Quote:Let's Encrypt for Domains:
(Also found in our documentation HERE.)
Process done as ROOT user.
NOTICE: For CentOS servers replace apt-get with yum and replace apache2 with httpd
Installing git & Let’s Encrypt
Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.
Check to make sure mod_ssl is installed:
On Sentora Panel go to Admin -> PHPinfo -> View Full PHP Configuration -> Search for mod_ssl
If not, install it:
NOTICE: For CentOS replace apt-get with yum
Code:
Code:apt-get install mod_ssl
Check to make sure openssl is installed: (openssl does not mandate the install of mod_ssl in CentOS 6.x)
On Sentora Panel go to Admin -> PHPinfo -> View Full PHP Configuration -> Search for openssl
If not, install it:
NOTICE: For CentOS replace apt-get with yum
Code:
Code:apt-get install openssl
REQUIRED for CentOS: Edit /etc/httpd/conf.d/ssl.conf and change Listen 443 to 443
Next, install git and Let's Encrypt:
NOTICE: For CentOS replace apt-get with yum
Code:apt-get install git
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
Creating a Certificate for your domain
You need to turn off apache before creating a certificate or you will get something like
Quote:The program httpd (process ID XXXX) is already listening on TCP port 80. This will prevent us from binding to that port. Please stop the httpd program temporarily and then try again.
REMINDER: Replace domain.com by your domain URL.
NOTICE: For CentOS replace apache2 with httpd
Code:service apache2 stop
./letsencrypt-auto certonly --standalone -d domain.com -d www.domain.com
service apache2 start
Changing Sentora port:
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select VHost] ->
Tick Port Override.
Forward Port 80 to Overriden Port: 443
Custom Entry:
(Don't forget to replace domain.com with your domain's URL below
Code:SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
Save Vhost.
Wait on daemon update or run it manually and restart apache.
NOTICE: For CentOS replace apache2 with httpd
Code:php -q /etc/sentora/panel/bin/daemon.php
service apache2 restart
Your domain should now be secured by SSL.
You can test it here: https://www.ssllabs.com/ssltest/
Secure Sentora Domains with Let's Encrypt
|
Thanks given by: Me.B
Notice you need to chmod ./letsencrypt-auto so you can execute or run
bash ./letsencrypt-auto --help ( permission are there by default when repo cloned). Also ./letsencrypt-auto --help will install openssl if missing so no need for yum/apt_get
No support using PM (Auto adding to IGNORE list!), use the forum.
How to ask 200$ free to start your VPS 60 days credit Thanks given by: TGates
You can also avoid stopping apache if you use
option: challenges http-01 --http-01-port 9999 where you set challenge port to 9999 but you need then to ensure the port is not firewall. Code: letsencrypt-auto --agree-dev-preview --agree-tos --renew-by-default --standalone --standalone-supported-challenges http-01 --http-01-port 9999 --server https://acme-v01.api.letsencrypt.org/directory certonly -d same if you want to use port 81 Code: letsencrypt-auto --agree-dev-preview --agree-tos --renew-by-default --standalone --standalone-supported-challenges http-01 --http-01-port 81--server https://acme-v01.api.letsencrypt.org/directory certonly -d You can also change defaults for let's encrypt: /etc/letsencrypt/cli.ini like: Code: authenticator = webroot Also I don't like the current override for activating SSL . I usually leave the default vhost setting and create an ssl.conf under /sentora/configs/apache and include it in apache. I drop there the new ssl vhost config ( until we automate it). Example of full Vhost under SSL.conf: Code: # DOMAIN: domain M B
No support using PM (Auto adding to IGNORE list!), use the forum.
How to ask 200$ free to start your VPS 60 days credit
I did all of it but after the last apache restart i get this error
Invalid command 'SSLCompression', perhaps misspelled or defined by a module not included in the server configuration and as apache won't start I have no way to get back to my hostpanel
I managed to solve that error but now i get this
[root@hostpanel letsencrypt]# service httpd start /etc/sysconfig/httpd: line 33: “export: command not found Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
RE: Secure Sentora Domains with Let's Encrypt
04-13-2016, 11:17 PM
(This post was last modified: 04-13-2016, 11:17 PM by NicolaiVdS.)
for those who gets this error:
Code: error: command 'x86_64-linux-gnu-gcc' failed with exit status 4 Here is how to do it : Code: sudo dd if=/dev/zero of=/swapfile bs=1024 count=524288 Thanks given by: TGates
aslo when i'm doing this i got the error that port 443 allready was in use so i edited
Code: httpd-vhosts.conf Code: Listen 443 (04-13-2016, 11:34 PM)NicolaiVdS Wrote: aslo when i'm doing this i got the error that port 443 allready was in use so i edited I get the same error. has removed 443 from all httpd.conf and yet after some time it is again in httpd-vhosts.conf then apache stops with error |
« Next Oldest | Next Newest »
|
Possibly Related Threads… | |||||
Thread | Author | Replies | Views | Last Post | |
Secure Sentora With SSLForFree | Chris L | 1 | 5 ,324 |
01-22-2020, 09:19 PM Last Post: ralphharder |
|
Fail2ban for Sentora (Centos 7) | bbspike | 14 | 48 ,692 |
01-14-2020, 07:32 AM Last Post: Vedran B |
|
Timeout for Sentora Admin Panel | minufreelance | 12 | 48 ,854 |
11-24-2018, 12:33 PM Last Post: fearworks |
Users browsing this thread: 2 Guest(s)