Forum

This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
Sentora Support Forums Sentora Forum Archives Sentora Public Support Forums v1.0.x Community Guides & How-To's v1.0.x v [SPLIT] Secure Sentora Login with Let's Encrypt

[SPLIT] Secure Sentora Login with Let's Encrypt
TGates Offline
Sentora Council - Head of Support Team
*******
OS: Ubuntu 20.04 LTS
Version: 2.0.2
Server: i7-6700K @ 4GHz, 8 cores 32GB Ram
Posts: 3 ,659
Threads: 241
Joined: May 2014
Reputation: 85
Sex: Male
Thanks: 406
Given 599 thank(s) in 464 post(s)
#11
RE: Secure Sentora Login with Let's Encrypt
 01-29-2016, 02:43 PM
Thanks for updating your profile too Wink

Hmmm Huh  Looking into it... Have you customized your installation in any way before using this tutorial?
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Find
Reply
Thanks given by:
zustudios Offline
Sentora Member
*
OS: Ubuntu 20.04
Version: 2.0.1
Server: VPS
Posts: 108
Threads: 23
Joined: Mar 2015
Reputation: 0
Sex: Undisclosed
Thanks: 0
Given 2 thank(s) in 2 post(s)
#12
RE: Secure Sentora Login with Let's Encrypt
 01-29-2016, 02:43 PM (This post was last modified: 01-29-2016, 02:47 PM by zustudios. Edit Reason: profile update )
(01-29-2016, 01:45 PM)TGates Wrote: Sounds like mod_ssl is not isntalled as per this part of the directions:

Check to make sure mod_ssl is installed:
On Sentora Panel go to Admin -> PHPinfo -> View Full PHP Configuration -> Search for mod_ssl
If not, install it:
NOTICE: For CentOS replace apt-get with yum
Code:
Code:
apt-get install openssl
Not too mention according to your server profile you should be using service https restart if you are using CentOS...?
I updated my profile to "both ubuntu 12.04/centos 6.7"
   
Find
Reply
Thanks given by:
zustudios Offline
Sentora Member
*
OS: Ubuntu 20.04
Version: 2.0.1
Server: VPS
Posts: 108
Threads: 23
Joined: Mar 2015
Reputation: 0
Sex: Undisclosed
Thanks: 0
Given 2 thank(s) in 2 post(s)
#13
RE: Secure Sentora Login with Let's Encrypt
 01-29-2016, 02:50 PM (This post was last modified: 01-29-2016, 02:51 PM by zustudios. Edit Reason: answer the question )
(01-29-2016, 02:43 PM)TGates Wrote: Thanks for updating your profile too Wink

Hmmm Huh  Looking into it... Have you customized your installation in any way before using this tutorial?

No customization fresh install.
I'm using proxmox ( https://www.proxmox.com/en/ ) with lxc container.Ubuntu 12.04
If I pm you my login and ssh details can you debug the situation?
Find
Reply
Thanks given by:
TGates Offline
Sentora Council - Head of Support Team
*******
OS: Ubuntu 20.04 LTS
Version: 2.0.2
Server: i7-6700K @ 4GHz, 8 cores 32GB Ram
Posts: 3 ,659
Threads: 241
Joined: May 2014
Reputation: 85
Sex: Male
Thanks: 406
Given 599 thank(s) in 464 post(s)
#14
RE: Secure Sentora Login with Let's Encrypt
 01-29-2016, 02:51 PM
Code:
The Apache error log may have more information.
So, what info is showing in the apache error log?
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Find
Reply
Thanks given by:
zustudios Offline
Sentora Member
*
OS: Ubuntu 20.04
Version: 2.0.1
Server: VPS
Posts: 108
Threads: 23
Joined: Mar 2015
Reputation: 0
Sex: Undisclosed
Thanks: 0
Given 2 thank(s) in 2 post(s)
#15
RE: Secure Sentora Login with Let's Encrypt
 01-29-2016, 02:59 PM
(01-29-2016, 02:51 PM)TGates Wrote:
Code:
The Apache error log may have more information.
So, what info is showing in the apache error log?

Too late now I restored my snapshot to start all over. If I pm you my details can you try and install it and debug. It might help someone.
Find
Reply
Thanks given by:
TGates Offline
Sentora Council - Head of Support Team
*******
OS: Ubuntu 20.04 LTS
Version: 2.0.2
Server: i7-6700K @ 4GHz, 8 cores 32GB Ram
Posts: 3 ,659
Threads: 241
Joined: May 2014
Reputation: 85
Sex: Male
Thanks: 406
Given 599 thank(s) in 464 post(s)
#16
RE: Secure Sentora Login with Let's Encrypt
 01-29-2016, 03:05 PM
I'll take a quick look. Send over the details.
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Find
Reply
Thanks given by:
zustudios Offline
Sentora Member
*
OS: Ubuntu 20.04
Version: 2.0.1
Server: VPS
Posts: 108
Threads: 23
Joined: Mar 2015
Reputation: 0
Sex: Undisclosed
Thanks: 0
Given 2 thank(s) in 2 post(s)
#17
RE: Secure Sentora Login with Let's Encrypt
 01-29-2016, 03:09 PM
(01-29-2016, 03:05 PM)TGates Wrote: I'll take a quick look. Send over the details.

check your pm
Find
Reply
Thanks given by:
denellum Offline
Sentora Member
*
OS: CentOS 7
Version: 1.0.3
Server: VPS
Posts: 2
Threads: 0
Joined: Jan 2016
Reputation: 1
Sex: Male
Thanks: 0
Given 1 thank(s) in 1 post(s)
#18
RE: Secure Sentora Login with Let's Encrypt
 01-31-2016, 07:02 PM (This post was last modified: 01-31-2016, 07:05 PM by denellum.)
Just want to help add more security and get an A+ ranking on the following SSL cert testing site https://www.ssllabs.com/ssltest on a CentOS 7 server :

Credit to the guys that helped with this : https://cipherli.st/

The first part of the guide will require you to configure some things via SSH, so go ahead and log into your server via SSH.

Edit ssl.conf :

Code:
vi /etc/httpd/conf.d/ssl.conf

Find LogLevel warn

Code:
/LogLevel warn

add after:

Code:
#https://cipherli.st/
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
#SSLCompression
off
#SSLSessionTickets
Off
#SSLUseStapling
on
#SSLStaplingCache
"shmcb:logs/stapling-cache(150000)"

Search for SSLProtocol all -SSLv2 :

Code:
/SSLProtocol all -SSLv2

Replace it with it commented out :

Code:
#SSLProtocol
all -SSLv2

Search for SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA :

Code:
/SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

Replace it with it commented out :

Code:
#SSLCipherSuite
HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

Now simply go back to your control panel and go to : admin > Module Admin > Apache Config > Global Sentora Entry

Add the following AFTER your SSL certs :

Code:
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
#SSLCompression
off
#SSLSessionTickets
Off
#SSLUseStapling
on
#SSLStaplingCache
"shmcb:logs/stapling-cache(150000)"

Go back to your server and run a quick reset and update the daemon :

Code:
php -q /etc/sentora/panel/bin/daemon.php && service httpd restart

Now test your domain over at SSLlabs :

https://www.ssllabs.com/ssltest/
Find
Reply
Thanks given by: inkoop@topmatica.nl
TGates Offline
Sentora Council - Head of Support Team
*******
OS: Ubuntu 20.04 LTS
Version: 2.0.2
Server: i7-6700K @ 4GHz, 8 cores 32GB Ram
Posts: 3 ,659
Threads: 241
Joined: May 2014
Reputation: 85
Sex: Male
Thanks: 406
Given 599 thank(s) in 464 post(s)
#19
RE: Secure Sentora Login with Let's Encrypt
 02-01-2016, 05:20 AM
Updated first post with new Global Sentora Vhost Entry. Gives Apache 2.4 an 'A' rating.
May need to be tweaked to work on Apache 2.2+
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Find
Reply
Thanks given by:
NicolaiVdS Offline
Sentora Member
*
OS: Centos 7
Version: 1.0.3
Server: vps
Posts: 7
Threads: 2
Joined: Apr 2016
Reputation: 0
Sex: Male
Thanks: 0
Given 1 thank(s) in 1 post(s)
#20
RE: Secure Sentora Login with Let's Encrypt
 04-14-2016, 12:17 AM
Tip after doing this you might wanna add a panel subdomain and add a port overide to it so when you visit panel.domain.tld you wil be the on https and not http
Find
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Secure Sentora Domains with Let's Encrypt TGates 27 96 ,644 06-08-2024, 05:06 PM
Last Post: andykimpe
Secure Sentora With SSLForFree Chris L 1 5 ,280 01-22-2020, 09:19 PM
Last Post: ralphharder
Fail2ban for Sentora (Centos 7) bbspike 14 48 ,388 01-14-2020, 07:32 AM
Last Post: Vedran B

Forum Jump:


Users browsing this thread: 1 Guest(s)