0nipy17UNPhod
bVGd903wfVKPTGPtMOMa3+cHS1XAX8ZNTzFSnp1n3t2a/+8TcGPjrg+fyddRGfpu
S7EaHrdfPUHP1HyvfRnWTTwKFltdkhnpZzVVZl3XcLVIsVISgz4HBGC/Jj04aCCO
6xWKEwCzhkw/ahYRASN6CfQsZda7bciAmPMXDkgAf/dSc5zDTQx4ZV8ZOZk1AtW/
exH1hHEL7Yp/ic0GG3HggCGO04brVLPHyIyNTtVDY5nJntiZX6f9rZUaZXftyI4g
t5amdT8bf0UJgQk+Bul7Ar3nSj1Lj/i51ln5ugv5Ut3iBgtwyJqDrMXna9MCAwEA
AaOCAUIwggE+MB8GA1UdIwQYMBaAFMOc8/zTRgg0u85Gf6B8W/PiCMtZMFcGCCsG
AQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2d2LnN5bWNkLmNvbTAmBggr
BgEFBQcwAoYaaHR0cDovL2d2LnN5bWNiLmNvbS9ndi5jcnQwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAVBgNVHREEDjAMggpm
aXRjaXR5LnNrMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9ndi5zeW1jYi5jb20v
Z3YuY3JsMAwGA1UdEwEB/wQCMAAwQQYDVR0gBDowODA2BgZngQwBAgEwLDAqBggr
BgEFBQcCARYeaHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2FsMA0GCSqGSIb3
DQEBCwUAA4IBAQAh1z4+BpoRzwcwzY6o3g2Yty6ZuPPrHrs6XUQJl/DXglDv8lR7
71vaHSuuvQ65ccC6r3pmx259I0MWTEHLpy9eclejfO2v34dTWk79iDRY0YkcP5cf
++OfoCFARRlksw45i6uqDBjlp/CB3rOJBMHpdM2YSM1/W5MHyB0M9xyn01E+rnlI
LgeUz4eeWT9+K9Xt1qTX9shifmGxQOmH2tDSv71e08vCz7PXNxPSFm4NRMdX/HDh
zhz36WcIqv3SS7dZxVlPqL1GarmAl+FZ1kc9p9FvEqWxVtXBSn6ei3O9jT2xZQf0
vxkq/w/7xbiDIvqYLyWKcEeE1aVMeUepypYS
-----END CERTIFICATE-----
subject=/OU=GT06217787/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=fitcity.sk
issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 2994 bytes and written 477 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
   Protocol  : TLSv1.2
   Cipher    : ECDHE-RSA-AES256-SHA384
   Session-ID: B9C8CE17E687E59323A448496BB440A7CA25083658C7EE7929E895BA7F2CA1AC
   Session-ID-ctx:
   Master-Key: 34B07A28EFCBA4CC09DAA693041E800A0EB7A473D15B2B14AFF87A4B3B5A2BEC4ECA86987EF2EAEB3E8B8B9D713BA43D
   Key-Arg   : None
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   TLS session ticket lifetime hint: 300 (seconds)
   TLS session ticket:
   0000 - 00 7f 92 68 75 04 8c e5-a0 0f 9b 4c cb aa ad a2   ...hu......L....
   0010 - 29 e0 68 0d 1a c6 ed 2d-8c ba a2 21 99 28 2a e5   ).h....-...!.(*.
   0020 - e3 d1 83 7f 18 84 a6 8e-0d 7c a8 2e d8 bb 52 c9   .........|....R.
   0030 - 22 26 10 26 4c 3f 6d 54-06 d8 b4 91 08 dc 1d 0e   "&.&L?mT........
   0040 - 1c ca 28 dd 06 9a 2e 29-ae 05 16 83 62 af 54 89   ..(....)....b.T.
   0050 - 56 03 50 f8 cf 58 53 92-35 88 d4 d0 71 47 9b 2f   V.P..XS.5...qG./
   0060 - 39 7f c5 49 29 9c ab 85-95 88 4a 6c bf 46 7b a2   9..I).....Jl.F{.
   0070 - ce 45 6c d9 b3 8c 48 39-04 92 bf 9c 43 03 2f dd   .El...H9....C./.
   0080 - 9b b8 3a ed 77 13 39 ee-fc 16 cd f9 c8 90 47 3b   ..:.w.9.......G;
   0090 - 27 16 b5 a5 98 c0 e9 2b-e6 72 d5 29 b9 d4 84 43   '......+.r.)...C
   00a0 - 9b c3 1b 97 a9 5f dc 0e-a0 35 f2 dd e6 b5 a4 98   ....._...5......
   00b0 - 34 fa fc eb ef 61 6c 3d-a7 fd 31 42 36 ce 80 f5   4....al=..1B6...

   Start Time: 1435001436
   Timeout   : 300 (sec)
   Verify return code: 20 (unable to get local issuer certificate)

CAN SOMEBODY HELP PLEASE??? Smile
Sorry I didn´t want to be an intruder in your post.
Finally https is working for my site, with a 403 error but it is finally working. Just need help with that 403 error.
Check out this post from Me.B
Restore the httpd-vhosts.conf made by sentora, the one without "Listen 443" and all the conf to make your Vhost work with SSL. Leave it as it was written by Sentora. And then follow Me.B guide

(12-07-2014, 07:39 AM)Me.B Wrote: In few lines the best solution is:

1. create a new conf file that contain your SSL host that will look like this

Quote:<virtualhost *:443>
ServerName ssl.domain.com
ServerAlias ssl.domain.com
ServerAdmin you@domain.com
DocumentRoot "/var/zpanel/hostdata/zadmin/public_html/ssl.domain.com"
php_admin_value open_basedir "/var/zpanel/hostdata/zadmin/public_html/ssl.domain.com:/var/zpanel/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/zpanel/logs/domains/zadmin/ssl.domain.com-error.log"
CustomLog "/var/zpanel/logs/domains/zadmin/ssl.domain.com-access.log" combined
CustomLog "/var/zpanel/logs/domains/zadmin/ssl.domain.com-bandwidth.log" common
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 404 /_errorpages/404.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
SSLEngine On
SSLCertificateFile /var/zpanel/logs/domains/zadmin/ssl/secure1.pem
SSLCertificateKeyFile /var/zpanel/logs/domains/zadmin/ssl/secure1.key
</virtualhost>

All zpanel path's should be replaced by sentora.

You will need first to create a normal ssl.domain.com ( sub domain) could a be domain so replace ssl.domain.com with the correct URL you will use.

Notice the path for the SSL certificates that you can change.

Once you create this config file as ssl.domain.com.conf place it in
/etc/zpanel/config/apache/ ( or /etc/sentora/ )

Then check your apache main config file & add include the new conf file you created.

Restart apache. If your SSL certficate is ok ( take care to remove the password or apache will request it after each restart), you should now have
http://ssl.domain.com working &
https://ssl.domain.com both pointing same root.

Then add a .htaccess to enforce https only if you need that or you can keep both working.

I think the old way in the wiki should not be used & hope in next release we auto generate the ssl host instead of having this manual setup. The wiki how to fail to explain the need for override. As once you enable ssl the default domain/subdomain with SSL will no longer work on HTTP & this is why you will be required to add a vhost port override to avoid nasty errors. My way will allow both SSL & non SSL working but require a lot more manual admin off panel.

This topic is FOR EXPERIENCED ADMIN.

M B
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Upgrade to Ubuntu 16.04 from 14.04 HogensHero 8 30 ,380 07-18-2020, 03:13 AM
Last Post: dycott78
Ubuntu: How to Enable tls/ssl in proftpd Diablo925 2 12 ,861 04-21-2020, 03:35 AM
Last Post: iraqiboy90
Ubuntu 18.04 or 20.04 Kangarooo 1 6 ,958 03-20-2020, 11:39 AM
Last Post: Jettaman

Forum Jump:


Users browsing this thread: 3 Guest(s)