Control Web Panel

WebPanel => SSL => Topic started by: muscator on August 19, 2016, 09:06:53 AM

Title: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: muscator on August 19, 2016, 09:06:53 AM
The new module for SSL via Letīs Encrypt actually works just fine, except for the 'custom install - also for server hostname) install.

Using all other options in the module works like a dream, but there is no option on how to get the server hostname, eg. srv1.dmoain.ldt to work as smoothly as the other options in the module...?

Checking around the web, it shows that most people with this problem, canīt find the correct path to put into the box and donīt know if they have to set 2031 in the port setting and actually how to get the Custom Install to setup and replace the CWP generated and self signed SSL cert...

I havenīt found anybody who made this work just by filling out the boxes in the 'custom install' option in the module, but have found an ocean of more or less strange options on how to circumvent the present setup to make it work...

Maybe it would be a good idea to make a step-by-step information for all to follow to avoid many asking the same question here and many other places...?
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: rockhost on August 23, 2016, 09:07:48 AM
same issue
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: Igor S. on August 23, 2016, 09:44:57 AM
Hello.

Try to add VirtualHost with your hostname and install the SSL.
Also, it should be work if you will set the path as /usr/local/apache/htdocs/
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: muscator on August 23, 2016, 06:02:27 PM
Hello.

Try to add VirtualHost with your hostname and install the SSL.
Also, it should be work if you will set the path as /usr/local/apache/htdocs/

Hi Igor - thanks - that took care of generating the certificate, but opposed to the other lets encrypt certs, this did not install as service certificate on the hostname...?

I can see some people says that it needs to be taken care of via the SSL certmanager in cwp, but the Lets encrypt uses another location for the cert files than the selfsigned, so an easy 'do-like-this' would be welcome... ;-)
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: Igor S. on August 24, 2016, 07:45:28 AM
Hi, it should be works.
Contact with CWP support http://centos-webpanel.com/support-services
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: muscator on August 30, 2016, 05:20:14 AM
Hi, it should be works.
Contact with CWP support http://centos-webpanel.com/support-services

It seems like letīs encrypt do not overrule the standard SSL cert placement for CWP, leaving the old selfsigned cert in working mode and the new hostname cert is not 'seen' by cwp/apache...

It works just fine for all other domains, just not for the hostname cert

Does anybody have a workaround for this problem...?

Apparently CWP autosearches for the ssl provided by the selfsigned function at the 'normal' place for CWP certs and NOT at the 'new' ssl location provided by the letīs encrypt certs, so it is probably a simple workaround - but how...??
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: muscator on September 04, 2016, 09:37:53 AM
Hi Igor, I have - as you suggested - contacted
CWP support http://centos-webpanel.com/support-services

but so far havenīt heard anything from them....

As mentioned before, Iīm sure there is a simple workaround to the problem, I just havenīt been able to find it yet.....

Any assistance would be appreciated.
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: muscator on September 12, 2016, 07:12:09 AM
Hi, it should be works.
Contact with CWP support http://centos-webpanel.com/support-services

It seems like letīs encrypt do not overrule the standard SSL cert placement for CWP, leaving the old selfsigned cert in working mode and the new hostname cert is not 'seen' by cwp/apache...

It works just fine for all other domains, just not for the hostname cert

Does anybody have a workaround for this problem...?

Apparently CWP autosearches for the ssl provided by the selfsigned function at the 'normal' place for CWP certs and NOT at the 'new' ssl location provided by the letīs encrypt certs, so it is probably a simple workaround - but how...??

Hi Igor,

Unfortunately it doesnīt work - furthermore I have raised a ticket at the address you mention, but nobody has responded yet....?

Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: muscator on October 02, 2016, 07:49:26 AM
Actually I finally received a response that pointed me in the right direction, I had tried the solution before but to no avail, but this time I added some other actions and now it finally works - thanks for all responses...
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: danny on January 24, 2017, 10:55:09 AM
Actually I finally received a response that pointed me in the right direction, I had tried the solution before but to no avail, but this time I added some other actions and now it finally works - thanks for all responses...

How did you get this to work please? I also have managed to install the Letsencrypt certificate for the CWP on port 2031 - but going to https://myip:2031 is still picking up the self-signed certificate.
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: Sandeep on January 24, 2017, 11:15:51 AM
http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: Jess on May 23, 2017, 08:10:29 PM
I have the host name set with right certificate but not CWP on port 2030 or 2031

I am getting  Bad SSL record too long when i go to https://server1.domain.com/cwp


I have read on the forum that i should use AutoSSL to fix this

How?

by issuing a cert on for port 2031?
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: 6Sense on May 24, 2017, 01:22:45 PM
Just select your hostname.cert from the Certificate dropdown box and use AutoSSL.

Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: Sandeep on May 24, 2017, 04:38:57 PM
change the hostname (you can simply click change hostname if you don't want to use another hostname) this will generate ssl LE cert
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: JAYC on November 30, 2017, 08:54:09 PM
Changing the hostname doesn't work in all cases.

i.e.

On first attempt it tried to generate a certificate but error message said that the the validation failed.
Now, it just keeps generating self signed certificate.  ???
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: joehudson on September 25, 2018, 12:50:10 AM
Followed http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt
which generated a cert for my server hostname,
but the cert got installed in one of my user accounts which has a website with the server domain, i.e. the server hostname is 'server.domain.com' and the main domain of a user account is 'domain.com'. Is that a bad thing to do? (Only I use the server and user accounts). In any case, how can I put the cert for the server in the right place so I can login to CWP, server.domain.com:2031, without a warning and using the autoSSL cert?
Thanks
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: cwparm on October 18, 2018, 11:00:27 AM
Hello.
Here's how I manually solved this issue from CWP control panel:
Security > SSL Generator > SSL Certificate Manager
in Install SSL Certificate using Manual option select the certificate you want to install on your host, and in Domain field specify your hostname e.g. srv1.domain.tld and click Install.
This will install your chosen SSL on the your host.
Regards.
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: glorency on October 18, 2018, 06:19:19 PM
The new module for SSL via Letīs Encrypt actually works just fine, except for the 'custom install - also for server hostname) install.

Using all other options in the module works like a dream, but there is no option on how to get the server hostname, eg. srv1.dmoain.ldt to work as smoothly as the other options in the module...?

Checking around the web, it shows that most people with this problem, canīt find the correct path to put into the box and donīt know if they have to set 2031 in the port setting and actually how to get the Custom Install to setup and replace the CWP generated and self signed SSL cert...

I havenīt found anybody who made this work just by filling out the boxes in the 'custom install' option in the module, but have found an ocean of more or less strange options on how to circumvent the present setup to make it work...

Maybe it would be a good idea to make a step-by-step information for all to follow to avoid many asking the same question here and many other places...?


Must Follow :
http://forum.centos-webpanel.com/ssl/install-letsencrypt-ssl-certificate-for-your-server-hostnamefqdn-100-working/
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: jammin on November 28, 2018, 11:41:45 PM
Changing the hostname doesn't work in all cases.

i.e.

On first attempt it tried to generate a certificate but error message said that the the validation failed.
Now, it just keeps generating self signed certificate.  ???

I have this problem too.  It generates only a self signed certificate. 

I have tested auto SSL on another domain and it works OK, but I can't get one generated for my panel hostname.
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: GTMAN on December 04, 2018, 10:21:50 PM
It worked for me by saving the host name but you have to use the 2031 port and not 2087!
Title: Re: Replace self signed CWP SSL cert on server hostname with letīs encrypt ssl cert
Post by: previesam on December 14, 2022, 11:02:46 PM
Could anyone please help with this issue? I installed cwp and change the hostname following all recommendations about using a subdomain as a hostname and this automatically installed SSL for the server. However, I am having an issue now with the SSL been only valid for the server subdomain. All attempts to setup SSL for the main domain are ignored. Even though I was able to use autossl to generate another certificate for the main domain but it did not take effect. The browser is always using the hostname certificate for the main domain and other subdomains.