To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a Free CA supported by large company like Google, Facebook. Current Sentora panel doesn’t support install SSL of Let’s Encrypt such as Cpanel. For installing SSL Let’s Encrypt on Sentora you will need to install SSL with the command line. In this tutorial I’ll use CentOS 7 to setup SSL Let’s Encrypt on Sentora. Now Let’s go:
1. Install Open SSL for Centos 7/ Ubuntu
yum install –y openssl
apt-get install -y openssl (Ubuntu)
2. Install SSL Let’s Encrypt
yum install –y git (for Ubuntu: apt-get install -y git)
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt–auto —help
3. Get SSL Let’s Encrypt for your domain
service httpd stop
./letsencrypt–auto certonly --standalone -d yourdomain.com
service httpd start
To get SSL Let’s Encrypt for your domain you need to stop webserver (Apache Server), after get SSL successfully you can start it again.
4. Config SSL Let’s Encrypt for your webserver recognize SSL
cd /etc/httpd/conf.d/
nano yourdomain.com-vhost.conf
For unbtu: cd /etc/apache2/sites-available
We’ll need to create a virutal host config file with format file name like this: yourdomainname.com-vhost.conf. Below is a sample file, you will need to replace learncode24h.com by your domain name and Document Root by path to your source website folder. And don’t forget change path log file by your path log file.
<virtualhost *:80>
ServerName learncode24h.com
ServerAlias www.learncode24h.com
ServerAdmin admin@learncode24h.com
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</virtualhost>
<virtualhost *:443>
ServerName learncode24h.com
ServerAlias www.learncode24h.com
ServerAdmin lducquyen@gmail.com
DocumentRoot "path/to/source/code"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid,$
ErrorLog "/var/sentora/logs/domains/admin/learncode24h.com-error.log"
CustomLog "/var/sentora/logs/domains/admin/learncode24h.com-access.log" combined
CustomLog "/var/sentora/logs/domains/admin/learncode24h.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/admin/public_html/learncode24h_com">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/learncode24h.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/learncode24h.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/learncode24h.com/chain.pem
Header always set Strict-Transport-Security "max-age=63072000;"
SSLCompression off
</virtualhost>
5. Auto renew SSL Let’s Encrypt
SSL Let’s Encrypt will be expired after 90 days, so you must renew it per 90-days. To save your time and avoid SSL error on your website caused expired SSL, you should renew SSL Let’s Encrypt automatically by using crontab of CentOS
30 2 * * 1 service httpd stop
31 2 * * 1 /root/letsencrypt/letsencrypt–auto renew
35 2 * * 1 service httpd restart
Typing ESC then type wq! –>Enter
6. Check if the SSL Let’s Encrypt has been installed successfully?
Go to https://www.ssllabs.com/ssltest/ and submit your website domain to get result.
