Tag

install free SSL on Centos

Browsing

To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a Free CA supported by large company like Google, Facebook. Current Sentora panel doesn’t support install SSL of Let’s Encrypt such as Cpanel. For installing SSL Let’s Encrypt on Sentora you will need to install SSL with the command line. In this tutorial I’ll use CentOS 7 to setup SSL Let’s Encrypt on Sentora. Now Let’s go:

1. Install Open SSL for Centos 7/ Ubuntu

yum install –y openssl
apt-get install -y openssl (Ubuntu)

2. Install SSL Let’s Encrypt

yum install –y git (for Ubuntu: apt-get install -y git)
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt–auto —help

3. Get SSL Let’s Encrypt for your domain

 service httpd stop
./letsencrypt–auto certonly  --standalone -d yourdomain.com
service httpd start

To get SSL Let’s Encrypt for your domain you need to stop webserver (Apache Server), after get SSL successfully you can start it again.

4. Config SSL Let’s Encrypt for your webserver recognize SSL

cd /etc/httpd/conf.d/
nano yourdomain.com-vhost.conf

For unbtu: cd /etc/apache2/sites-available

We’ll need to create a virutal host config file with format file name like this: yourdomainname.com-vhost.conf. Below is a sample file, you will need to replace learncode24h.com by your domain name and Document Root by path to your source website folder. And don’t forget change path log file by your path log file.

<virtualhost *:80>
   ServerName learncode24h.com
   ServerAlias www.learncode24h.com
   ServerAdmin admin@learncode24h.com
   RewriteEngine on
   ReWriteCond %{SERVER_PORT} !^443$
   RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</virtualhost>

<virtualhost *:443>
        ServerName learncode24h.com
        ServerAlias www.learncode24h.com
        ServerAdmin lducquyen@gmail.com
        DocumentRoot "path/to/source/code"
        php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid,$
        ErrorLog "/var/sentora/logs/domains/admin/learncode24h.com-error.log"
        CustomLog "/var/sentora/logs/domains/admin/learncode24h.com-access.log" combined
        CustomLog "/var/sentora/logs/domains/admin/learncode24h.com-bandwidth.log" common
        <Directory "/var/sentora/hostdata/admin/public_html/learncode24h_com">
          Options +FollowSymLinks -Indexes
          AllowOverride All
          Require all granted
        </Directory>
        AddType application/x-httpd-php .php3 .php
        DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm

        SSLEngine on
        SSLProtocol ALL -SSLv2 -SSLv3
        SSLHonorCipherOrder On
        SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        SSLCertificateFile /etc/letsencrypt/live/learncode24h.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/learncode24h.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/learncode24h.com/chain.pem
        Header always set Strict-Transport-Security "max-age=63072000;"
        SSLCompression off
</virtualhost>

5. Auto renew SSL Let’s Encrypt

SSL Let’s Encrypt will be expired after 90 days, so you must renew it per 90-days. To save your time and avoid SSL error on your website caused expired SSL, you should renew SSL Let’s Encrypt automatically by using crontab of CentOS

30 2 * * 1 service httpd stop
31 2 * * 1 /root/letsencrypt/letsencrypt–auto renew
35 2 * * 1 service httpd restart

Typing ESC then type wq! –>Enter

6. Check if the SSL Let’s Encrypt has been installed successfully?

Go to https://www.ssllabs.com/ssltest/ and submit your website domain to get result.