Help A Dummy :: Webcert certonly installation


#1

Please fill out the fields below so we can help you better.

My domain is: stanragets.com

I ran this command: cerbot certonly for stanragets.com & www.stanragets.com

It produced this output: Congratulations

My operating system is (include version): CentOS7

My web server is (include version): Apache (but the certbot gives me apache plugin isn’t running or something of that jazz)

My hosting provider, if applicable, is: SelfHosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Webuzo

I installed and ran certbot with no problems. Wanted to simply test it out on StanRagets.com which is a landing page for my other sites. Got the congratulations and can renew with no issues. I’m very new to this and would like to ask if someone could please help me with whatever remaining steps there might be to get SSL/HTTPS working for this site. I should be able to get the subdomains up and going once I understand what needs to be done to secure this portion.

Thank you!


#2

Hi @who8mypnuts, do you know if your Webuzo control panel gives you a place where you can upload certificates and keys inside the control panel? That might be the easiest way to proceed if it does.


#3

I took a look very quickly online and found this:
http://www.webuzo.com/wiki/Install_SSL_Certificate

Is this what I should do?


#4

Yep! The files in question should be in /etc/letsencrypt/live/stanragets.com on the server. You’ll want privkey.pem for the private key, cert.pem for the certificate, and chain.pem for what Webuzo calls the CA bundle.

If you paste or upload them there, it should work. Please keep in mind that Let’s Encrypt certificates expire after 3 months so you’ll need to repeat the process then. (We’d like tools like Webuzo to add support for automatically getting the certificate, so that you don’t have to do this manually every 3 months. If you have any contact with the Webuzo developers or community, maybe you could bring this possibility up with them.)


#5

Awesome! It worked perfectly.

Could you please tell me how to force the site to load in https at all times?

I’m assuming it can be done relatively easy with .htaccess?


#6

It’s just a simple rewrite

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

You may also want to set the HSTS header

Header set Strict-Transport-Security: max-age=31536000; includeSubDomains

#7

Thank you so very much. I’ve got them all setup and working well!


#8

Great! Don’t forget the 3 month renewal time, though.


#9

Indeed. It’s so annoying that webuzo doesn’t just load them in with the fetch command.
I’ve added it to my calendar to remind me to refresh them. When do they actually renew, on the expiration day or prior to?


#10

Automatic renewal generally only happens if you set up certbot renew with a cron job. If you haven’t done that, then you don’t have automatic renewal enable and you’ll need to re-run certbot yourself. You can choose when to renew. Certbot is willing to renew for you without --force-renew any time within the last month of validity of the certificate, or at any time if you add --force-renew.


#11

Sounds good.
So I’ve setup a cronjob to run daily to renew this. Does that mean within the last month it will renew? If that’s the case, do I lose the SSL I currently have (once renewed) on my site since I’ve got to input everything manually into webuzo?


#12

Yes, it should renew within the last month. (The certbot renew script will check the expiration date and try to renew when there’s less than a month remaining.)

Renewal doesn’t revoke the previous cert, so you can continue using it until it expires, meaning you can choose when you want to upload the new cert using Webuzo. If you get adventurous and want to learn to edit your web server configuration manually – bypassing Webuzo entirely – you can point it directly at the files inside /etc/letsencrypt and then you would no longer have to do the upload step at all!


#13

Good news on both fronts. Thank you for letting me know about the renewals.
Any recommendations for reading up on how I configure this on my own?


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.