Author Topic: Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working  (Read 1145 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Hello Guys,

Today I am going to show you a easy steps to install Letsencrypt SSL Certificate for your Server Hostname/FQDN and I hope that it will be 100% working on your CentOS-Webpanel as mine .

Environment Details:

CentOS-Web Panel version: CWP7.admin
IP: Single (103.56.209.100)
RAM: 4 GB
Type: VPS

[root@server1 ~]# hostname
server1.datahead.biz

[root@server1 ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)

[root@server1 ~]# getenforce
Disabled

[root@server1 ~]# systemctl status firewalld
firewalld.service
   Loaded: masked (/dev/null; bad)
   Active: inactive (dead)


Must have proper DNS Records/Configuration 

My Basic DNS records as follows:

A records with PTR

server1                103.56.209.100
ns1                      103.56.209.100
ns2                      103.56.209.100

server1.datahead.biz resolves to 103.56.209.100
ns1.datahead.biz resolves to 103.56.209.100
ns2.datahead.biz resolves to 103.56.209.100


After Completing all Basic configuration , Follow the Basic Steps below :


1.Apache Settings >> Letsencrypt Manager >> Install Letsencrypt


2. From Custom Install of Letsencrypt Options , Provide your Basic Information . Example :
Custom Install (can be used for hostname also):
Domain: server1.datahead.biz
Path:/usr/local/apache/htdocs/
UserName: nobody
Email: rubeldonarman@gmail.com [your valid email]
IP: 103.56.209.100
Port: 443

3. Now Click on "Install Custom Certificate"

===================After few Minutes  , you will get below information as mine ===============

# vhost_start server1.datahead.biz
<VirtualHost 103.56.209.100:443>
 ServerName server1.datahead.biz
 ServerAdmin rubeldonarman@gmail.com
 DocumentRoot /usr/local/apache/htdocs/

 SSLEngine on
 SSLCertificateFile /etc/letsencrypt/live/server1.datahead.biz/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/server1.datahead.biz/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem
 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

<IfModule mod_suexec.c>
    SuexecUserGroup nobody nobody
</IfModule>

<IfModule mod_suphp.c>
    suPHP_UserGroup nobody nobody
    suPHP_ConfigPath /home/nobody
</IfModule>

<Directory "/usr/local/apache/htdocs/">
    AllowOverride All
</Directory>
</VirtualHost>
# vhost_end server1.datahead.biz
 
========================== Copy the above information ========================

4.Go to Apache Settings >> Apache Include Conf >> hostname-ssl.conf

You will see your server self-sign ssl certificate as below  (backup it before proceed):

# vhost_start server1.datahead.biz
<VirtualHost 103.56.209.100:443>
 ServerName server1.datahead.biz
 DocumentRoot /usr/local/apache/htdocs
 SSLEngine on
 SSLCertificateFile /etc/pki/tls/certs/server1.datahead.biz.cert
 SSLCertificateKeyFile /etc/pki/tls/private/server1.datahead.biz.key
 SSLCertificateChainFile /etc/pki/tls/certs/server1.datahead.biz.bundle
 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<IfModule mod_suexec.c>
    SuexecUserGroup nobody nobody
</IfModule>

<IfModule mod_suphp.c>
    suPHP_UserGroup nobody nobody
</IfModule>

<Directory "/usr/local/apache/htdocs">
    AllowOverride All
</Directory>
</VirtualHost>
# vhost_end server1.datahead.biz

5. Delete self-sign ssl configuration and paste here your Letsencrypt Configuration as below :
 
# vhost_start server1.datahead.biz
<VirtualHost 103.56.209.100:443>
 ServerName server1.datahead.biz
 ServerAdmin rubeldonarman@gmail.com
 DocumentRoot /usr/local/apache/htdocs/

 SSLEngine on
 SSLCertificateFile /etc/letsencrypt/live/server1.datahead.biz/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/server1.datahead.biz/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem
 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

<IfModule mod_suexec.c>
    SuexecUserGroup nobody nobody
</IfModule>

<IfModule mod_suphp.c>
    suPHP_UserGroup nobody nobody
    suPHP_ConfigPath /home/nobody
</IfModule>

<Directory "/usr/local/apache/htdocs/">
    AllowOverride All
</Directory>
</VirtualHost>
# vhost_end server1.datahead.biz


6. Click on "Save Changes"
7.Restart your Apache server
[root@server1 ~]# systemctl restart httpd

8. Now Edit and Save

[root@server1 ~]# vi /usr/local/cwpsrv/conf/cwpsrv.conf

server {
        listen       2031;
        listen       2087;
        listen       2083;
        server_name  localhost;

        ssl                 on;
        ssl_session_timeout 90m;
        ssl_certificate     /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/server1.datahead.biz/privkey.pem;

        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
        error_page 497  https://$host:2087$request_uri;


9.Restart the services
[root@server1 ~]# systemctl restart httpd
[root@server1 ~]# systemctl restart cwpsrv



10. Finally Check and visit
CWP Admin Panel Link (by hostname)
https://server1.datahead.biz:2031/
https://server1.datahead.biz:2087/

CWP User Panel Link (by hostname)
https://server1.datahead.biz:2083/

if you need any kind of help , please comment





Offline
*
this is simple by using change hostname in the left menu of the cwp.admin

save new hostname and you even get new free autossl installed (if you have a valid and working A record set for it)
If you need to change it you can simply edit this files hostname.cert and hostname.key
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
I wonder why it says [NOT IN USE ANYMORE, PLEASE USE SSL Cert Manager and AutoSSL] when visiting the LE Manager but the SSL Cert Manager is also messed up.

Offline
*
Install Letsencrypt by the following :

Apache Settings >> Letsencrypt Manager >> Install Letsencrypt


Before Installing Letsencrypt  , Please allow 443 port .

Please upload your snapshot regarding the problem .