Control Web Panel
WebPanel => SSL => Topic started by: darkness on October 08, 2017, 11:30:15 AM
-
Ok. Let`s make our life more easy with GREEN status bar in most web browsers for FREE with Certbot from https://www.eff.org (https://www.eff.org)
First of all let`s get Certbot for CentOS 6 in root directory.
Change current directory to /root:
cd /root
Download Certbot from the official website:
wget https://dl.eff.org/certbot-auto
Now let`s make the file executable:
chmod a+x certbot-auto
Now let`s create our first SSL Certificate:
./certbot-auto certonly --email youremail@server.com --agree-tos --renew-by-default -d your-domain.com
youremail@server.com -> replace by real email
your-domain.com -> replace with your domain
you can create your-domain.com, www.your-domain.com, mail.your-domain.com, ftp.your-domain.com, whatever.your-domain.com certificate BUT ...
DOMAIN OR SUBDOMAIN MUST BE POINTED TO A RECORD IN DNS SERVER!!! SUBDOMAINS POINTED TO CNAME RECORD WILL RETURN ERROR AND THE SSL CERTIFICATE WILL NOT BE CREATED!!!
Once your SSL Certificate is created with the key, they will be placed as it follows:
SSL Certificate:
/etc/letsencrypt/live/your-domain.com/fullchain.pem
SSL Key:
/etc/letsencrypt/live/your-domain.com/privkey.pem
Now let`s check your SSL Certificate:
https://www.ssllabs.com/ssltest/analyze.html?d=your-site.com&latest
Let`s try the renew:
./certbot-auto renew
If you get something like this:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/your-domain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
The following certs are not due for renewal yet:
/etc/letsencrypt/live/your-domain.com/fullchain.pem (skipped)
No renewals were attempted.
Than you are ok.
Let`s add Certbot renew to crontab:
crontab -e
Let`s set it to try the renew twice a day:
0 0,12 * * * /root/certbot-auto renew >> /var/log/le-renew.log
Close and save the crontab. You are done. Have fun with your new SSL Certificate and GREEN bar in your browser for FREE.
-
Thanks for sharing this tutorial. :)
-
Note: If you are using Python 2.6.x, every time when you execute certbot-auto you will see a warning that Python 2.6 is outdated or going to it`s end of life and in the next version of certbot-auto it will be not supported. Or blah blah blah blah. Don`t worry. It`s just a warning, not an error. It`s going to show you /path/to/file/__init__.py:26 Warning: ..... If you want you can open this file and comment the last lines where is the warning. The whole function for warning.warn(as I remember) and you will not see this warning again. Or if you want you can Google how to update Python from 2.6.x to 2.7.x or 3.6.x on CentOS 6. A little bit long and annoying process but if it`s gonna make you feel safe - do it. Have fun.
-
Hello I've followed your isntruction and I get the message:
Creating virtual environment...
./certbot-auto: line 864: virtualenv: command not found
[root@vps ~]# pip install -U virtualenv
-bash: pip: command not found
What can I do ?
Thanks
-
Try to run "./certbot-auto" only for the first time to download and install needed files. If not working please contact me.
-
Try to run "./certbot-auto" only for the first time to download and install needed files. If not working please contact me.
Thanks for reply. I've run certbo-auto but I receive the message
"Certbot doesn't know how to automatically configure the web server on this system."
In debug log /var/log/letsencrypt/letsencrypt.log I see this :
2017-10-19 08:22:39,453:DEBUG:certbot.main:certbot version: 0.19.0
2017-10-19 08:22:39,453:DEBUG:certbot.main:Arguments: []
2017-10-19 08:22:39,453:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEnt$
2017-10-19 08:22:39,475:DEBUG:certbot.log:Root logging level set at 20
2017-10-19 08:22:39,476:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-10-19 08:22:39,477:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2017-10-19 08:22:39,598:DEBUG:certbot_apache.configurator:Apache version is 2.4.28
2017-10-19 08:22:39,646:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache): Could not find configuration root
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/plugins/disco.py", line 130, in prepare
self._initialized.prepare()
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/configurator.py", line 201, in prepare
self.version, configurator=self)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/parser.py", line 55, in __init__
self.loc = {"root": self._find_config_root()}
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/parser.py", line 702, in _find_config_root
raise errors.NoInstallationError("Could not find configuration root")
NoInstallationError: Could not find configuration root
2017-10-19 08:22:39,660:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#nginx):
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/plugins/disco.py", line 130, in prepare
self._initialized.prepare()
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx/configurator.py", line 150, in prepare
raise errors.NoInstallationError
NoInstallationError
2017-10-19 08:22:39,661:DEBUG:certbot.plugins.selection:No candidate plugin
2017-10-19 08:22:39,661:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
As deafult web server I've Apache + Varnish cache
What can I do ?
-
Run:
./certbot-auto certonly
With CWP I`m not sure why but Certbot can`t find apache/apachectl to include the SSL certificates automaticly. You have to put them manual.
-
Thanks I've figure out ...
The problem now is SNI support, because I've 3 domains on 1 ip address.
How can I enable SNI on my CWP ?
Thanks
-
I have 27 domains on 1 IP, so don`t worry. Different users and different domains points on different vhosts. You can create SSL Certificates for all your domains without a problem using Certbot. Have fun.
-
Ah Ok !
Last question:
I'd like use email pop on port 995 and smtp on 465 . Can you help me or suggest me some resource/tips to achieve that ? ;D
Thanks
-
Since my postfix got broken by it self without touching the server for more than 20 days I started to use Zoho Mail (https://mail.zoho.com). It`s something like what Google was offering, but now Google Mail hosting is payed. In Zoho you get 25 free email accouts and you get +5 free accouts for every new customer you invite. Ex: You register domain1.com in Zoho and you get 25 free email accounts, from one of this 25 accounts you invite somebody@gmail.com and he(you) register domain2.com in Zoho and you get +5 free accounts (30). Not that hard to make 500+ accounts when you have unlimited registrations of free domains. :D