Let's Encrypt: Sentora Login

Process must be done as ROOT user.

Installing git & Let’s Encrypt
Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.

1) Check to make sure mod_ssl is installed:

On Sentora Panel go to Admin -> PHPinfo -> View Full PHP Configuration -> Search for mod_ssl
If missing, install it:
For Ubuntu:
apt-get install mod_ssl
For CentOs:
yum install mod_ssl

2) Check to make sure openssl is installed

(openssl does not mandate the install of mod_ssl in CentOS 6.x)
On Sentora Panel go to Admin -> PHPinfo -> View Full PHP Configuration -> Search for openssl
If missing, install it:
For Ubuntu:
apt-get install openssl
For CentOs:
yum install openssl
     Also edit /etc/httpd/conf.d/ssl.conf and change Listen 443 to #Listen 443
 

3) Install git and Let's Encrypt:

For Ubuntu:
apt-get install git
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help

For CentOs:
yum install git
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help

 

4) Create a Certificate for your domain

You need to turn off apache before creating a certificate or you will get something like

The program httpd (process ID XXXX) is already listening on TCP port 80. This will prevent us from binding to that port. Please stop the httpd program temporarily and then try again.

REMINDER: Replace panel.example.com by your Sentora login URL.

For Ubuntu:
service apache2 stop
./letsencrypt-auto certonly --standalone -d panel.example.com
service apache2 start

For CentOs:
service httpd stop
./letsencrypt-auto certonly --standalone -d panel.example.com
service httpd start

 

5) Change Sentora port:

On Sentora Panel go to Admin -> Sentora Config -> Sentora Apache Port, change to 443 and save.

 

6) Add a Custom Entry to the Sentora Virtual Host

On Sentora Panel go to Admin -> Module Admin -> Apache Config > Global Sentora Entry
Don't forget to replace panel.example.com with your panel's login URL below:

Code:

SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/panel.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/panel.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/panel.example.com/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off

Save Vhost.

 

7) OPTIONAL : install redirection from http to https

Warning : REQUIRE apache >= 2.4
Warning : Don't forget to replace panel.example.com with your panel's login URL
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Global Sentora Entry, add also :

SSLCompression off
</VirtualHost>
# do SSL redirect
Listen 80
# Configuration for Sentora control panel.
<VirtualHost *:80>
DocumentRoot "/etc/sentora/panel/"
ServerName panel.example.com
Redirect / https://panel.example.com

 

8) Wait for daemon update

It will occurs in next 5 minutes.

Or, if you are too much anxious:
a) run it manually (same for Ubuntu and CentOs):
php -q /etc/sentora/panel/bin/daemon.php
b) restart apache:
For Ubuntu:
service apache2 restart
For CentOs:
service httpd restart

Your panel login should now be secured by SSL.
You can test it here: https://www.ssllabs.com/ssltest/

PenWant to help ? Click here to report mistake or to send complement to add.