These instructions work for Zpanel on Centos 6.
Requires replacing the contents of ssl.conf.
The contents of the example file were from an old openssl tutorial I found and modified it to fit.
I am not, but there are many experts here they may like to help with the fine tuning of the ssl.conf file.
Zpanel has been renamed to Sentora.
(So change the words to fit your panel and your domain/s)
-
READ the entire contents of this post before you start.
You will need to know how to restart apache eg service httpd restart -
Find the username for yourdomain/s.com
cd /var/zpanel/hostdata
the path format is
/var/zpanel/hostdata/username/public_html/yourdomain_com
NOTE: the end of the path is yourdomain_com not yourdomain.com -
Install the certificates
using certbot-auto certonly
follow the directions and enter the path from step 2. -
Make a backup of ssl.conf
cp -a /etc/httpd/conf.d/ssl.conf ssl.conf.backup -
Open ssl.conf
nano /etc/httpd/conf.d/ssl.conf
delete everything in the file and paste the below into the file.
replace the username and yourdomain.com with your details.
(then goto step 5 below)
###############copy from here
LoadModule ssl_module modules/mod_ssl.so
Listen 443
NameVirtualHost *:443
SSLPassPhraseDialog builtin
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
SSLStrictSNIVHostCheck off
<VirtualHost *:443>
DocumentRoot /var/zpanel/hostdata/zadmin/public_html/yourdomain_com
ServerName yourdomain.com
ServerAlias yourdomain.com www.yourdomain.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/zpanel/hostdata/username/public_html/yourdomain2_com
ServerName yourdomain2.com
ServerAlias yourdomain2.com www.yourdomain2.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/zpanel/hostdata/username/public_html/anotherdomain_com
ServerName anotherdomain.com
ServerAlias anotherdomain.com www.anotherdomain.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/letsencrypt/live/anotherdomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/anotherdomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/anotherdomain.com/chain.pem
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
################# end copy here
- Restart Apache
Apache should restart
If not it will be a syntax error. Check the contents of ssl.conf.
I have one certificate with a few child domains and another certificate with a single domain.
All working beautifully,
Thankyou letsEncrypt.
Lets Encrypt the Web…