Welcome to Centmin Mod Community
Register Now

SSL Help with configuring PositiveSSL

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Zynektic, May 3, 2016.

Tags:
  1. Zynektic

    Zynektic New Member

    9
    3
    3
    May 2, 2016
    Ratings:
    +4
    Local Time:
    12:47 PM
    Good evening,

    I'm new to this as I usually have someone else do it or use a shared cloud hosting platform but thought I would give it a go and unsure of the last step in configuring my SSL. I have read the guides but they are all too confusing for me. I configured my server as follows.

    1. $10 DigitalOcean CentOS 7.2 64Bit + SSH Key
    2. Altered my hostname beforehand to ne1.domain.com (ne1 is my droplet name)
    3. Added MX/CNAME/TXT/SRV entries on linked digitalocean domain with ones provided by namecheap here
    4. Tested it on DNSInspect and other than a few things like TTL time being too low the majority was okay with an A rating.
    5. Connect to PuTTY with SSH and issued the command:
      Code:
      curl -O https://centminmod.com/installer.sh && chmod 0700 installer.sh && bash installer.sh
    6. Made a note of the output passwords and such and then reloaded the SSH
    7. cd /usr/local/src/centinmod and ran ./centmin.sh and selected option 22
    8. Did the final Wordpress setup at the end and it all runs fine
    I am then stuck on how to add my PositiveSSL I got for free from namecheap. I've not activated it yet and have read the documents on adding SSL but it just confuses me so after all of that, is there an easy way or a few steps to do this or anything I missed such as scp (did try letsencrypt but got stuck on scp as it asked for a root password I never had).

    I hope that makes sense and thanks for any input!
     
  2. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    1. run centmin.sh menu option 22 to add new wp nginx vhost and when prompted for self-signed ssl certificate and vhost creation answer yes = y as per Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS
    2. then take a note of output at end of the nginx vhost routine you get paths to your nginx http and https vhost files and web root public path etc.
    3. Then on same page at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS read and follow instructions and links on switching from self-signed ssl to paid/browser trusted ssl certificate
    If you didn't answer yes to self-signed ssl certificate vhost generation at centmin.sh menu option 2 stage. Then need to follow steps outlined at Nginx - Install self signed certificate after vhost is created?
     
  3. Zynektic

    Zynektic New Member

    9
    3
    3
    May 2, 2016
    Ratings:
    +4
    Local Time:
    12:47 PM
    Thanks, I have read those and get the general idea but how do I upload the certificates to the server as scp does not work. If I upload the .zip to my site directory and unzip, cd into the folder, am I able to move the files this way so I can chain them?

    Edit: I also tried this but on the last steps I couldn't scp the files I made as no root password it kept asking for so no clue what to do there.
     
    Last edited: May 3, 2016
  4. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    your server's root password would of been set by you or your web host i.e. DigitalOcean VPS - if you used DO SSH keys, then you need to setup it to connect via SSH key i.e. How To Remotely Copy Files Over SSH Without Entering Your Password

    or you can just recreate the ssl files for concatenation via SSH command line and linux text editor like vim or nano and copy and paste works too
     
    • Informative Informative x 1
  5. Zynektic

    Zynektic New Member

    9
    3
    3
    May 2, 2016
    Ratings:
    +4
    Local Time:
    12:47 PM
    Thanks, shall look into that.

    I used to use a Linux flavour a lot but with gaming and a single laptop with a small SSD at the moment I had to go back to Windows so have forgot how to do a lot of stuff. As we discussed in the other thread about notes and such, I am creating multiple droplets to test things and keeping notes of paths and such. The SSL will be the last step to have it running how I wanted.
     
  6. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    yeah digital notes for such stuff would make copy and pasting easier in this instance :)
     
  7. Zynektic

    Zynektic New Member

    9
    3
    3
    May 2, 2016
    Ratings:
    +4
    Local Time:
    12:47 PM
    Just a quick question on this.

    If I want to keep costs down at the moment with a $5 DO droplet and use SSL, is it better to go with the CentOS 6.7 with the automated WP install as if I have read it correctly it requires at least the $10 one for the CentOS 7.2 setup with SSL?
     
  8. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    yup CentOS 7 needs min 1GB memory, so with <1GB use CentOS 6.7
     
    • Like Like x 1
  9. JoeDer

    JoeDer New Member

    8
    3
    3
    Feb 22, 2015
    Ratings:
    +4
    Local Time:
    2:47 PM
    Nginx 1.11.7
    MariaDB 10.1.20
    Hi @eva2000 ,

    I don't understand why these 2 trusted and unified crt keys are included in the switching from self-signed ssl to paid/browser trusted ssl certificate article.

    My SSL provider has given me 3 codes, CSR, CRT and CA from my previous setup, I also have the private key. Can I replace the content of the certificates which auto created with the content of my paid certificate (CSR, CRT and private key)?
     
  10. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    that's exactly what you have to do the concatenation of those files to replace the self signed ssl ones as outlined at Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS

     
    • Like Like x 1
  11. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:47 PM
    Nginx 1.13.x
    MariaDB 5.5
  12. JoeDer

    JoeDer New Member

    8
    3
    3
    Feb 22, 2015
    Ratings:
    +4
    Local Time:
    2:47 PM
    Nginx 1.11.7
    MariaDB 10.1.20
    In /usr/local/nginx/conf/ssl/mydomain.com I've replace the self-signed SSL certificate files with those from my SSL provider (mydomain.com it's for screenshot purpose).
    usr-local-nginx-conf-ssl-mydomian_com.png

    Then I have to run:
    Code:
    cat mydomian.com.crt mydomain.com.ca > ssl-unified.crt
    and
    Code:
    cat mydomain.com.ca > ssl-trusted.crt
    to generate correctly those files (ssl-unified.crt and ssl-trusted.crt )?
     
  13. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    which ssl certificate you using, see examples at SSL - Compiled list of SSL certificate file name bundles | Centmin Mod Community

    what is mydomain.com.ca ? already the bundle for intermediate/root crts ?

    from Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS bottom of page has list of ssl tools to test if you got it right
     
  14. JoeDer

    JoeDer New Member

    8
    3
    3
    Feb 22, 2015
    Ratings:
    +4
    Local Time:
    2:47 PM
    Nginx 1.11.7
    MariaDB 10.1.20
    I have bought my SSL from globessl.com and I think it comes from Alpha SSL.
    In my panel I have these codes which they are created from a previous setup on another server. I have save the private key when CSR has created
    globessl.png

    Is a good idea to reissue certificate for my domain or I can use it as it is? If I reissued I'll take these 3 codes, nothing else.
     
  15. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    no need to reissue :)
     
    • Like Like x 1
  16. JoeDer

    JoeDer New Member

    8
    3
    3
    Feb 22, 2015
    Ratings:
    +4
    Local Time:
    2:47 PM
    Nginx 1.11.7
    MariaDB 10.1.20
    Ok cool, I'll try to understand :)
    Thank you!!