Control Web Panel
WebPanel => SSL => Topic started by: glorency on April 18, 2018, 05:40:20 PM
-
Hello Guys,
Today I am going to show you a easy steps to install Letsencrypt SSL Certificate for your Server Hostname/FQDN and I hope that it will be 100% working on your CentOS-Webpanel as mine .
Environment Details:
CentOS-Web Panel version: CWP7.admin
IP: Single (103.56.209.100)
RAM: 4 GB
Type: VPS
[root@server1 ~]# hostname
server1.datahead.biz
[root@server1 ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@server1 ~]# getenforce
Disabled
[root@server1 ~]# systemctl status firewalld
â firewalld.service
Loaded: masked (/dev/null; bad)
Active: inactive (dead)
Must have proper DNS Records/Configuration
My Basic DNS records as follows:
A records with PTR
server1 103.56.209.100
ns1 103.56.209.100
ns2 103.56.209.100
server1.datahead.biz resolves to 103.56.209.100
ns1.datahead.biz resolves to 103.56.209.100
ns2.datahead.biz resolves to 103.56.209.100
After Completing all Basic configuration , Follow the Basic Steps below :
1.Apache Settings >> Letsencrypt Manager >> Install Letsencrypt
2. From Custom Install of Letsencrypt Options , Provide your Basic Information . Example :
Custom Install (can be used for hostname also):
Domain: server1.datahead.biz
Path:/usr/local/apache/htdocs/
UserName: nobody
Email: rubeldonarman@gmail.com [your valid email]
IP: 103.56.209.100
Port: 443
3. Now Click on "Install Custom Certificate"
===================After few Minutes , you will get below information as mine ===============
# vhost_start server1.datahead.biz
<VirtualHost 103.56.209.100:443>
ServerName server1.datahead.biz
ServerAdmin rubeldonarman@gmail.com
DocumentRoot /usr/local/apache/htdocs/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/server1.datahead.biz/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server1.datahead.biz/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<IfModule mod_suexec.c>
SuexecUserGroup nobody nobody
</IfModule>
<IfModule mod_suphp.c>
suPHP_UserGroup nobody nobody
suPHP_ConfigPath /home/nobody
</IfModule>
<Directory "/usr/local/apache/htdocs/">
AllowOverride All
</Directory>
</VirtualHost>
# vhost_end server1.datahead.biz
========================== Copy the above information ========================
4.Go to Apache Settings >> Apache Include Conf >> hostname-ssl.conf
You will see your server self-sign ssl certificate as below (backup it before proceed):
# vhost_start server1.datahead.biz
<VirtualHost 103.56.209.100:443>
ServerName server1.datahead.biz
DocumentRoot /usr/local/apache/htdocs
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/server1.datahead.biz.cert
SSLCertificateKeyFile /etc/pki/tls/private/server1.datahead.biz.key
SSLCertificateChainFile /etc/pki/tls/certs/server1.datahead.biz.bundle
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<IfModule mod_suexec.c>
SuexecUserGroup nobody nobody
</IfModule>
<IfModule mod_suphp.c>
suPHP_UserGroup nobody nobody
</IfModule>
<Directory "/usr/local/apache/htdocs">
AllowOverride All
</Directory>
</VirtualHost>
# vhost_end server1.datahead.biz
5. Delete self-sign ssl configuration and paste here your Letsencrypt Configuration as below :
# vhost_start server1.datahead.biz
<VirtualHost 103.56.209.100:443>
ServerName server1.datahead.biz
ServerAdmin rubeldonarman@gmail.com
DocumentRoot /usr/local/apache/htdocs/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/server1.datahead.biz/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server1.datahead.biz/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<IfModule mod_suexec.c>
SuexecUserGroup nobody nobody
</IfModule>
<IfModule mod_suphp.c>
suPHP_UserGroup nobody nobody
suPHP_ConfigPath /home/nobody
</IfModule>
<Directory "/usr/local/apache/htdocs/">
AllowOverride All
</Directory>
</VirtualHost>
# vhost_end server1.datahead.biz
6. Click on "Save Changes"
7.Restart your Apache server
[root@server1 ~]# systemctl restart httpd
8. Now Edit and Save
[root@server1 ~]# vi /usr/local/cwpsrv/conf/cwpsrv.conf
server {
listen 2031;
listen 2087;
listen 2083;
server_name localhost;
ssl on;
ssl_session_timeout 90m;
ssl_certificate /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/server1.datahead.biz/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
error_page 497 https://$host:2087$request_uri;
9.Restart the services
[root@server1 ~]# systemctl restart httpd
[root@server1 ~]# systemctl restart cwpsrv
10. Finally Check and visit
CWP Admin Panel Link (by hostname)
https://server1.datahead.biz:2031/
https://server1.datahead.biz:2087/
CWP User Panel Link (by hostname)
https://server1.datahead.biz:2083/
if you need any kind of help , please comment
-
this is simple by using change hostname in the left menu of the cwp.admin
save new hostname and you even get new free autossl installed (if you have a valid and working A record set for it)
If you need to change it you can simply edit this files hostname.cert and hostname.key
-
I wonder why it says [NOT IN USE ANYMORE, PLEASE USE SSL Cert Manager and AutoSSL] when visiting the LE Manager but the SSL Cert Manager is also messed up.
-
Install Letsencrypt by the following :
Apache Settings >> Letsencrypt Manager >> Install Letsencrypt
Before Installing Letsencrypt , Please allow 443 port .
Please upload your snapshot regarding the problem .
-
In the new version of CWP it is a bit easier.
You can follow the steps here http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt
Make sure your hostname has a SSL installed at Webserver Settings -> SSL Certificates -> List Installed (not self signed, but Let's Encrypt) and copy the file location for the key and bundle files.
Then go to Webserver Settings -> WebServers Conf Editor -> Apache -> /usr/local/apache/conf.d/ and edit the hostname-ssl.conf by changing the
SSLCertificateFile /etc/pki/tls/certs/hsotname.bundle
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key
to the location you copied before. You need to do this for Nginx as well if you are using it.
Then restart Apache (and Nginx) and verify that it is working
-
In the new version of CWP it is a bit easier.
You can follow the steps here http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt
Make sure your hostname has a SSL installed at Webserver Settings -> SSL Certificates -> List Installed (not self signed, but Let's Encrypt) and copy the file location for the key and bundle files.
Then go to Webserver Settings -> WebServers Conf Editor -> Apache -> /usr/local/apache/conf.d/ and edit the hostname-ssl.conf by changing the
SSLCertificateFile /etc/pki/tls/certs/hsotname.bundle
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key to the location you copied before.
You need to do this for Nginx as well if you are using it.
Then restart Apache (and Nginx) and verify that it is working
How can this work when the hostname doesnt yet have any Letsenrcypt SSL cert but a self signed one? There is no certificate in Webserver Settings>SSL certificates because host.domain.com (ie CWP panel) is not a user in CWP? This only shows certificate for CWP users.