This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
SSL / Tutorial: Install SSL Certificate on Shared IP Domain
« on: October 18, 2015, 09:22:06 AM »
If you will follow this tutorial I assume you already bought an SSL Certificate (I used COMODO Positive SSL from NameCheap.com for this tutorial) and you just need to install it. Also, I assume that your server is functioning properly.
1) Go to SSL Generator ("Security" - "SSL Generator"), fill in the form with your info (only english symbols).
If you want self signed certificate (not the one bought and signed by proper SSL Authorities like COMODO), then you tick the box that says “Generate Self Signed Certificate (It will display browser warnings)". The certificate will do as it says - will display browser warnings, and it’s not for general/public use. (If you do need self signed certificate, then after generating it jump to STEP 8). You don't need to tick that box if you're installing purchased SSL Certificate.
Press “Generate”. You will get 2 text paragraphs. One starting “-----BEGIN CERTIFICATE REQUEST-----“ and other starting "-----BEGIN PRIVATE KEY-----". Copy them both to a new text file. You might need them later.
2) Copy just the first one, that starts with "-----BEGIN CERTIFICATE REQUEST-----" and go activate/sign it at your Certificate Authority page, where you bought a certificate, following the steps they provide. They will ask you to approve it (I did it by email), and then they will send you a .zip file with .crt and bundle files inside the archive. Download archive to your computer and unzip it. There will also be a text version of .crt file in an email you receive, but we won't need it.
3) Go to SSL Cert Manager, press on “Location of Certificate files” link. That will open File Manager of certs directory. You can use that manager to do the next steps, or you can connect to that directory (/etc/pki/tls/certs/) via FTP, as I did. Upload both new files that you got from COMODO to that directory.
4) Rename your 2 new uploaded files to the same name structure that the other files beginning with "yourdomain.com" are ("yourdomain.com.cert"; "yourdomain.com.csr"). Your new files should be like that - "yourdomain.com.crt" and "yourdomain.com.bundle".
5) If you look at File Manager now (refresh the page), you will see that .cert file is pointing (—>) to .crt file in the same directory. The pointing destination file should be exactly the same name as our new file that we just renamed.
6) Find the .key file. In my case I found it generated back in directory called “private” (/etc/pki/tls/private/), copy it to certs directory (download and upload to that directory). Make sure the name structure of that file is the same as others ("yourdomain.com.key").
7) At this point you should have 5 files showing in the File Manager/FTP directory beginning with your domain name: .bundle; .cert; (pointing to .crt); .crt; .csr; and .key;. They all should have the same default name structure of those first 2 files that were generated for you. For example: yourdomain.com.* (* is the ending of a file e.g crt). If they wont mach - it might not work or you might have to specify the location of .key or other files in your "vhost-ssl.conf" (the link to it is shown on SSL Cert Manager page).
8 ) Press this link in SSL Cert Manager: Location of Apache vHost file /usr/local/apache/conf.d/vhosts-ssl.conf. Clear everything in it and save (if you don't have any other SSL certificates already installed).
9) Go to "SSL Cert Manager" - "Install SSL Certificate" tab. Choose certificate yourdomain.com.cert (NOT .CRT!), choose user (usually that's the default one you created, if you are managing single user server), then add the path to your domain's root directory. In my case I just added "/yourdomain_com" to "public_html" that was already typed in there (this is the way I add my domains in default user account - my domain path of root directories leads to public_html, and the root directories have this kind of name structure - yourdomain_com).
Then enter domain name (yourdomain.com), IP (Shared IP) and Port (443) should be ok (I'm assuming your'e doing this on shared IP just like me, as I still couldn't find out how to set up a domain with separate IP, and no one is answering to my posts in this forum. I guess I might have to create new account for every IP that I want to use...).
Then click "Install SSL".
There might be some errors, and apache might not start at this point. I did it 6 times to make this tutorial, and I'm still not sure how it actually works. I don't know why they did it so complicated...
9) Reboot server.
10) Test the SSL with the button listed under "Domain" tab, hopefully it will work and you will have SSL running. If not, then try pressing "Reload Apache", "Restart Apache" and if you still see error, then restart whole system again.
If you delete that SSL, you might see errors again, but if it was installed correctly there shouldn't be any.
I hope that worked for you, as I did spent 2 sleepless days and nights figuring it out.
If it did worked for you, then you can use this tutorial to install SSL Certificates on other domains too.
This tutorial is just a suggestion of how to install SSL Certificate on domain that is using Shared IP, in Centos Web Panel. I do not take any responsibility for any outcome of using this tutorial.
Have fun!
M.B.
1) Go to SSL Generator ("Security" - "SSL Generator"), fill in the form with your info (only english symbols).
If you want self signed certificate (not the one bought and signed by proper SSL Authorities like COMODO), then you tick the box that says “Generate Self Signed Certificate (It will display browser warnings)". The certificate will do as it says - will display browser warnings, and it’s not for general/public use. (If you do need self signed certificate, then after generating it jump to STEP 8). You don't need to tick that box if you're installing purchased SSL Certificate.
Press “Generate”. You will get 2 text paragraphs. One starting “-----BEGIN CERTIFICATE REQUEST-----“ and other starting "-----BEGIN PRIVATE KEY-----". Copy them both to a new text file. You might need them later.
2) Copy just the first one, that starts with "-----BEGIN CERTIFICATE REQUEST-----" and go activate/sign it at your Certificate Authority page, where you bought a certificate, following the steps they provide. They will ask you to approve it (I did it by email), and then they will send you a .zip file with .crt and bundle files inside the archive. Download archive to your computer and unzip it. There will also be a text version of .crt file in an email you receive, but we won't need it.
3) Go to SSL Cert Manager, press on “Location of Certificate files” link. That will open File Manager of certs directory. You can use that manager to do the next steps, or you can connect to that directory (/etc/pki/tls/certs/) via FTP, as I did. Upload both new files that you got from COMODO to that directory.
4) Rename your 2 new uploaded files to the same name structure that the other files beginning with "yourdomain.com" are ("yourdomain.com.cert"; "yourdomain.com.csr"). Your new files should be like that - "yourdomain.com.crt" and "yourdomain.com.bundle".
5) If you look at File Manager now (refresh the page), you will see that .cert file is pointing (—>) to .crt file in the same directory. The pointing destination file should be exactly the same name as our new file that we just renamed.
6) Find the .key file. In my case I found it generated back in directory called “private” (/etc/pki/tls/private/), copy it to certs directory (download and upload to that directory). Make sure the name structure of that file is the same as others ("yourdomain.com.key").
7) At this point you should have 5 files showing in the File Manager/FTP directory beginning with your domain name: .bundle; .cert; (pointing to .crt); .crt; .csr; and .key;. They all should have the same default name structure of those first 2 files that were generated for you. For example: yourdomain.com.* (* is the ending of a file e.g crt). If they wont mach - it might not work or you might have to specify the location of .key or other files in your "vhost-ssl.conf" (the link to it is shown on SSL Cert Manager page).
8 ) Press this link in SSL Cert Manager: Location of Apache vHost file /usr/local/apache/conf.d/vhosts-ssl.conf. Clear everything in it and save (if you don't have any other SSL certificates already installed).
9) Go to "SSL Cert Manager" - "Install SSL Certificate" tab. Choose certificate yourdomain.com.cert (NOT .CRT!), choose user (usually that's the default one you created, if you are managing single user server), then add the path to your domain's root directory. In my case I just added "/yourdomain_com" to "public_html" that was already typed in there (this is the way I add my domains in default user account - my domain path of root directories leads to public_html, and the root directories have this kind of name structure - yourdomain_com).
Then enter domain name (yourdomain.com), IP (Shared IP) and Port (443) should be ok (I'm assuming your'e doing this on shared IP just like me, as I still couldn't find out how to set up a domain with separate IP, and no one is answering to my posts in this forum. I guess I might have to create new account for every IP that I want to use...).
Then click "Install SSL".
There might be some errors, and apache might not start at this point. I did it 6 times to make this tutorial, and I'm still not sure how it actually works. I don't know why they did it so complicated...
9) Reboot server.
10) Test the SSL with the button listed under "Domain" tab, hopefully it will work and you will have SSL running. If not, then try pressing "Reload Apache", "Restart Apache" and if you still see error, then restart whole system again.
If you delete that SSL, you might see errors again, but if it was installed correctly there shouldn't be any.
I hope that worked for you, as I did spent 2 sleepless days and nights figuring it out.
If it did worked for you, then you can use this tutorial to install SSL Certificates on other domains too.
This tutorial is just a suggestion of how to install SSL Certificate on domain that is using Shared IP, in Centos Web Panel. I do not take any responsibility for any outcome of using this tutorial.
Have fun!
M.B.
2
CentOS 6 Problems / CWP Problems and Suggestions
« on: October 15, 2015, 06:54:06 AM »
Hello. Recently I installed and configured CWP on my Centos 6.7 VPS. I had loads of issues while doing that and spent a lot of time dealing with them. I wanted to make a proper list, of issues that I dealt with, but while the time passed, i forgot. So i will post the ones that I remember, and I might add more later if I remember or find.
Nr) - The issue; * - Suggestion;
1) Mail auto-reply does not work. It just does not work. I even did create an account, still did not work.
* Make it work. Fix it.
2) User have to create an email account in order to make alias/forward to work.
* It might be some kind of a rule, but it would be much easier if that would work in background automatically, and users would not have to manually create and delete email account if they need only a alias/forwarder.
3) Root can't create email alias/forwarders. Only created user can. Why? This brings to Nr. 4.
4) Additional user has to be created in order for some functions to work (like creating email alias/forwarders). Now why do I need that extra user at all? Most of the systems that would use a FREE Server Control Panel is a SINGLE user systems, where only server admin deals with configuration and maintenance. Creating another user, especially ONLY to be able to do some things, is just annoying and consumes time (especially when you need to log out of root and log in with other user and then again back to root...).
*The feature to be able to create users is good to have, but it has to work properly, and root HAS to have ability to manage server just by himself (with one, root account).
5) The issue Nr. 4 is the reason for this next issue. While having to create additional user to manage domains, and mailboxes, the system creates problems with ownership and permissions. I already had to fix the permissions at least 3 times, because some software messes up the permissions and then system just shows an error on the webpage... AND even when I fix the permissions, the main created user folder gets root users ownership! So that means that created user CAN'T log in with FTP. So I have to fix it manually via SSH.
* Make a system function well without a need to create additional user. And when additional user is created, the permissions have to be right. You need to look into that. It's important.
6) Name Server records. This one is really annoying. I have worked with quite few CP's, but this one is a tuffy Most of users, just like me, they want to have their own Name Servers running on their server. Why is it so complicated to set them up? And there are no good tutorial how to do that. At least I couldn't find a proper one. I did found one that helped me a little, though, so I managed... The default installation created zone records for entered domain (ns1.domain.com.db, ns2.domain.com.db), thats good, bet then I have to go to all that trouble to create another user to be able to actually ADD that domain to the system to create it's main zone. And when I do that, It still doesn't work. Why? Because there are no records pointing to name server IP's. These records for main domain.com zone:
ns1 14400 IN A IP.IP.IP.111
ns2 14400 IN A IP.IP.IP.112
So I find out HOW to enter those records, I try to do that, and it still doesn't work. At that point I'm confused. I try to edit the zone myself manually, and what I find out, that I can add these records ONLY manually. Edit Records function DOES NOT WORK. And even when I enter them manually I can't enter them under the line (; Add additional settings below this line), because if I do, it wont work. So for me the only way to add these records and make them work was to enter them under the line:
domain.com. IN A IP.IP.IP.110
Have no idea why it doesn't work in other editing methods.
* Create a module that would easily allow users to set if the Server is using it's own name servers or only one name server, or any other option, set name server IP's, add records automatically AND all that would be best done AFTER the adding of main domain for name servers (preferably the same domain used for hostname), not after you create ns1, ns2... It would be just so much easier if there would be such an option to select.
7) Priority for mail records are not added.
domain.com. IN MX 10 domain.com.
*Not sure how important this actually is, but from what I experienced the number 10 is added even if theres only one mail server.
8 ) Speaking about IP's and domains. I still couldn't figure out HOW to change/assign IP to a domain? I believe theres a lot of users that have more than 2 or 3 IP's and would like certain domains be assigned to different IP than the shared one. Is there any way to do that at all? Please tell me.
* Create a module for assigning IP's to domains. Best if it's set up at the point of adding a domain, and all records are created automatically. I think VESTA CP has this feature, that works quite nicely. You should check it out...
9) TTL's (time to live) in the default templates are not by the standards of RFC's. So I had to configure them according to recommended values. It gives warnings on DNS check tools when you are using inappropriate values. Best to keep it right.
* I understand that TTL's are relative and depends on each server/website individually, but all I'm saying is that you need to review those default TTL values and make them at least in borders of universal recommendations. That would save time for users to edit templates or records (hopefully they won't need to delete all domains and add them again).
10) Http test pages. This was also a tricky one. I can't find an option anywhere in CWP to be able to change the test page file. I can't find an option to delete it, or switch it off, neither I can set the pointer either. I have ns1.domain.com, ns2.domain.com, mail.domain.com and so on, in mind. If you enter these to browser, they all will open a http test page, which is quite hard to find But I did found it, after I found a website that told me a location of that file on a server (and that wasn't even CWP website...). So I tried to delete it, but when I do that, then after you open the address in a browser, you can see the directories that are in the same folder. And you can't change permissions, cause that might end up badly. The folders and http test file I'm talking about is not in the public_html folder, it's in "/usr/local/apache/htdocs", and teh directories that are there: phpMyAdmin, roundcube, webftp_simple. So what I did was I made a index.html file that automatically redirects to my main domain. I guess thats all I could do that made sense...
*Create an option for users to be able to change http test page easily, delete it, and name server and host links should not be pointing to a location that contains folders. And it should be easy findable and manageable.
11) Is there a way to create domain pointers? I can't find it. There are no way even to create webmail.mydomain.com and point it to mydomain.com/webmail, as there are no option to point subdomains.
* Add an easy domain/subdomain pointer module. There are loads of good examples.
12) All other domain folders have to be either in a same folder where my MAIN website is, or in a directory that is in a location where my main website is. That just doesn't make any sense. Or maybe I just can't figure out how to make it like that:
user/public_html/
mainserverdomain_com
seconddomain_com
andsoon_com
* I guess this again comes to improper user management system. It's either you have a main domain assigned to root account and on separate folder, or you have all domains managed by root and together nicely in one public_html folder. That would be much neater and easier.
13) Additional user SSH function allows him to browse other directories, doesn't bind him only to his user folder.
* If there is an option to create new users, so there should be an option to disallow new users to see other users files and folders.
14) I don't really remember what it was, but I think the next issue is because of wrong DNS template. Basically it adds user's email as it is to DNS record: user@mydomain.com. This does not work. It has to be user.mydomain.com. Example:
mydomain.com. 86400 IN SOA ns1.mydomain.com. hostmaster.mydomain.com. (
So i had trouble with DNS check tools, because email didn't work properly. I believe all I did was just changed a template to fix this problem.
*There should be proper email read and write into template and DNS, changing the default @ to . in the DNS record.
15) I also had some problem with php.ini, but can't recall what it was...
Please don't take these notices personally. I'm just trying to make a thing, that I like and appreciate, better. And thank You very much for giving me and others the ability to use this amazing control panel!
Cheers!
Nr) - The issue; * - Suggestion;
1) Mail auto-reply does not work. It just does not work. I even did create an account, still did not work.
* Make it work. Fix it.
2) User have to create an email account in order to make alias/forward to work.
* It might be some kind of a rule, but it would be much easier if that would work in background automatically, and users would not have to manually create and delete email account if they need only a alias/forwarder.
3) Root can't create email alias/forwarders. Only created user can. Why? This brings to Nr. 4.
4) Additional user has to be created in order for some functions to work (like creating email alias/forwarders). Now why do I need that extra user at all? Most of the systems that would use a FREE Server Control Panel is a SINGLE user systems, where only server admin deals with configuration and maintenance. Creating another user, especially ONLY to be able to do some things, is just annoying and consumes time (especially when you need to log out of root and log in with other user and then again back to root...).
*The feature to be able to create users is good to have, but it has to work properly, and root HAS to have ability to manage server just by himself (with one, root account).
5) The issue Nr. 4 is the reason for this next issue. While having to create additional user to manage domains, and mailboxes, the system creates problems with ownership and permissions. I already had to fix the permissions at least 3 times, because some software messes up the permissions and then system just shows an error on the webpage... AND even when I fix the permissions, the main created user folder gets root users ownership! So that means that created user CAN'T log in with FTP. So I have to fix it manually via SSH.
* Make a system function well without a need to create additional user. And when additional user is created, the permissions have to be right. You need to look into that. It's important.
6) Name Server records. This one is really annoying. I have worked with quite few CP's, but this one is a tuffy Most of users, just like me, they want to have their own Name Servers running on their server. Why is it so complicated to set them up? And there are no good tutorial how to do that. At least I couldn't find a proper one. I did found one that helped me a little, though, so I managed... The default installation created zone records for entered domain (ns1.domain.com.db, ns2.domain.com.db), thats good, bet then I have to go to all that trouble to create another user to be able to actually ADD that domain to the system to create it's main zone. And when I do that, It still doesn't work. Why? Because there are no records pointing to name server IP's. These records for main domain.com zone:
ns1 14400 IN A IP.IP.IP.111
ns2 14400 IN A IP.IP.IP.112
So I find out HOW to enter those records, I try to do that, and it still doesn't work. At that point I'm confused. I try to edit the zone myself manually, and what I find out, that I can add these records ONLY manually. Edit Records function DOES NOT WORK. And even when I enter them manually I can't enter them under the line (; Add additional settings below this line), because if I do, it wont work. So for me the only way to add these records and make them work was to enter them under the line:
domain.com. IN A IP.IP.IP.110
Have no idea why it doesn't work in other editing methods.
* Create a module that would easily allow users to set if the Server is using it's own name servers or only one name server, or any other option, set name server IP's, add records automatically AND all that would be best done AFTER the adding of main domain for name servers (preferably the same domain used for hostname), not after you create ns1, ns2... It would be just so much easier if there would be such an option to select.
7) Priority for mail records are not added.
domain.com. IN MX 10 domain.com.
*Not sure how important this actually is, but from what I experienced the number 10 is added even if theres only one mail server.
8 ) Speaking about IP's and domains. I still couldn't figure out HOW to change/assign IP to a domain? I believe theres a lot of users that have more than 2 or 3 IP's and would like certain domains be assigned to different IP than the shared one. Is there any way to do that at all? Please tell me.
* Create a module for assigning IP's to domains. Best if it's set up at the point of adding a domain, and all records are created automatically. I think VESTA CP has this feature, that works quite nicely. You should check it out...
9) TTL's (time to live) in the default templates are not by the standards of RFC's. So I had to configure them according to recommended values. It gives warnings on DNS check tools when you are using inappropriate values. Best to keep it right.
* I understand that TTL's are relative and depends on each server/website individually, but all I'm saying is that you need to review those default TTL values and make them at least in borders of universal recommendations. That would save time for users to edit templates or records (hopefully they won't need to delete all domains and add them again).
10) Http test pages. This was also a tricky one. I can't find an option anywhere in CWP to be able to change the test page file. I can't find an option to delete it, or switch it off, neither I can set the pointer either. I have ns1.domain.com, ns2.domain.com, mail.domain.com and so on, in mind. If you enter these to browser, they all will open a http test page, which is quite hard to find But I did found it, after I found a website that told me a location of that file on a server (and that wasn't even CWP website...). So I tried to delete it, but when I do that, then after you open the address in a browser, you can see the directories that are in the same folder. And you can't change permissions, cause that might end up badly. The folders and http test file I'm talking about is not in the public_html folder, it's in "/usr/local/apache/htdocs", and teh directories that are there: phpMyAdmin, roundcube, webftp_simple. So what I did was I made a index.html file that automatically redirects to my main domain. I guess thats all I could do that made sense...
*Create an option for users to be able to change http test page easily, delete it, and name server and host links should not be pointing to a location that contains folders. And it should be easy findable and manageable.
11) Is there a way to create domain pointers? I can't find it. There are no way even to create webmail.mydomain.com and point it to mydomain.com/webmail, as there are no option to point subdomains.
* Add an easy domain/subdomain pointer module. There are loads of good examples.
12) All other domain folders have to be either in a same folder where my MAIN website is, or in a directory that is in a location where my main website is. That just doesn't make any sense. Or maybe I just can't figure out how to make it like that:
user/public_html/
mainserverdomain_com
seconddomain_com
andsoon_com
* I guess this again comes to improper user management system. It's either you have a main domain assigned to root account and on separate folder, or you have all domains managed by root and together nicely in one public_html folder. That would be much neater and easier.
13) Additional user SSH function allows him to browse other directories, doesn't bind him only to his user folder.
* If there is an option to create new users, so there should be an option to disallow new users to see other users files and folders.
14) I don't really remember what it was, but I think the next issue is because of wrong DNS template. Basically it adds user's email as it is to DNS record: user@mydomain.com. This does not work. It has to be user.mydomain.com. Example:
mydomain.com. 86400 IN SOA ns1.mydomain.com. hostmaster.mydomain.com. (
So i had trouble with DNS check tools, because email didn't work properly. I believe all I did was just changed a template to fix this problem.
*There should be proper email read and write into template and DNS, changing the default @ to . in the DNS record.
15) I also had some problem with php.ini, but can't recall what it was...
Please don't take these notices personally. I'm just trying to make a thing, that I like and appreciate, better. And thank You very much for giving me and others the ability to use this amazing control panel!
Cheers!
Pages: [1]