Comments (16)
nDeloy takes all config info from cPanel's data store. When cPanel install a ssl it stores the crt,key etc location in its datastore.
In short if the plugin installs the ssl correctly in cPanel; nDeploy will pick it up .No issues :)
The plugin should mostly use cPanel API's to install the cert .
Let me know how this goes.
from autom8n.
@trgcyln I haven't tried this on my production server yet, however, I did spin-up a DigitalOcean Droplet and install a cPanel demo earlier this week using the LetsEncrypt plugin you've referenced and it worked well.
SSL Labs provided an A rating from what I recall. I do not remember if I was in proxy or PHP backend mode, though.
Let us know the results here as I'm also considering the purchase.
Cheers!
from autom8n.
FYI - The mode is irrelevant .If it works in one means it will work with any mode for sure .
As far as I can see..it should work. We personally use letsencrypt cert on our website .But that was using the commandline mode and installing it through WHM just like any other cert . The only requirement for the commandline mode is it needs Python2.7 which means its not a straight forward thing in Centos6. But in centos7 default python is 2.7 and it should work flawlessly.
from autom8n.
@AnoopAlias Yeah, my current cPanel server is CentOS 6.7 and the demo server was CentOS 7. Hopefully @trgcyln can advise what their findings are.
from autom8n.
@brianjking, so far not good.
Firstly, they send me the trial license with the name "licence.json", script gave me an error:
Let's Encrypt for cPanel is unlicensed
Child failed to make LIVEAPI connection to cPanel.Cache-Control: no-cache
Content-type: text/html; charset="utf-8"
<error>[A fatal error or timeout occurred while processing this directive.]</error>
So , I had to manually rename "licence.json", into "letsencrypt-cpanel.licence".
When I was registering, I used my WHM domain name ""whm.mydomain.com" because they suggested this format.
I tried to restart the service now I'm getting this error:
2016/02/05 19:52:11 Licence is not for this hostname
So I went back to trial request form and tried to register my domain as "mydomain.com" but it says that it is already registered.
I'm gonna try installing wtih this guide. I hope it won't break my server.
https://forums.cpanel.net/threads/how-to-installing-ssl-from-lets-encrypt.513621/
from autom8n.
I have managed to install Let's Encrypt SSL.
Someone developed an automated script for Centos 6.x which is free. Thanks for that.
https://bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x
In the cpanel ( SSL/TLS Section) I'm able to see that Let's Encrypt SSL is installed but I didnt understand that if it works or not.
It says
`Domains Issuer Expiration (UTC) Key Size Description Actions
mydomain.com Let's Encrypt 5/5/16 2048 mydomain.com and www.mydomain.com
I'm trying to connect my site as https://mydomain.com
And I'm getting "ERR_CONNECTION_REFUSED".
Am I missing something ?
from autom8n.
It was the WHM domain name that causing errors so I asked plugin maker to send me a new license.
Ok Succesfully installed Let's Encrypt SSL plugin in my WHM.
But I'm still getting "ERR_CONNECTION_REFUSED"
I guess Im gonna have to edit nginx configuration files ?
Am I right ?
from autom8n.
@trgcyln You're not setup properly.
Try checking out something like this: https://gethttpsforfree.com/
Also, check https://support.sysally.net/projects/ndeploy/wiki/Http_to_https_redirection for how to configure with nDeploy.
from autom8n.
@brianjking I finally managed to install it.
I had to reinstall ndeploy, and it looks like it is updated to a new version. Anyway, everything works perfectly. I'm able to enter my sites via https.
Plugin is working perfetly and I have installed on my production server which has 15 domains on it.
Feel safe to install it.
from autom8n.
Which version of CentOS are you using? Which LetsEncrypt plugin did you use?
from autom8n.
@brianjking
CENTOS 6.7 x86_64
Plugin: https://letsencrypt-for-cpanel.com/
You need to run "/opt/nDeploy/scripts/attempt_autofix.sh" script when you add a new SSL to a new site.
If you dont, letsencrypt plugin keeps saying "Not Installed" in the SSL Section, Cpanel.
I'm not so sure but i think it is about nginx conf files so I forced them to regenerate.
Important: When you request for a license, be careful to put in the right hostname which is shown in the WHM , Change Hostname section -> Current Hostname
Use exactly same hostname in the license request otherwise it will cause problems.
Also, I spoke with the plugin maker, and license is per server. No matter how many IP adresses that your server have. License is binded on the server hostname.
So let's say you have 5 different IPs and 50 domains, 30$ license will cover all of them.
from autom8n.
Ideally ..it should work automatically and there should be no need to run attempt_autofix
After you install the cert and before you run attempt autofix what is the output of
nginx -t
Also check the file
/var/cpanel/userdata/USER/domain.com_SSL
and see if it contains the letsencrypt certificate location. If it does nDeploy should pick it up automatically.
from autom8n.
You are right, I think I have messed up some configuration on those domains so thats why I had to run "autofix.sh". It worked perfectly on other domains that I didn't touch.
By the time I hit on "Install Certificate", it is done.
Also it renews the certificate automatically.
I can confirm that this plugin has 0% conflict with nDeploy and both working great.
I'm on CENTOS 6.7 x64, WHM with nDeploy installed.
screenshots :
http://prntscr.com/9zyi4y
http://prntscr.com/9zyj4e
http://prntscr.com/9zyhfk
from autom8n.
cool . I will close this now
from autom8n.
@trgcyln Things still working well with https://letsencrypt-for-cpanel.com/?
You're on CentOS 6.x, right?
from autom8n.
FYI letsencrypt is now centos6 compatible
from autom8n.
Related Issues (20)
- custom nginx error_log for nemesida HOT 1
- Add autofix maxscale mysql on master cron
- Add default my.cnf.local on initial playbook run
- show maxscale/mariadb cluster status in WHM UI
- Extend proxy_to_master feature with a failover upstream setup
- nwaf whitelisting is accepting only one domain as parameter
- Basic spam filtering in postfix on slave nodes
- Cleanup WHM UI
- fix update_nginx_status_allow.py script on NAT-ed environment
- update maxscale to new version on playbook
- fix nwaf disable
- remove upgrade in server.j2
- Feature Request - Development Mode via App Integration HOT 1
- nginx stopped in slave for ssl error
- ansible dont support /etc/crontab for cron entry
- mariabackup gtid position script error
- Centos8 change rpm dependency to ansible-core instead of ansible HOT 1
- Remove nginx modules that no longer compile HOT 1
- move named stop step in playbook to end
- fix compatibility issue with centos7/centos8 in playbook run
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autom8n.