Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
SSL / Re: Wlidcard SSL really how to?
« on: June 04, 2020, 11:50:27 PM »In fact, I just checked; I stand corrected (actually lounging)! There is a trick of curl/HTML going on there and the command should work.
I think that you may have missed a step:Quote[Sun 31 May 15:56:38 BST 2020] Installing to /home/user/.acme.sh
[Sun 31 May 15:56:38 BST 2020] Installed to /home/user/.acme.sh/acme.sh
[Sun 31 May 15:56:38 BST 2020] Installing alias to '/home/user/.profile'
[Sun 31 May 15:56:38 BST 2020] OK, Close and reopen your terminal to start using acme.sh
[Sun 31 May 15:56:38 BST 2020] Installing cron job
[Sun 31 May 15:56:38 BST 2020] Installing to /home/user/.acme.sh
[Sun 31 May 15:56:38 BST 2020] Installed to /home/user/.acme.sh/acme.sh
[Sun 31 May 15:56:38 BST 2020] Installing alias to '/home/user/.profile'
[Sun 31 May 15:56:38 BST 2020] OK, Close and reopen your terminal to start using acme.sh
[Sun 31 May 15:56:38 BST 2020] Installing cron job
Alternatively, in Step 3:Code: [Select]~/.acme.sh/acme.sh --issue -d your_domain.tld -d *.your_domain.tld --dns --force
P.S. don't bash @rcschaff as he does his best to help all and sundry, with as many/more typos as/than me.
Got it, the point is to run /.acme.sh/acme.sh need to reopen SSH terminal.
But SSL is still not work for my domin after all successfully installing.
this:
https://www.mysterydata.com/how-to-install-lets-encrypt-wildcard-ssl-for-your-domain-acme-v2/
and this:
https://www.mysterydata.com/how-to-enable-wildcard-domainvhost-in-nginx-and-apache-cwp-centos/
2
SSL / Re: Wlidcard SSL really how to?
« on: May 31, 2020, 02:16:14 PM »I dont know what wrong with this command as you said my linux level close to zero, I just did step by step in guide that Sandeep gave me.Code: [Select]curl https://get.acme.sh | shIf you took the time/effort to learn a bit more linux, you'd notice that the above command is totally wrong.
A bigger question is why the external references to mysterydata, when there should be 'official' CWP tutorials? (Other than self promotion.)Good question.
3
SSL / Re: Wlidcard SSL really how to?
« on: May 31, 2020, 12:07:53 PM »https://www.mysterydata.com/how-to-install-lets-encrypt-wildcard-ssl-for-your-domain-acme-v2/Step 1
cd /root
OK
Step 2
yum install socat
curl https://get.acme.sh | sh
OK
Step 3
acme.sh --issue -d mysterydata.com -d *.mysterydata.com --dns --force
Result: -bash: ./acme.sh: Is a directory
How do I run command acme.sh normally?
@rcschaff, your guide totally failed!
@Sandeep, give me please normall answer, I read the entire forum on this topic and no reliable information, please write a guide or add normal wildcard SSL function in CWP UI.
4
SSL / Re: Wlidcard SSL really how to?
« on: May 29, 2020, 09:50:43 PM »hi you need to do that your self since i think you're learningOk, thanks will try this.
take a look into it :
https://www.mysterydata.com/how-to-install-lets-encrypt-wildcard-ssl-for-your-domain-acme-v2/
https://www.mysterydata.com/how-to-enable-wildcard-domainvhost-in-nginx-and-apache-cwp-centos/
Does the CWP team are still think of integrating wildcard SSL in the CWP UI?
5
SSL / Re: Wlidcard SSL really how to?
« on: May 28, 2020, 10:24:33 PM »1) Try changing to this:Command:Code: [Select]$ORIGIN .
$TTL 86400 ; 1 day
acme.doslar.ru IN SOA ns1.doslar.ru. sergdev777.gmail.com. (
2020021035 ; serial
86400 ; refresh (1 day)
7200 ; retry (2 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
$TTL 14400 ; 4 hours
@ 14400 IN NS ns1.doslar.ru.
$ORIGIN acme.doslar.ru.
$TTL 60 ; 1 minute
named-checkzone acme.doslar.ru /var/named/acme.doslar.ru.db
Result:
/var/named/acme.doslar.ru.db:11: ignoring out-of-zone data (.)
zone acme.doslar.ru/IN: has no NS records
zone acme.doslar.ru/IN: not loaded due to errors.
6
SSL / Re: Wlidcard SSL really how to?
« on: May 24, 2020, 08:57:16 PM »
1)
2) Works!)
*3) Another error because I added CNAME token in doslar.ru.db with exist name _acme-challenge
dns_master_load: /var/named/doslar.ru.db:33: _acme-challenge.doslar.ru: multiple RRs of singleton type
Code: [Select]
$ORIGIN .
$TTL 86400 ; 1 day
acme.doslar.ru IN SOA ns1.doslar.ru. sergdev777.gmail.com. (
2020021035 ; serial
86400 ; refresh (1 day)
7200 ; retry (2 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
$TTL 14400 ; 4 hours
NS ns1.doslar.ru. ; THIS IS IMPORTANT. DO NOT USE BOTH NAMESERVERS FOR LE
$ORIGIN acme.doslar.ru.
$TTL 60 ; 1 minute
2) Works!)
*3) Another error because I added CNAME token in doslar.ru.db with exist name _acme-challenge
dns_master_load: /var/named/doslar.ru.db:33: _acme-challenge.doslar.ru: multiple RRs of singleton type
Code: [Select]
; Generated by CWP
; Zone file for doslar.ru
$TTL 14400
@ 86400 IN SOA ns1.doslar.ru. sergei.davidov.co.il. (
2020052488 ; serial, todays date+todays
3600 ; refresh, seconds
7200 ; retry, seconds
1209600 ; expire, seconds
86400 ) ; minimum, seconds
@ 86400 IN NS ns1.doslar.ru.
@ 86400 IN NS ns2.doslar.ru.
@ IN A 45.77.53.216
localhost.doslar.ru. IN A 127.0.0.1
@ IN MX 0 doslar.ru.
mail 14400 IN CNAME doslar.ru.
smtp 14400 IN CNAME doslar.ru.
pop 14400 IN CNAME doslar.ru.
pop3 14400 IN CNAME doslar.ru.
imap 14400 IN CNAME doslar.ru.
webmail 14400 IN A 45.77.53.216
cpanel 14400 IN A 45.77.53.216
cwp 14400 IN A 45.77.53.216
www 14400 IN CNAME doslar.ru.
ftp 14400 IN CNAME doslar.ru.
_dmarc 14400 IN TXT "v=DMARC1; p=none"
@ 14400 IN TXT "v=spf1 +a +mx +ip4:45.77.53.216 ~all"
ns1.doslar.ru. 14400 IN A 136.244.81.190 ; #ns1
ns2.doslar.ru. 14400 IN A 95.179.161.170 ; #ns2
default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF0HE6hTjv6XgJw02H+q22ULp2jJ1MV8MAzTN+82WT+IKQN8dhXvYqtqFEOP0sYRqcnSWnzxUJrC8JZxMEFx4bWS2LjZkvnFw+SS1tzbRIQk+AKcr3qllzqNgjoMnQfxQushbUAfbQproVJQavzKvtm9YYS4vZIVMeXFQx0I3+BwIDAQAB"
_acme-challenge 600 IN CNAME _acme-challenge.acme.doslar.ru.
_acme-challenge.* 600 IN CNAME _acme-challenge.acme.doslar.ru.
* IN A 45.77.53.216
_acme-challenge 600 IN CNAME uLWyv07d65GnjxtuGzoZXGh2cE8owWh3W0SXKDsW2TM
7
SSL / Re: Wlidcard SSL really how to?
« on: May 24, 2020, 08:41:08 PM »Done okQuotedns_master_load: /var/named/acme.doslar.ru.db:13: extra input textOpen acme.doslar.ru.db
/var/named/acme.doslar.ru.db: file does not end with newline
zone acme.doslar.ru/IN: loading from master file /var/named/acme.doslar.ru.db failed: extra input text
zone acme.doslar.ru/IN: not loaded due to errors.
go to the last line and hit enter, then save
Also DNS not restarted, because /etc/named.conf:14: bad secret 'bad base64 encoding'
Code: [Select]
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a any DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
key "acme" {
algorithm hmac-md5;
secret "[trIHAr8vNJrEWQWYkcZiM4POxGh+IhtbxU/P85yeXGxOvSP23hWnmTnKkT4Fc9hffjTToAHqTIlwW+0lCKjTpw==]"; LINE 14
};
8
SSL / Re: Wlidcard SSL really how to?
« on: May 24, 2020, 08:21:54 PM »Code: [Select]named-checkzone acme.schaffner.org /var/named/acme.schaffner.org.db
[/quote]
Check /root/.acme.sh/ folder.There is not .crt file, but there is .csr files(?!)
int there you will find several files including .key .bundle and .crt
I guess I will make a script to do wildcard certificates to make things easier.This is a great idea, will the script be compatible with CentOS7?
9
SSL / Re: Wlidcard SSL really how to?
« on: May 24, 2020, 07:20:46 PM »
Thank you rcschaff! Now all pass without incidents, but still no wildcard SSL worked.
Are you sure secret "(key)", not ("key")?
Are you sure secret "(key)", not ("key")?
And do need this code together with this in etc/named.conf?Code: [Select]key "acme" {
algorithm hmac-md5;
secret "(KEY GOES HERE)";
};
Code: [Select]
zone "acme.schaffner.org" {
type master;
file "/var/named/acme.schaffner.org.db";
allow-update {
key "acme";
};
};
10
SSL / Re: Wlidcard SSL really how to?
« on: May 24, 2020, 07:32:26 AM »To get wildcard ssl from LetsEncrypt, you have to validate over DNS. I posted a pretty good guide on here on how to do it, bit it's complicated to set up at first.Do you mean this guide?
http://forum.centos-webpanel.com/index.php?topic=4686.0
If yes, I forwarded step by step, its not work for me(CentOS7).
Install haveged: yum install haveged OK
Generate a tsig:
cd /etc/named/ OK
dnssec-keygen -a HMAC-SHA512 -b 512 -n acme return: dnssec-keygen: fatal: the key name was not specified
Create a new zone called acme.schaffner.org:
/etc/named.conf
Code: [Select]
zone "acme.schaffner.org" {
type master;
file "/var/named/acme.schaffner.org.db";
allow-update {
key "acme";
};
};Done/var/named/acme.schaffner.org.db
Code: [Select]
$ORIGIN .
$TTL 86400 ; 1 day
acme.schaffner.org IN SOA ns1.schaffner.org. rcschaff82.gmail.com. (
2020021035 ; serial
86400 ; refresh (1 day)
7200 ; retry (2 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
$TTL 14400 ; 4 hours
NS ns1.schaffner.org. ; THIS IS IMPORTANT. DO NOT USE BOTH NAMESERVERS FOR LE
$ORIGIN acme.schaffner.org.
$TTL 60 ; 1 minuteDone, but it's displayed corrupted in DNS Functions > List DNS Zones >Edit RecordsNow the fun part. You must add a cname for every domain that you want to have a wildcard certificate. Add the following to those domains dns entries ((**NOTE: This also works for domains not hosted on your server, ex godaddy))
Code: [Select]
_acme-challenge 600 IN CNAME _acme-challenge.acme.schaffner.org.
_acme-challenge.* 600 IN CNAME _acme-challenge.acme.schaffner.org.DoneNow you are setup to generate wildcard certificates. IN this example I added the above cnames to domain.com
Code: [Select]
NSUPDATE_SERVER=localhost NSUPDATE_KEY=/etc/named/acme.key ./.acme.sh/acme.sh --issue --test -d *.domain.com --challenge-alias acme.schaffner.org --dns dns_nsupdate --debug 2Return: -bash: ./.acme.sh/acme.sh: No such file or directory*schaffner.org changed with my server domain name.
Moreover, restart DNS failed because named.conf
11
SSL / Wlidcard SSL really how to?
« on: May 23, 2020, 07:04:50 PM »
I searched all the forum about wildcard SSL problem, there are few "solutions" that users post there, but no one of them really works.
I did part of steps that really need for wildcard:
1) CWP7 > WebServer Settings > WebServers Conf Editor > '/usr/local/apache/conf.d/vhosts/' > DOMAIN.conf > Edit:
2) DNS Functions > List DNS Zones > mydomain.tld.db > Edit Records > Add A record Record:
What the other need to do?
I did part of steps that really need for wildcard:
1) CWP7 > WebServer Settings > WebServers Conf Editor > '/usr/local/apache/conf.d/vhosts/' > DOMAIN.conf > Edit:
Quote
ServerAlias www.mydomain.tldchange to
Quote
ServerAlias *.mydomain.tld
2) DNS Functions > List DNS Zones > mydomain.tld.db > Edit Records > Add A record Record:
Quote
Name: *
Quote
Direction IPv4 address: domain_server_ip
What the other need to do?
12
Scripts / Re: StingRay's Dark Theme for CWP
« on: May 14, 2020, 12:48:22 AM »
If someone need, I EDITED the dark theme of raylee, now its dark gray instead of black, also added blue colors and dark text on dark background fixed.
Here is the code of /usr/local/cwpsrv/htdocs/admin/design/css/custom.css:
Here is the code of /usr/local/cwpsrv/htdocs/admin/design/css/custom.css:
Code: [Select]
html,.deleted
{
/*background:#000;*/
-webkit-filter:invert(0.92) hue-rotate(180deg)!important;
-moz-filter:invert(0.92) hue-rotate(180deg)!important;
filter:invert(0.92) hue-rotate(180deg)!important;
filter:progid:DXImageTransform.Microsoft.BasicImage(grayscale=0,xray=0,mirror=0,invert=0.92,opacity=1,rotation=2)!important;
-webkit-transition:100ms ease all;
transition:100ms ease all;
-o-transition-duration:100ms ease all
}
img,embed[flashvars],[type*="application/x-shockwave-flash"],[type*="application/x-silverlight"]
{
-webkit-filter:invert(0.92) hue-rotate(180deg)!important;
-moz-filter:invert(0.92) hue-rotate(180deg)!important;
filter:invert(0.92) hue-rotate(180deg)!important;
filter:progid:DXImageTransform.Microsoft.BasicImage(grayscale=0,xray=0,mirror=0,invert=0.92,opacity=1,rotation=2)!important;
}
tr > td > a > img,th > a > img
{
filter:url("data:image/svg+xml;utf8,<svg xmlns=\'http://www.w3.org/2000/svg\'><filter id=\'invert\'><feColorMatrix type=\'matrix\' values=\'-1 0 0 0 1 0 -1 0 0 1 0 0 -1 0 1 0 0 0 1 0\'/></filter></svg>#invert")!important;-webkit-filter:hue-rotate(180deg)!important;
filter:hue-rotate(180deg)!important;
filter:progid:DXImageTransform.Microsoft.BasicImage(grayscale=0,xray=0,mirror=0,invert=0,opacity=1,rotation=2)!important
}
/*sergdev*/
#sidebar .sidenav .mainnav ul li
{
background-color: #f4f6ff;
}
div:not(.navbar-header)>a, li>a:not(.active), .panel-heading, .title.mb0
{
background-image: linear-gradient(to bottom, #fafafa 0%, #f3f5ff 100%) !important;
}
.panel .panel-body, .input-group-addon, .panel-body pre, #myTabContent22
{
background-color: #f3f5ff;
}
.panel-heading span, .progress-bar font, #myTabService li.active a, #myTabService li.active a i::before
{
color: #454545 !important;
}
.navbar-brand
{
font-size: 0 !important;
}
.navbar-brand .slogan
{
display: none;
}
.navbar-brand::before
{
content: 'YOUR_HOSTNAME.';
font-size: 30px;
}
.navbar-brand::after
{
content: 'admin';
font-size: 14px;
color: #6b6b6b;
}
Pages: [1]
