Author Topic: Let's Encrypt SSL on admin for CWP7 - cwpsrv.service restar error  (Read 687 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
I am adding this question here since this seems to be a CWP7 specific issue, this was originally posted here: http://forum.centos-webpanel.com/ssl/can't-install-let's-encrypt-ssl-on-admin-for-cwp7-need-assistance/

Quote
've been attempting to install a Let's Encrypt certificate for the admin panel for CWP7 and here's the steps I've followed:

First I attempted to follow this guide:
http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt

(Including the YouTube video)

It appears that a few file names might be wrong, because the video wants the file /usr/local/apache/conf.d/vhosts-hostname.conf edited, but in the Video, it's showing the edit of /usr/local/apache/conf.d/vhosts.conf through the admin page.

So as a test I setup my admin virtual host through the admin page (i.e. vhosts.conf) per the video with proper host.hostname.com entries/IP and then I installed the Let's Encrypt Cert, followed by checking my admin panel server page for SSL and that appeared functional on port 443.   The next stage was to add the ability to use the cert on port 2031.

The guide indicates to make changes to: /usr/local/cwpsrv/conf.d/cwp-ssl.conf

The file cwp-ssl.conf didn't exist, so I created the file with the proper entries and then attempted to restart CWP, that lead this error:

Redirecting to /bin/systemctl restart  cwpsrv.service
Job for cwpsrv.service failed because the control process exited with error code. See "systemctl status cwpsrv.service" and "journalctl -xe" for details.

After searching, making adjustments based on other attempts discovered online and so forth, it appeared this wasn't going work and then I noticed ALL the guides and videos I've been reading/viewing were related to CWP (v6) and not CWP7 - does anyone have a guide and/or advice on setting up the admin page (port 2031) using the Let's Encrypt certs.

FWIW, it seems that any changes made to cwp-ssl.conf lead to a restart error.

Has anyone

Offline
*****
Re: Let's Encrypt SSL on admin for CWP7 - cwpsrv.service restar error
« Reply #1 on: March 28, 2017, 09:10:24 AM »
make changes to cwpsrv.conf only don't create cwp-ssl.conf manually

Offline
*
Re: Let's Encrypt SSL on admin for CWP7 - cwpsrv.service restar error
« Reply #2 on: March 28, 2017, 11:37:33 AM »
make changes to cwpsrv.conf only don't create cwp-ssl.conf manually

Hello Sandeep,  so I looked at the file, tried adding the entries as in the tutorial, but it still gives the error...

Here is the SSL section of the file, where do I insert that information?
Quote
    server {
   listen       2031;
        listen       2087;
        listen       2083;
        server_name  localhost;

        ssl                 on;
        ssl_session_timeout 90m;
        ssl_certificate     /etc/pki/tls/certs/hostname.crt;
        ssl_certificate_key /etc/pki/tls/private/hostname.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        location / {
            root   /usr/local/cwpsrv/htdocs/admin;
            index  index.html index.htm index.php;
            ModSecurityEnabled off;
            ModSecurityConfig /usr/local/cwpsrv/conf/security/conf/global_rules.conf;

            # Includes
            include /usr/local/cwpsrv/conf/cwp_rewrite.conf;
            include /usr/local/cwpsrv/conf/cwp_services.conf;
            include /usr/local/cwpsrv/conf/include/*.conf;
            include /usr/local/cwpsrv/conf/cwp_panels.conf;

            location ~ \.php$ {
                try_files $uri =404;
                root /usr/local/cwpsrv/htdocs/admin;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_read_timeout 600;
                fastcgi_pass    unix:/usr/local/cwp/php71/var/sockets/cwpsrv.sock;
                fastcgi_index   index.php;
                fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                fastcgi_param   SCRIPT_NAME   $fastcgi_script_name;
                include                 fastcgi_params;
            }
        }
    }
    include /usr/local/cwpsrv/conf.d/*.conf;
}