To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a Free CA supported by large company like Google, Facebook. Current Sentora panel doesn’t support install SSL of Let’s Encrypt such as Cpanel. For installing SSL Let’s Encrypt on Sentora you will need to install SSL with the command line. In this tutorial I’ll use CentOS 7 to setup SSL Let’s Encrypt on Sentora. Now Let’s go:
1. Install Open SSL for Centos 7/ Ubuntu
1 2 | yum install –y opensslapt-get install -y openssl (Ubuntu) |
2. Install SSL Let’s Encrypt
1 2 3 4 | yum install –y git (for Ubuntu: apt-get install -y git)git clone https://github.com/letsencrypt/letsencryptcd letsencrypt./letsencrypt–auto —help |
3. Get SSL Let’s Encrypt for your domain
1 2 3 | service httpd stop./letsencrypt–auto certonly --standalone -d yourdomain.comservice httpd start |
To get SSL Let’s Encrypt for your domain you need to stop webserver (Apache Server), after get SSL successfully you can start it again.
4. Config SSL Let’s Encrypt for your webserver recognize SSL
1 2 3 4 | cd /etc/httpd/conf.d/nano yourdomain.com-vhost.confFor unbtu: cd /etc/apache2/sites-available |
We’ll need to create a virutal host config file with format file name like this: yourdomainname.com-vhost.conf. Below is a sample file, you will need to replace learncode24h.com by your domain name and Document Root by path to your source website folder. And don’t forget change path log file by your path log file.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | <virtualhost *:80> ServerName learncode24h.com ServerAlias www.learncode24h.com ServerAdmin admin@learncode24h.com RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]</virtualhost><virtualhost *:443> ServerName learncode24h.com ServerAlias www.learncode24h.com ServerAdmin lducquyen@gmail.com DocumentRoot "path/to/source/code" php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid,$ ErrorLog "/var/sentora/logs/domains/admin/learncode24h.com-error.log" CustomLog "/var/sentora/logs/domains/admin/learncode24h.com-access.log" combined CustomLog "/var/sentora/logs/domains/admin/learncode24h.com-bandwidth.log" common <Directory "/var/sentora/hostdata/admin/public_html/learncode24h_com"> Options +FollowSymLinks -Indexes AllowOverride All Require all granted </Directory> AddType application/x-httpd-php .php3 .php DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS SSLCertificateFile /etc/letsencrypt/live/learncode24h.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/learncode24h.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/learncode24h.com/chain.pem Header always set Strict-Transport-Security "max-age=63072000;" SSLCompression off</virtualhost> |
5. Auto renew SSL Let’s Encrypt
SSL Let’s Encrypt will be expired after 90 days, so you must renew it per 90-days. To save your time and avoid SSL error on your website caused expired SSL, you should renew SSL Let’s Encrypt automatically by using crontab of CentOS
1 2 3 | 30 2 * * 1 service httpd stop31 2 * * 1 /root/letsencrypt/letsencrypt–auto renew35 2 * * 1 service httpd restart |
Typing ESC then type wq! –>Enter
6. Check if the SSL Let’s Encrypt has been installed successfully?
Go to https://www.ssllabs.com/ssltest/ and submit your website domain to get result.
