Control Web Panel
WebPanel => SSL => Topic started by: Guineapig on August 02, 2017, 04:04:19 PM
-
Operating System : CentOS 7.3
CWP version: 0.9.8.346
I followed the tutorial http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt
but it doesn't secure the 2031 port
The hostname domain got secured but it doesn't automatically secure the 2031 port and then redirect the 2030 port to 2031
How can I automatically secure my hostname:2031 port with the auto ssl feature automatically?
Also how can I redirect the port 2030 to 2031
-
I was able to secure the Panel with /usr/local/cwpsrv/conf/cwpsrv.conf
and then replacing the contents of
ssl_certificate /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
With the SSL , CA and Key
But how do I redirect from port 2030 too port 2031 and to https
Thank you
-
But how do I redirect from port 2030 too port 2031 and to https
You would need to add nginx redirect rules in file /usr/local/cwpsrv/conf/cwpsrv.conf
google that, it should be simple.
-
I was able to secure the Panel with /usr/local/cwpsrv/conf/cwpsrv.conf
and then replacing the contents of
ssl_certificate /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
With the SSL , CA and Key
But how do I redirect from port 2030 too port 2031 and to https
Thank you
I already Try It But it doesn't secure the 2031 port...
Anyone Help ME?
-
If you have a domain.com which is assigned to your IP(DNS: A Record) you can use:
For CentOS 6:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-6)/ (http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-6)/)
For CentOS 7:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-7)/ (http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-7)/)
Create SSL Certificate and Key with one of this manuals and replace in /usr/local/cwpsrv/conf/cwpsrv.conf:
ssl_certificate /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
with this:
ssl_certificate /etc/letsencrypt/live/YOUR-DOMAIN.COM/fullchain.pem;;
ssl_certificate_key /etc/letsencrypt/live/YOUR-DOMAIN.COM/privkey.pem;
Once done, don`t forget to restart cwpsrv with:
service cwpsrv restart
You are done. Now navigate to https://YOUR-DOMAIN.COM:2031 and you are supposed to have a GREEN bar and secured site.
Something like this:
(https://i.imgur.com/guZF147.png)
Have fun. Hope it helps.
-
Can I use any of my domains or does it have to be an unused domain?
-
I was able to secure the Panel with /usr/local/cwpsrv/conf/cwpsrv.conf
and then replacing the contents of
ssl_certificate /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
With the SSL , CA and Key
But how do I redirect from port 2030 too port 2031 and to https
Thank you
Hi there,
server {
listen 2030;
listen 2086;
server_name localhost;
#add this line
return 301 https://$host:2031$request_uri;
in /usr/local/cwpsrv/conf/cwpsrv.conf file and reboot nginx
-
Why not having adding the option to utilize (point to) the user certificate in the CWP Settings. And perhaps the option to redirect the ports accordingly? Perhaps a feature suggestion
-
So the panel for the admin(root) gets secured on the 2031/2087 ports with the root certificate but the user panel on port 2083 falls back to CWP certificate... not good. The certificate should be applicable globally to all users/ports on the CWpanel. How to sort this?
-
It be rather logic that once an own certificate is deployed on a domain that the certificate also automatically applies to all users/ports since CWP is part of the domain.
-
related to switching the certificates or an unrelated bug?
/admin/index.php?module=php_info
Warning: file_get_contents(): Peer certificate CN=`www.foo.bar' did not match expected CN=`x.x.x.x.x' in /usr/local/cwpsrv/htdocs/resources/admin/modules/php_info.php on line 0
Warning: file_get_contents(): Failed to enable crypto in /usr/local/cwpsrv/htdocs/resources/admin/modules/php_info.php on line 0
Warning: file_get_contents(http://x.x.x.x.x/phpinfo.php): failed to open stream: operation failed in /usr/local/cwpsrv/htdocs/resources/admin/modules/php_info.php on line 0
-
Hello i got the same probleme with some port.
openssl s_client -connect hostname:2031 -servername hostname
I got notice
-
If you have a domain.com which is assigned to your IP(DNS: A Record) you can use:
For CentOS 6:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-6)/ (http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-6)/)
For CentOS 7:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-7)/ (http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-7)/)
Create SSL Certificate and Key with one of this manuals and replace in /usr/local/cwpsrv/conf/cwpsrv.conf:
ssl_certificate /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
with this:
ssl_certificate /etc/letsencrypt/live/YOUR-DOMAIN.COM/fullchain.pem;;
ssl_certificate_key /etc/letsencrypt/live/YOUR-DOMAIN.COM/privkey.pem;
Once done, don`t forget to restart cwpsrv with:
service cwpsrv restart
You are done. Now navigate to https://YOUR-DOMAIN.COM:2031 and you are supposed to have a GREEN bar and secured site.
Something like this:
(https://i.imgur.com/guZF147.png)
Have fun. Hope it helps.
This solved the problem, thanks.
-
What worked for me. My hostname is server.yourdomain.com.my
Create a subdomain - server.yourdomain.com.my
Make Sure sub-domain points to correct IP.
Get AutoSSL for this subdomain using CWP panel. Now go to the command prompt.
[root@server]# cd /etc/pki/tls/certs/
[root@server certs]# ll
-rw-r--r-- 1 root root 3596 Nov 17 04:51 server.yourdomain.com.my.bundle
-rw-r--r-- 1 root root 1948 Nov 17 04:51 server.yourdomain.com.my.cert
lrwxrwxrwx. 1 root root 31 Nov 15 15:15 server.yourdomain.com.my.crt -> /etc/pki/tls/certs/hostname.crt
[root@server certs]#rm server.yourdomain.com.my.crt
[root@server certs]#ln -s server.yourdomain.com.my.cert /etc/pki/tls/certs/hostname.crt
[root@server certs]# ls -l
total 72
-rw-r--r-- 1 root root 3620 Nov 16 15:40 dwishaventures.com.my.bundle
-rw-r--r-- 1 root root 1972 Nov 16 15:40 dwishaventures.com.my.cert
-rw-r--r--. 1 root root 1395 Nov 15 15:15 hostname.bundle
lrwxrwxrwx 1 root root 33 Nov 17 04:59 hostname.crt -> server.yourdomain.com.my.cert
-rw-r--r-- 1 root root 3596 Nov 17 04:51 server.yourdomain.com.my.bundle
-rw-r--r-- 1 root root 1948 Nov 17 04:51 server.yourdomain.com.my.cert
[root@server certs]#
-
What worked for me. My hostname is server.yourdomain.com.my
Create a subdomain - server.yourdomain.com.my
Make Sure sub-domain points to correct IP.
Get AutoSSL for this subdomain using CWP panel. Now go to the command prompt.
[root@server]# cd /etc/pki/tls/certs/
[root@server certs]# ll
-rw-r--r-- 1 root root 3596 Nov 17 04:51 server.yourdomain.com.my.bundle
-rw-r--r-- 1 root root 1948 Nov 17 04:51 server.yourdomain.com.my.cert
lrwxrwxrwx. 1 root root 31 Nov 15 15:15 server.yourdomain.com.my.crt -> /etc/pki/tls/certs/hostname.crt
[root@server certs]#rm server.yourdomain.com.my.crt
[root@server certs]#ln -s server.yourdomain.com.my.cert /etc/pki/tls/certs/hostname.crt
[root@server certs]# ls -l
total 72
-rw-r--r-- 1 root root 3620 Nov 16 15:40 dwishaventures.com.my.bundle
-rw-r--r-- 1 root root 1972 Nov 16 15:40 dwishaventures.com.my.cert
-rw-r--r--. 1 root root 1395 Nov 15 15:15 hostname.bundle
lrwxrwxrwx 1 root root 33 Nov 17 04:59 hostname.crt -> server.yourdomain.com.my.cert
-rw-r--r-- 1 root root 3596 Nov 17 04:51 server.yourdomain.com.my.bundle
-rw-r--r-- 1 root root 1948 Nov 17 04:51 server.yourdomain.com.my.cert
[root@server certs]#
I notice an issue with this
vi /etc/dovecot/dovecot.conf - update the cert file path there.