Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working

Hello Guys,

Today I am going to show you a easy steps to install Letsencrypt SSL Certificate for your Server Hostname/FQDN and I hope that it will be 100% working on your CentOS-Webpanel as mine .

Environment Details:

CentOS-Web Panel version: CWP7.admin
IP: Single (103.56.209.100)
RAM: 4 GB
Type: VPS

[root@server1 ~]# hostname
server1.datahead.biz

[root@server1 ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)

[root@server1 ~]# getenforce
Disabled

[root@server1 ~]# systemctl status firewalld
â firewalld.service
   Loaded: masked (/dev/null; bad)
   Active: inactive (dead)


Must have proper DNS Records/Configuration 

My Basic DNS records as follows:

A records with PTR

server1                103.56.209.100
ns1                      103.56.209.100
ns2                      103.56.209.100

server1.datahead.biz resolves to 103.56.209.100
ns1.datahead.biz resolves to 103.56.209.100
ns2.datahead.biz resolves to 103.56.209.100


After Completing all Basic configuration , Follow the Basic Steps below :


1.Apache Settings >> Letsencrypt Manager >> Install Letsencrypt

2. From Custom Install of Letsencrypt Options , Provide your Basic Information . Example :
Custom Install (can be used for hostname also):
Domain: server1.datahead.biz
Path:/usr/local/apache/htdocs/
UserName: nobody
Email: rubeldonarman@gmail.com [your valid email]
IP: 103.56.209.100
Port: 443

3. Now Click on "Install Custom Certificate"

===================After few Minutes  , you will get below information as mine ===============

# vhost_start server1.datahead.biz
<VirtualHost 103.56.209.100:443>
 ServerName server1.datahead.biz
 ServerAdmin rubeldonarman@gmail.com
 DocumentRoot /usr/local/apache/htdocs/

 SSLEngine on
 SSLCertificateFile /etc/letsencrypt/live/server1.datahead.biz/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/server1.datahead.biz/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem
 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

<IfModule mod_suexec.c>
    SuexecUserGroup nobody nobody
</IfModule>

<IfModule mod_suphp.c>
    suPHP_UserGroup nobody nobody
    suPHP_ConfigPath /home/nobody
</IfModule>

<Directory "/usr/local/apache/htdocs/">
    AllowOverride All
</Directory>
</VirtualHost>
# vhost_end server1.datahead.biz
 
========================== Copy the above information ========================

4.Go to Apache Settings >> Apache Include Conf >> hostname-ssl.conf

You will see your server self-sign ssl certificate as below  (backup it before proceed):

# vhost_start server1.datahead.biz
<VirtualHost 103.56.209.100:443>
 ServerName server1.datahead.biz
 DocumentRoot /usr/local/apache/htdocs
 SSLEngine on
 SSLCertificateFile /etc/pki/tls/certs/server1.datahead.biz.cert
 SSLCertificateKeyFile /etc/pki/tls/private/server1.datahead.biz.key
 SSLCertificateChainFile /etc/pki/tls/certs/server1.datahead.biz.bundle
 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<IfModule mod_suexec.c>
    SuexecUserGroup nobody nobody
</IfModule>

<IfModule mod_suphp.c>
    suPHP_UserGroup nobody nobody
</IfModule>

<Directory "/usr/local/apache/htdocs">
    AllowOverride All
</Directory>
</VirtualHost>
# vhost_end server1.datahead.biz

5. Delete self-sign ssl configuration and paste here your Letsencrypt Configuration as below :
 
# vhost_start server1.datahead.biz
<VirtualHost 103.56.209.100:443>
 ServerName server1.datahead.biz
 ServerAdmin rubeldonarman@gmail.com
 DocumentRoot /usr/local/apache/htdocs/

 SSLEngine on
 SSLCertificateFile /etc/letsencrypt/live/server1.datahead.biz/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/server1.datahead.biz/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem
 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

<IfModule mod_suexec.c>
    SuexecUserGroup nobody nobody
</IfModule>

<IfModule mod_suphp.c>
    suPHP_UserGroup nobody nobody
    suPHP_ConfigPath /home/nobody
</IfModule>

<Directory "/usr/local/apache/htdocs/">
    AllowOverride All
</Directory>
</VirtualHost>
# vhost_end server1.datahead.biz


6. Click on "Save Changes"
7.Restart your Apache server
[root@server1 ~]# systemctl restart httpd

8. Now Edit and Save

[root@server1 ~]# vi /usr/local/cwpsrv/conf/cwpsrv.conf

server {
        listen       2031;
        listen       2087;
        listen       2083;
        server_name  localhost;

        ssl                 on;
        ssl_session_timeout 90m;
        ssl_certificate     /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/server1.datahead.biz/privkey.pem;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
        error_page 497  https://$host:2087$request_uri;


9.Restart the services
[root@server1 ~]# systemctl restart httpd
[root@server1 ~]# systemctl restart cwpsrv



10. Finally Check and visit
CWP Admin Panel Link (by hostname)
https://server1.datahead.biz:2031/
https://server1.datahead.biz:2087/

CWP User Panel Link (by hostname)
https://server1.datahead.biz:2083/

if you need any kind of help , please comment

this is simple by using change hostname in the left menu of the cwp.admin

save new hostname and you even get new free autossl installed (if you have a valid and working A record set for it)
If you need to change it you can simply edit this files hostname.cert and hostname.key

I wonder why it says [NOT IN USE ANYMORE, PLEASE USE SSL Cert Manager and AutoSSL] when visiting the LE Manager but the SSL Cert Manager is also messed up.

Install Letsencrypt by the following :

Apache Settings >> Letsencrypt Manager >> Install Letsencrypt


Before Installing Letsencrypt  , Please allow 443 port .

Please upload your snapshot regarding the problem .

In the new version of CWP it is a bit easier.
You can follow the steps here http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt

Make sure your hostname has a SSL installed at Webserver Settings -> SSL Certificates -> List Installed (not self signed, but Let's Encrypt) and copy the file location for the key and bundle files.

Then go to Webserver Settings -> WebServers Conf Editor -> Apache -> /usr/local/apache/conf.d/ and edit the hostname-ssl.conf by changing the
SSLCertificateFile /etc/pki/tls/certs/hsotname.bundle
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key
to the location you copied before. You need to do this for Nginx as well if you are using it.
Then restart Apache (and Nginx) and verify that it is working

In the new version of CWP it is a bit easier.
You can follow the steps here http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt

Make sure your hostname has a SSL installed at Webserver Settings -> SSL Certificates -> List Installed (not self signed, but Let's Encrypt) and copy the file location for the key and bundle files.

Then go to Webserver Settings -> WebServers Conf Editor -> Apache -> /usr/local/apache/conf.d/ and edit the hostname-ssl.conf by changing the
SSLCertificateFile /etc/pki/tls/certs/hsotname.bundle
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key to the location you copied before.

You need to do this for Nginx as well if you are using it.
Then restart Apache (and Nginx) and verify that it is working

How can this work when the hostname doesnt yet have any Letsenrcypt SSL cert but a self signed one? There is no certificate in Webserver Settings>SSL certificates because host.domain.com (ie CWP panel) is not a user in CWP? This only shows certificate for CWP users.