Can i iuusue letsencrypt ssl for our server hostname ?? i tried but gave me following error acme.sh updated ----------------------------------------------------- webhost.imaginewebstudio.com nginx vhost + pureftp virtual ftp user setup /usr/bin/nv -d webhost.imaginewebstudio.com -s ydle -u tI3x7570UDfMAQz --------------------------------------------------------------- Nginx Vhost Setup... --------------------------------------------------------------- Error: webhost.imaginewebstudio.com is already setup for server main hostname at /usr/local/nginx/conf/conf.d/virtual.conf It is important that main server hostname be setup correctly As per Getting Started Guide Step 1 centminmod.com/getstarted.html The server main hostname needs to be unique. So please setup the main server name vhost properly first as per Step 1 of guide. Aborting nginx vhost creation...
The only thing that can mess up virtual.conf main host is if you install phpmyadmin.sh addon. Otherwise, you can manually setup main hostname outlined in Getting Started Guide step 1 with HTTPS using vhost generator at Generate Centmin Mod Nginx Vhost - CentminMod.com LEMP Nginx web stack for CentOS type on domain fieldin main host name domain which has to have valid DNS A record pointing to server ip i.e. host.domain.com and check box that says Generate Self-Signed SSL / Letsencrypt SSL HTTPS Vhost (File ONLY) * Vhost type = basic and hit submit follow first 3 acme.sh commands only to get letsencrypt ssl cert but edit web root from /home/nginx/domains/host.domain.com/public to point to /usr/local/nginx/html and remove www. domain from -d enable letsencrypt in 123.09beta01 - 3 commands Code (Text): touch /etc/centminmod/custom_config.inc echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc /usr/local/src/centminmod/addons/acmetool.sh acmeupdate get letsencrypt ssl cert - 1 line cmd - webroot defined by -w /usr/local/nginx/html Code (Text): /root/.acme.sh/acme.sh --force --issue --days 60 -d host.domain.com -w /usr/local/nginx/html -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-host.domain.com.log --log-level 2 install letsencrypt ssl cert - 2 line cmds Code (Text): mkdir -p /usr/local/nginx/conf/ssl/host.domain.com /root/.acme.sh/acme.sh --installcert -d host.domain.com --certpath /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.cer --keypath /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.key --capath /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-fullchain-acme.key then make a copy of /usr/local/nginx/conf/conf.d/virtual.conf as /usr/local/nginx/conf/conf.d/virtual.ssl.conf Code (Text): cp -a /usr/local/nginx/conf/conf.d/virtual.conf /usr/local/nginx/conf/conf.d/virtual.ssl.conf now edit within /usr/local/nginx/conf/conf.d/virtual.ssl.conf with ssl cert lines so looks like Code (Text): server { listen 443 ssl http2; server_name host.domain.com; ssl_certificate /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.cer; ssl_certificate_key /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.key; include /usr/local/nginx/conf/ssl_include.conf; http2_max_field_size 16k; http2_max_header_size 32k; http2_max_requests 5000; # dual cert supported ssl ciphers ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; ssl_prefer_server_ciphers on; #add_header Alternate-Protocol 443:npn-spdy/3; #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; #add_header X-Frame-Options SAMEORIGIN; #add_header X-Xss-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; #spdy_headers_comp 5; ssl_buffer_size 1369; ssl_session_tickets on; # enable ocsp stapling resolver 8.8.8.8 8.8.4.4 valid=10m; resolver_timeout 10s; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.cer; root html; access_log /var/log/nginx/localhost.access.log combined buffer=8k flush=1m; error_log /var/log/nginx/localhost.error.log error; # ngx_pagespeed & ngx_pagespeed handler #include /usr/local/nginx/conf/pagespeed.conf; #include /usr/local/nginx/conf/pagespeedhandler.conf; #include /usr/local/nginx/conf/pagespeedstatslog.conf; # limit_conn limit_per_ip 16; # ssi on; location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; #allow youripaddress; deny all; } location / { # block common exploits, sql injections etc #include /usr/local/nginx/conf/block.conf; #Enables directory listings when index file not found #autoindex on; } include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/include_opcache.conf; include /usr/local/nginx/conf/php.conf; #include /usr/local/nginx/conf/phpstatus.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; #include /usr/local/nginx/conf/vts_mainserver.conf; } restart nginx Code (Text): ngxrestart now you should be able to access both https and non-https hostname and then if all is working do a non-https to https 302 temp redirect If you do have phpmyadmin.sh installed phpmyadmin, you can probably try this to fix the conflict via these steps. 1. Get the contents of /usr/local/nginx/conf/phpmyadmin_https.conf and place it in your above created /usr/local/nginx/conf/conf.d/virtual.ssl.conf main hostname HTTPS nginx vhost within server{} context 2. Backup locally copy of phpmyadmin.sh auto generated self-signed SSL cert HTTPS vhost at /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf 3. Then take the below following values contained within /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf and transpose them into your above created /usr/local/nginx/conf/conf.d/virtual.ssl.conf main hostname HTTPS nginx vhost within server{} context Code (Text): keepalive_timeout 3000; client_body_buffer_size 256k; client_body_timeout 3000s; client_header_buffer_size 256k; ## how long a connection has to complete sending ## it's headers for request to be processed client_header_timeout 60s; client_max_body_size 512m; connection_pool_size 512; directio 512m; ignore_invalid_headers on; large_client_header_buffers 8 256k; 4. Then remove /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf 5. Test Nginx config & Restart Nginx & PHP-FPM Code (Text): nginx -t nprestart