This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

[SPLIT] Secure Sentora Login with Let's Encrypt
#11
RE: Secure Sentora Login with Let's Encrypt
Thanks for updating your profile too Wink

Hmmm Huh  Looking into it... Have you customized your installation in any way before using this tutorial?
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#12
RE: Secure Sentora Login with Let's Encrypt
(01-29-2016, 01:45 PM)TGates Wrote: Sounds like mod_ssl is not isntalled as per this part of the directions:

Check to make sure mod_ssl is installed:
On Sentora Panel go to Admin -> PHPinfo -> View Full PHP Configuration -> Search for mod_ssl
If not, install it:
NOTICE: For CentOS replace apt-get with yum
Code:
Code:
apt-get install openssl
Not too mention according to your server profile you should be using service https restart if you are using CentOS...?
I updated my profile to "both ubuntu 12.04/centos 6.7"
   
Reply
Thanks given by:
#13
RE: Secure Sentora Login with Let's Encrypt
(01-29-2016, 02:43 PM)TGates Wrote: Thanks for updating your profile too Wink

Hmmm Huh  Looking into it... Have you customized your installation in any way before using this tutorial?

No customization fresh install.
I'm using proxmox ( https://www.proxmox.com/en/ ) with lxc container.Ubuntu 12.04
If I pm you my login and ssh details can you debug the situation?
Reply
Thanks given by:
#14
RE: Secure Sentora Login with Let's Encrypt
Code:
The Apache error log may have more information.
So, what info is showing in the apache error log?
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#15
RE: Secure Sentora Login with Let's Encrypt
(01-29-2016, 02:51 PM)TGates Wrote:
Code:
The Apache error log may have more information.
So, what info is showing in the apache error log?

Too late now I restored my snapshot to start all over. If I pm you my details can you try and install it and debug. It might help someone.
Reply
Thanks given by:
#16
RE: Secure Sentora Login with Let's Encrypt
I'll take a quick look. Send over the details.
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#17
RE: Secure Sentora Login with Let's Encrypt
(01-29-2016, 03:05 PM)TGates Wrote: I'll take a quick look. Send over the details.

check your pm
Reply
Thanks given by:
#18
RE: Secure Sentora Login with Let's Encrypt
Just want to help add more security and get an A+ ranking on the following SSL cert testing site https://www.ssllabs.com/ssltest on a CentOS 7 server :

Credit to the guys that helped with this : https://cipherli.st/

The first part of the guide will require you to configure some things via SSH, so go ahead and log into your server via SSH.

Edit ssl.conf :

Code:
vi /etc/httpd/conf.d/ssl.conf

Find LogLevel warn

Code:
/LogLevel warn

add after:

Code:
#https://cipherli.st/
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
#SSLCompression
off
#SSLSessionTickets
Off
#SSLUseStapling
on
#SSLStaplingCache
"shmcb:logs/stapling-cache(150000)"

Search for SSLProtocol all -SSLv2 :

Code:
/SSLProtocol all -SSLv2

Replace it with it commented out :

Code:
#SSLProtocol
all -SSLv2

Search for SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA :

Code:
/SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

Replace it with it commented out :

Code:
#SSLCipherSuite
HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

Now simply go back to your control panel and go to : admin > Module Admin > Apache Config > Global Sentora Entry

Add the following AFTER your SSL certs :

Code:
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
#SSLCompression
off
#SSLSessionTickets
Off
#SSLUseStapling
on
#SSLStaplingCache
"shmcb:logs/stapling-cache(150000)"

Go back to your server and run a quick reset and update the daemon :

Code:
php -q /etc/sentora/panel/bin/daemon.php && service httpd restart

Now test your domain over at SSLlabs :

https://www.ssllabs.com/ssltest/
Reply
Thanks given by: inkoop@topmatica.nl
#19
RE: Secure Sentora Login with Let's Encrypt
Updated first post with new Global Sentora Vhost Entry. Gives Apache 2.4 an 'A' rating.
May need to be tweaked to work on Apache 2.2+
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#20
RE: Secure Sentora Login with Let's Encrypt
Tip after doing this you might wanna add a panel subdomain and add a port overide to it so when you visit panel.domain.tld you wil be the on https and not http
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Secure Sentora Domains with Let's Encrypt TGates 27 97 ,137 06-08-2024, 05:06 PM
Last Post: andykimpe
Secure Sentora With SSLForFree Chris L 1 5 ,318 01-22-2020, 09:19 PM
Last Post: ralphharder
Fail2ban for Sentora (Centos 7) bbspike 14 48 ,677 01-14-2020, 07:32 AM
Last Post: Vedran B

Forum Jump:


Users browsing this thread: 2 Guest(s)