Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - sergdev777

Pages: [1]
1
SSL / Re: Wlidcard SSL really how to?
« on: June 04, 2020, 11:50:27 PM »
In fact, I just checked; I stand corrected (actually lounging)! There is a trick of curl/HTML going on there and the command should work. :-\

I think that you may have missed a step:
Quote
[Sun 31 May 15:56:38 BST 2020] Installing to /home/user/.acme.sh
[Sun 31 May 15:56:38 BST 2020] Installed to /home/user/.acme.sh/acme.sh
[Sun 31 May 15:56:38 BST 2020] Installing alias to '/home/user/.profile'
[Sun 31 May 15:56:38 BST 2020] OK, Close and reopen your terminal to start using acme.sh
[Sun 31 May 15:56:38 BST 2020] Installing cron job
[Sun 31 May 15:56:38 BST 2020] Installing to /home/user/.acme.sh
[Sun 31 May 15:56:38 BST 2020] Installed to /home/user/.acme.sh/acme.sh
[Sun 31 May 15:56:38 BST 2020] Installing alias to '/home/user/.profile'
[Sun 31 May 15:56:38 BST 2020] OK, Close and reopen your terminal to start using acme.sh
[Sun 31 May 15:56:38 BST 2020] Installing cron job

Alternatively, in Step 3:
Code: [Select]
~/.acme.sh/acme.sh  --issue -d your_domain.tld  -d  *.your_domain.tld  --dns --force

P.S. don't bash @rcschaff as he does his best to help all and sundry, with as many/more typos as/than me.

Got it, the point is to run /.acme.sh/acme.sh need to reopen SSH terminal.

But SSL is still not work for my domin after all successfully installing.
this:
https://www.mysterydata.com/how-to-install-lets-encrypt-wildcard-ssl-for-your-domain-acme-v2/
and this:
https://www.mysterydata.com/how-to-enable-wildcard-domainvhost-in-nginx-and-apache-cwp-centos/

2
SSL / Re: Wlidcard SSL really how to?
« on: May 31, 2020, 02:16:14 PM »
Code: [Select]
curl https://get.acme.sh | shIf you took the time/effort to learn a bit more linux, you'd notice that the above command is totally wrong.
I dont know what wrong with this command as you said my linux level close to zero, I just did step by step in guide that Sandeep gave me.


A bigger question is why the external references to mysterydata, when there should be 'official' CWP tutorials? (Other than self promotion.)
Good question.

3
SSL / Re: Wlidcard SSL really how to?
« on: May 31, 2020, 12:07:53 PM »
https://www.mysterydata.com/how-to-install-lets-encrypt-wildcard-ssl-for-your-domain-acme-v2/
Step 1
cd /root
OK

Step 2
yum install socat
curl https://get.acme.sh | sh
OK

Step 3
acme.sh  --issue -d mysterydata.com  -d  *.mysterydata.com  --dns --force
Result: -bash: ./acme.sh: Is a directory
How do I run command acme.sh normally?

@rcschaff, your guide totally failed!
@Sandeep, give me please normall answer, I read the entire forum on this topic and no reliable information, please write a guide or add normal wildcard SSL function in CWP UI.

4
SSL / Re: Wlidcard SSL really how to?
« on: May 29, 2020, 09:50:43 PM »
hi you need to do that your self since i think you're learning
take a look into it :
https://www.mysterydata.com/how-to-install-lets-encrypt-wildcard-ssl-for-your-domain-acme-v2/
https://www.mysterydata.com/how-to-enable-wildcard-domainvhost-in-nginx-and-apache-cwp-centos/
Ok, thanks will try this.
Does the CWP team are still think of integrating wildcard SSL in the CWP UI?

5
SSL / Re: Wlidcard SSL really how to?
« on: May 28, 2020, 10:24:33 PM »
1) Try changing to this:
Code: [Select]
$ORIGIN .
$TTL 86400      ; 1 day
acme.doslar.ru      IN SOA  ns1.doslar.ru. sergdev777.gmail.com. (
                                2020021035 ; serial
                                86400      ; refresh (1 day)
                                7200       ; retry (2 hours)
                                3600000    ; expire (5 weeks 6 days 16 hours)
                                86400      ; minimum (1 day)
                                )
$TTL 14400      ; 4 hours
@     14400       IN      NS      ns1.doslar.ru.
$ORIGIN acme.doslar.ru.
$TTL 60 ; 1 minute

Command:
named-checkzone acme.doslar.ru /var/named/acme.doslar.ru.db

Result:
/var/named/acme.doslar.ru.db:11: ignoring out-of-zone data (.)
zone acme.doslar.ru/IN: has no NS records
zone acme.doslar.ru/IN: not loaded due to errors.

6
SSL / Re: Wlidcard SSL really how to?
« on: May 24, 2020, 08:57:16 PM »
1)
Code: [Select]
$ORIGIN .
$TTL 86400      ; 1 day
acme.doslar.ru      IN SOA  ns1.doslar.ru. sergdev777.gmail.com. (
                                2020021035 ; serial
                                86400      ; refresh (1 day)
                                7200       ; retry (2 hours)
                                3600000    ; expire (5 weeks 6 days 16 hours)
                                86400      ; minimum (1 day)
                                )
$TTL 14400      ; 4 hours
                        NS      ns1.doslar.ru.  ;   THIS IS IMPORTANT.  DO NOT USE BOTH NAMESERVERS FOR LE
$ORIGIN acme.doslar.ru.
$TTL 60 ; 1 minute


2) Works!)

*3) Another error because I added CNAME token in doslar.ru.db with exist name _acme-challenge
dns_master_load: /var/named/doslar.ru.db:33: _acme-challenge.doslar.ru: multiple RRs of singleton type
Code: [Select]
; Generated by CWP
; Zone file for doslar.ru
$TTL 14400
@    86400        IN      SOA     ns1.doslar.ru. sergei.davidov.co.il. (
2020052488 ; serial, todays date+todays
3600            ; refresh, seconds
7200            ; retry, seconds
1209600         ; expire, seconds
86400 )         ; minimum, seconds
@ 86400 IN NS ns1.doslar.ru.
@ 86400 IN NS ns2.doslar.ru.
@ IN A 45.77.53.216
localhost.doslar.ru. IN A 127.0.0.1
@ IN MX 0 doslar.ru.
mail 14400 IN CNAME doslar.ru.
smtp 14400 IN CNAME doslar.ru.
pop  14400 IN CNAME doslar.ru.
pop3 14400 IN CNAME doslar.ru.
imap 14400 IN CNAME doslar.ru.
webmail 14400 IN A 45.77.53.216
cpanel 14400 IN A 45.77.53.216
cwp 14400 IN A 45.77.53.216
www 14400 IN CNAME doslar.ru.
ftp 14400 IN CNAME doslar.ru.
_dmarc 14400 IN TXT "v=DMARC1; p=none"
@ 14400 IN TXT "v=spf1 +a +mx +ip4:45.77.53.216 ~all"
ns1.doslar.ru.     14400   IN      A       136.244.81.190  ; #ns1
ns2.doslar.ru.     14400   IN      A       95.179.161.170  ; #ns2
default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF0HE6hTjv6XgJw02H+q22ULp2jJ1MV8MAzTN+82WT+IKQN8dhXvYqtqFEOP0sYRqcnSWnzxUJrC8JZxMEFx4bWS2LjZkvnFw+SS1tzbRIQk+AKcr3qllzqNgjoMnQfxQushbUAfbQproVJQavzKvtm9YYS4vZIVMeXFQx0I3+BwIDAQAB"
_acme-challenge 600     IN      CNAME   _acme-challenge.acme.doslar.ru.
_acme-challenge.* 600     IN      CNAME   _acme-challenge.acme.doslar.ru.
*  IN A 45.77.53.216
_acme-challenge 600     IN      CNAME   uLWyv07d65GnjxtuGzoZXGh2cE8owWh3W0SXKDsW2TM

7
SSL / Re: Wlidcard SSL really how to?
« on: May 24, 2020, 08:41:08 PM »
Quote
dns_master_load: /var/named/acme.doslar.ru.db:13: extra input text
/var/named/acme.doslar.ru.db: file does not end with newline
zone acme.doslar.ru/IN: loading from master file /var/named/acme.doslar.ru.db failed: extra input text
zone acme.doslar.ru/IN: not loaded due to errors.
Open acme.doslar.ru.db

go to the last line and hit enter, then save
Done ok


Also DNS not restarted, because /etc/named.conf:14: bad secret 'bad base64 encoding'
Code: [Select]
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a any DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

key "acme" {
          algorithm hmac-md5;
          secret "[trIHAr8vNJrEWQWYkcZiM4POxGh+IhtbxU/P85yeXGxOvSP23hWnmTnKkT4Fc9hffjTToAHqTIlwW+0lCKjTpw==]"; LINE 14
};

8
SSL / Re: Wlidcard SSL really how to?
« on: May 24, 2020, 08:21:54 PM »
Code: [Select]
named-checkzone acme.schaffner.org /var/named/acme.schaffner.org.db

[/quote]



Check /root/.acme.sh/ folder.
int there you will find several files including .key .bundle and .crt
There is not .crt file, but there is .csr files(?!)

I guess I will make a script to do wildcard certificates to make things easier.
This is a great idea, will the script be compatible with CentOS7?

9
SSL / Re: Wlidcard SSL really how to?
« on: May 24, 2020, 07:20:46 PM »
Thank you rcschaff! Now all pass without incidents, but still no wildcard SSL worked.

Are you sure secret "(key)", not ("key")?
Code: [Select]
key "acme" {
          algorithm hmac-md5;
          secret "(KEY GOES HERE)";
};

And do need this code together with this in etc/named.conf?
Code: [Select]
zone "acme.schaffner.org" {
        type master;
        file "/var/named/acme.schaffner.org.db";
        allow-update {
                key "acme";
        };
};

10
SSL / Re: Wlidcard SSL really how to?
« on: May 24, 2020, 07:32:26 AM »
To get wildcard ssl from LetsEncrypt, you have to validate over DNS.  I posted a pretty good guide on here on how to do it, bit it's complicated to set up at first.
Do you mean this guide?
http://forum.centos-webpanel.com/index.php?topic=4686.0

If yes, I forwarded step by step, its not work for me(CentOS7).


Install haveged:  yum install haveged OK

Generate a tsig:
cd /etc/named/ OK
dnssec-keygen -a HMAC-SHA512 -b 512 -n acme return: dnssec-keygen: fatal: the key name was not specified

Create a new zone called acme.schaffner.org:
/etc/named.conf
Code: [Select]
zone "acme.schaffner.org" {
        type master;
        file "/var/named/acme.schaffner.org.db";
        allow-update {
                key "acme";
        };
};
Done

/var/named/acme.schaffner.org.db
Code: [Select]
$ORIGIN .
$TTL 86400      ; 1 day
acme.schaffner.org      IN SOA  ns1.schaffner.org. rcschaff82.gmail.com. (
                                2020021035 ; serial
                                86400      ; refresh (1 day)
                                7200       ; retry (2 hours)
                                3600000    ; expire (5 weeks 6 days 16 hours)
                                86400      ; minimum (1 day)
                                )
$TTL 14400      ; 4 hours
                        NS      ns1.schaffner.org.  ;   THIS IS IMPORTANT.  DO NOT USE BOTH NAMESERVERS FOR LE
$ORIGIN acme.schaffner.org.
$TTL 60 ; 1 minute
Done, but it's displayed corrupted in DNS Functions > List DNS Zones >Edit Records

Now the fun part.  You must add a cname for every domain that you want to have a wildcard certificate.  Add the following to those domains dns entries ((**NOTE: This also works for domains not hosted on your server, ex godaddy))
Code: [Select]
_acme-challenge 600     IN      CNAME   _acme-challenge.acme.schaffner.org.
_acme-challenge.* 600     IN      CNAME   _acme-challenge.acme.schaffner.org.
Done

Now you are setup to generate wildcard certificates.  IN this example I added the above cnames to domain.com
Code: [Select]
NSUPDATE_SERVER=localhost NSUPDATE_KEY=/etc/named/acme.key ./.acme.sh/acme.sh --issue --test -d *.domain.com --challenge-alias acme.schaffner.org --dns dns_nsupdate --debug 2Return: -bash: ./.acme.sh/acme.sh: No such file or directory

*schaffner.org changed with my server domain name.

Moreover, restart DNS failed because named.conf

11
SSL / Wlidcard SSL really how to?
« on: May 23, 2020, 07:04:50 PM »
I searched all the forum about wildcard SSL problem, there are few "solutions" that users post there, but no one of them really works.

I did part of steps that really need for wildcard:

1) CWP7 > WebServer Settings > WebServers Conf Editor > '/usr/local/apache/conf.d/vhosts/' > DOMAIN.conf > Edit:
Quote
ServerAlias www.mydomain.tld
change to
Quote
ServerAlias *.mydomain.tld

2) DNS Functions > List DNS Zones > mydomain.tld.db > Edit Records > Add A record Record:
Quote
Name: *
Quote
Direction IPv4 address: domain_server_ip

What the other need to do?

12
Scripts / Re: StingRay's Dark Theme for CWP
« on: May 14, 2020, 12:48:22 AM »
If someone need, I EDITED the dark theme of raylee, now its dark gray instead of black, also added blue colors and dark text on dark background fixed.
Here is the code of /usr/local/cwpsrv/htdocs/admin/design/css/custom.css:
Code: [Select]
html,.deleted
{
/*background:#000;*/
-webkit-filter:invert(0.92) hue-rotate(180deg)!important;
-moz-filter:invert(0.92) hue-rotate(180deg)!important;
filter:invert(0.92) hue-rotate(180deg)!important;
filter:progid:DXImageTransform.Microsoft.BasicImage(grayscale=0,xray=0,mirror=0,invert=0.92,opacity=1,rotation=2)!important;
-webkit-transition:100ms ease all;
transition:100ms ease all;
-o-transition-duration:100ms ease all
}

img,embed[flashvars],[type*="application/x-shockwave-flash"],[type*="application/x-silverlight"]
{
-webkit-filter:invert(0.92) hue-rotate(180deg)!important;
-moz-filter:invert(0.92) hue-rotate(180deg)!important;
filter:invert(0.92) hue-rotate(180deg)!important;
filter:progid:DXImageTransform.Microsoft.BasicImage(grayscale=0,xray=0,mirror=0,invert=0.92,opacity=1,rotation=2)!important;
}

tr > td > a > img,th > a > img
{
filter:url("data:image/svg+xml;utf8,<svg xmlns=\'http://www.w3.org/2000/svg\'><filter id=\'invert\'><feColorMatrix type=\'matrix\' values=\'-1 0 0 0 1 0 -1 0 0 1 0 0 -1 0 1 0 0 0 1 0\'/></filter></svg>#invert")!important;-webkit-filter:hue-rotate(180deg)!important;
filter:hue-rotate(180deg)!important;
filter:progid:DXImageTransform.Microsoft.BasicImage(grayscale=0,xray=0,mirror=0,invert=0,opacity=1,rotation=2)!important
}

/*sergdev*/
#sidebar .sidenav .mainnav ul li
{
background-color: #f4f6ff;
}

div:not(.navbar-header)>a, li>a:not(.active), .panel-heading, .title.mb0
{
background-image: linear-gradient(to bottom, #fafafa 0%, #f3f5ff 100%) !important;
}

.panel .panel-body, .input-group-addon, .panel-body pre, #myTabContent22
{
background-color: #f3f5ff;
}

.panel-heading span, .progress-bar font, #myTabService li.active a, #myTabService li.active a i::before
{
color: #454545 !important;
}

.navbar-brand
{
font-size: 0 !important;
}

.navbar-brand .slogan
{
display: none;
}

.navbar-brand::before
{
content: 'YOUR_HOSTNAME.';
    font-size: 30px;
}

.navbar-brand::after
{
content: 'admin';
font-size: 14px;
    color: #6b6b6b;
}

Pages: [1]