Error Restarting cwpsrv Service for Servername SSL

Hello, I am attempting to install an SSL for my server name using the Tutorial available here: http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt

I am using CentOS 7 with the default apache only configuration.

I am successful through step one and two, and my host name can be reached via HTTPS: https://server3.bentsea.net/

When I perform step 3 to enable HTTPS access via port 2031,  there is no cwp-ssl.conf file. So I have created one with the following code:

Code: [Select]

Listen 2031

<VirtualHost 172.93.54.122:2031>
        ServerName 172.93.54.122
        SSLEngine on
 SSLCertificateFile /etc/letsencrypt/live/server3.bentsea.net/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/server3.bentsea.net/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/server3.bentsea.net/fullchain.pem
 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>

When restarting the cwpsrv, I get the following error:

Code: [Select]

Redirecting to /bin/systemctl restart  cwpsrv.service
Job for cwpsrv.service failed because the control process exited with error code. See "systemctl status cwpsrv.service" and "journalctl -xe" for details.

The ouput for "journalctl -xe" yields the following error:

Code: [Select]

Jan 21 11:31:46 server3 systemd[1]: Starting CentOS Web Panel service (daemon)...
-- Subject: Unit cwpsrv.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit cwpsrv.service has begun starting up.
Jan 21 11:31:46 server3 cwpsrv[30103]: nginx: [emerg] unexpected end of file, expecting ";" or "}" in /usr/local/cwpsrv/conf.d/cwp-ssl.conf:10
Jan 21 11:31:46 server3 cwpsrv[30103]: nginx: configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test failed


I have been unable to locate any alternative cwp-ssl.conf code given that the error appears to be potentially with syntax or alternative directions for configuring correct use of an SSL for service over port 2031 with the letsencrypt issues SSL. Any help resolving this issue or with alternative directions for configuring for use on port 2031 would be greatly appreciated.

I think that CWP itself (or developers) mixed up the conf files a bit. This is not nginx conf, its apaches confg and server is nginx. So nginx cant read conf because it's not for him, its for apache.

Nginx conf file should look like this:

Code: [Select]

server {
        listen   443;
        server_name example.org;

        root /usr/share/nginx/www;
        index index.html index.htm;

        ssl on;
        ssl_certificate /etc/nginx/ssl/example.org/server.crt;
        ssl_certificate_key /etc/nginx/ssl/example.org/server.key;
}

Thank you so much! This successfully allowed me to reach the server without a security warning via port 2031, however, configured with the root of the domain it loads a default apache server page instead of CWP Control Panel, do you happen to know what the document root would need to be to correctly serve the control panel at that port so that I can securely perform admin tasks?

This is cwp public directory: /usr/local/cwpsrv/htdocs/admin

Getting the same error whilst manually creating the file for Step3, any ideas what I should be doing?

Hi there.

Yes, it's true, they mixed up the configuration files a little bit.
 CWPSRV is running on nginx and therefor the configuration for the web panel and hostname is in
/usr/local/cwpsrv/conf/cwpsrv.conf

Follow the steps from the instructions (http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt) until Step 3 and edit the cwpserv.conf so that the server configuration area looks like this:

Code: [Select]

/usr/local/cwpsrv/conf/cwpsrv.conf
should start at line 47

 server {
        listen       2031;
        listen       2087;
        listen       2083;
        server_name  localhost;

        ssl                 on;
        ssl_session_timeout 90m;
       
        ssl_certificate /etc/letsencrypt/live/YOUR-HOSTNAME/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/YOUR-HOSTNAME/privkey.pem;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
dont forget to change the YOUR-HOSTNAME

This solution worked for me.

Maybe anyone from the CWP Dev Team can check if this solution could be integrated in CWP itself.
Or at least if anybody can check if the changes are persistent. Maybe the config file is overwritten when the panel is updateing.

Sincerly.
Sebhoff