Here is the much anticipated tutorial on how to add SSL MANUALLY to any domain on your Sentora server.
Notes:
Make a new folder called 'ssl':
Change to the new ssl folder and create a new text file that will be used to load your individual domain SSL configs:
(We will add content to this file a little later.)
Make another file to hold your domain's SSL information (domain_com.conf in this example):
(Make one file for each domain - makes it easier.)
Open this new file and add your domain's SSL information:
Save and exit.
Next, edit the ssl-vhosts.conf file to include our domain's new SSL vhost config:
(Just add another include for each additional domain)
Save and exit.
NOTE about ssl-vhosts.conf file:
If you are adding your panel login, always include it LAST. Example:
Don't forget to set the proper file and folder permissions for the new folder and it's files! They should be the same as
Open:
Scroll all the way to the end and after:
Add:
So it looks like this:
Restart apache according to your OS.
If all your paths and certificate names are correct you should have both http and https for this domain.
If you have errors, go back and double check your work! (Filenames, certificate names, file paths, etc.)
FORCE HTTPS ONLY:
If you wish to use https only for the domain, add or edit the .htaccess file in the root of the domain's public folder:
.htaccess file content:
Now your domain will redirect to https.
.htaccess file for Sentora panel login: (/etc/sentora/panel/)
CentOS NOTE:
There was an issue with a default install on CentOS where unused (by Sentora) .conf files were being loaded that caused an issue with SSL.
Comment out this line (near the bottom):
Good luck!
Donations for any of my modules or forum help can be sent to HERE Thanks!
Notes:
- This tutorial is for advanced users only. (Use at your own risk!)
- This tutorial is based on the steps taken on an Ubuntu 14.04 server.
- I also used WinSCP for editing and creating files and folders. (Not command line)
- This will show how to do one domain on the zadmin account, but can be edited for multiple domains/sub domains.
- Let's Encrypt certificates are also used. You may need to change the certificate paths to match your setup.
- ALWAYS MAKE BACKUPS OF ORIGINAL FILES BEFORE MAKING CHANGES!
- If you try this using the command line, you are on your own. Hit up Google for help with that...
Code:
/etc/sentora/configs/apache
Code:
/etc/sentora/configs/apache/ssl
Code:
/etc/sentora/configs/apache/ssl/ssl-vhosts.conf
Make another file to hold your domain's SSL information (domain_com.conf in this example):
(Make one file for each domain - makes it easier.)
Code:
/etc/sentora/configs/apache/ssl/domain_com.conf
Code:
<virtualhost *:443>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin webmaster@domain.com
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/domain_com"
ErrorLog "/var/sentora/logs/domains/zadmin/domain.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/domain.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/domain.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/domain_com">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 500 /_errorpages/500.html
DirectoryIndex index.php index.html index.htm index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost>
Save and exit.
Next, edit the ssl-vhosts.conf file to include our domain's new SSL vhost config:
(Just add another include for each additional domain)
Code:
Listen 443
# Main domain SSL
Include /etc/sentora/configs/apache/ssl/domain_com.conf
Save and exit.
NOTE about ssl-vhosts.conf file:
If you are adding your panel login, always include it LAST. Example:
Code:
Listen 443
# domain.com SSL
Include /etc/sentora/configs/apache/ssl/domain_com.conf
# Webmail login SSL
Include /etc/sentora/configs/apache/ssl/webmail_domain_com.conf
# Panel login SSL
Include /etc/sentora/configs/apache/ssl/panel_domain_com.conf
Don't forget to set the proper file and folder permissions for the new folder and it's files! They should be the same as
Code:
/etc/sentora/configs/apache/
Open:
Code:
/etc/sentora/configs/apache/httpd.conf
Scroll all the way to the end and after:
Code:
# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf
Code:
# include SSL vhosts AFTER including the default generic VHOST configuration file
Include /etc/sentora/configs/apache/ssl/ssl-vhosts.conf
Code:
# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf
# include SSL vhosts AFTER including the default generic VHOST configuration file
Include /etc/sentora/configs/apache/ssl/ssl-vhosts.conf
Restart apache according to your OS.
If all your paths and certificate names are correct you should have both http and https for this domain.
If you have errors, go back and double check your work! (Filenames, certificate names, file paths, etc.)
FORCE HTTPS ONLY:
If you wish to use https only for the domain, add or edit the .htaccess file in the root of the domain's public folder:
Code:
/var/sentora/hostdata/zadmin/public_html/domain_com/.htaccess
Code:
RewriteEngine On
# Force SSL - Always first!
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
Now your domain will redirect to https.
.htaccess file for Sentora panel login: (/etc/sentora/panel/)
Code:
RewriteEngine on
# Force SSL - Always first!
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://panel.domain.com/$1 [R,L]
# Standard Sentora ... blah blah blah
CentOS NOTE:
There was an issue with a default install on CentOS where unused (by Sentora) .conf files were being loaded that caused an issue with SSL.
Code:
/etc/httpd/conf/httpd.conf
Comment out this line (near the bottom):
Code:
conf.d/*.conf
Good luck!
Donations for any of my modules or forum help can be sent to HERE Thanks!