Learn about Centmin Mod LEMP Stack today
Register Now

Letsencrypt How to enable LetsEncrypt with Centmin Mod?

Discussion in 'Install & Upgrades or Pre-Install Questions' started by Kainzo, Aug 17, 2018.

  1. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    5:22 AM
    Unsure
    10
    I'm just looking for a little more information, is LetsEncrypted enabled by default or is there additional info to do this?
    Please fill in any relevant information that applies to you:
    • CentOS Version: i.e. CentOS 6 32bit or 64bit / CentOS 7 64bit ? 7.5 64bit
    • Centmin Mod Version Installed: i.e. 123.08stable or 123.09beta01 - stable
    • Nginx Version Installed: i.e. 1.11.10 - 1.11.10
    • PHP Version Installed: i.e. 5.6.30 or 7.0.15 - 5.6
    • MariaDB MySQL Version Installed: i.e. 10.0.21 or 10.1.21 - 10
    • When was last time updated Centmin Mod code base ? : i.e. run centmin.sh menu option 23 submenu option 2 - I just installed centmin last night for the first time ever
    • Persistent Config: Do you have any persistent config file options set in /etc/centminmod/custom_config.inc ? You can check via this command: - fresh install unsure.

      cat /etc/centminmod/custom_config.inc


      Post output in CODE tags.
     
  2. Meirami

    Meirami Member

    118
    13
    18
    Dec 21, 2017
    Ratings:
    +37
    Local Time:
    1:22 PM
    No, it's not enabled by default .
    Set up your domain.
    Add a line to custom_config.inc to enable Let's Encrypt.
    Code:
    LETSENCRYPT_DETECT='y'

    Then,
    #run Centmin menu option #2
    y #continue
    domain.name
    n #we don't need self-signed certificate.
    y #we'll use Letsencrypt
    #I suppose domain is set
    y #continue
    y #continue
    4 #live cert with HTTPS default (trusted)
    ftpusername #or whatever you like
    y #auto generate FTP password
    y #continue
     
  3. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    5:22 AM
    Unsure
    10
    I'm a very new user, can you point me in the direction of the custom_config.inc ? is it under /etc or /home ?
     
  4. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    5:22 AM
    Unsure
    10
    Also a little confused when you say "run menu option cenmin 2" --- I'll go read up on this.
     
  5. Meirami

    Meirami Member

    118
    13
    18
    Dec 21, 2017
    Ratings:
    +37
    Local Time:
    1:22 PM
    This is how I installed Nextcloud. Install Nextcloud 13 (I copied my first reply from there)
    You can start with it. Just stop when installing Nextcloud starts. :)

    Remember to study getting started guide, it will help a lot.
     
  6. eva2000

    eva2000 Administrator Staff Member

    36,867
    8,069
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,427
    Local Time:
    9:22 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    For Centmin Mod users getting free letsencrypt SSL certificates for HTTPS is easy if you're using Centmin Mod 123.09beta01 or newer branches. Full technical details here.

    There's 2 manual guides below and a quick setup guide below too
     
  7. eva2000

    eva2000 Administrator Staff Member

    36,867
    8,069
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,427
    Local Time:
    9:22 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Official site has a link to info on centmin.sh shell menu it's the core to managing Centmin Mod servers see https://centminmod.com/menu.html and you use centmin.sh menu option 2 as one method to create new nginx site domains on the server as outlined at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS

    though following above guides will help for letsencrypt
     
  8. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    5:22 AM
    Unsure
    10
    Okay, I guess I have to go into the beta version to get this easily done... is the fastest route to just reinstall centmin?
     
  9. eva2000

    eva2000 Administrator Staff Member

    36,867
    8,069
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,427
    Local Time:
    9:22 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    If you have no important data to retain, then reinstall fresh CentOS OS + reinstall Centmin Mod 123.09beta01 will be best way to get all 123.09beta01 improved features i.e. more auto optimised initial install settings and config options.

    You can also upgrade from 123.08stable to 123.09beta01 outlined below but you don't get the initial install auto optimisations as you would if you did fresh 123.09beta01 install.

    Upgrading Centmin Mod Code to Latest Version



    Getting Started Guide step 19 outlines also how to keep Centmin Mod code updated or how to switch version branches or you can run cmupdate command that was recently added.

    Centmin Mod LEMP stack's script code is constantly updated for improvements, bug fixes and security fixes so keeping the Centmin Mod code up to date is important. With Centmin Mod 1.2.3-eva2000.08) (123.08stable) and higher releases, a newly added centmin.sh menu option 23 allows much easier code updates and version branch switching via Git backed environment you can setup.

    For 123.08stable that means centmin.sh menu option 23 submenu option 2 (if you previously ran submenu option 1) first, then exit centmin.sh, re-enter /usr/local/src/centminmod and re-run centmin.sh menu.

    For 123.09beta01 and higher that means running SSH command = cmupdate and then re-enter /usr/local/src/centminmod and re-run centmin.sh menu.

    For full details read the following links:
    Upgrading Centmin Mod involves 2 parts.
    1. Upgrading the actual Centmin Mod code outlined at Upgrade Centmin Mod. This is heart of Centmin Mod where the code is the engine that runs centmin.sh shell based menu and all the automation you're accustomed to. You can easily update within a Centmin Mod version branch or switch version branches via centmin.sh menu option 23 outlined here.
    2. Upgrade software that Centmin Mod installed or manages. For this part following outline at How to upgrade Centmin Mod software installed on your server.
    So essentially, you can upgrade from one version branch to another i.e. 123.08stable to 123.09beta01 or higher in place, but not everything is upgraded as some things like server initial environment setup isn't changed i.e. how swap, tmp setup and allocation are created etc. The main parts from part 2 above are what in place upgrades do i.e. Nginx and PHP-FPM compilation and config/settings parameters and MariaDB version from 5.5 to 10.0.x. If you want the full environment changed including tmp and swap setup to 123.09beta01 etc configuration, then you would need a fresh OS install and fresh 123.09beta01 initial install. You can think of it like upgrading Windows 7 to Windows 8. An in place upgrade will upgrade code but won't change your computer environment from when you installed Windows 7 i.e. disk configuration and partition sizes won't change from when you initially installed Windows 7. Only way to change that would be fresh Windows 8 install.
     
  10. eva2000

    eva2000 Administrator Staff Member

    36,867
    8,069
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,427
    Local Time:
    9:22 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    CSF Firewall is automatically installed/configured out of box so that shouldn't be the issue. Who's your web host or web host plan used ? Some web hosts have their own firewall layer in front of the server which maybe enabled by default or optionally enabled by end user i.e. AWS EC2, Google Cloud compute etc. So the port 80 and 443 would need opening on those front end layer firewalls separate from Centmin Mod CSF Firewall.

    You letsencrypt ssl cert issuance failed domain webroot file based verification as seems your domain points to an Amazon AWS EC2 IP so I assume you are using EC2. So with Amazon EC2 servers, you need to configure EC2 firewall security groups Authorizing Inbound Traffic for Your Linux Instances - Amazon Elastic Compute Cloud. You can see CSF Firewall's minimal open port configuration which you may need to replicate on AWS EC2 security group firewall for inbound connections at CSF - Centmin Mod LEMP stack CSF Firewall default port listing

    Is this first time using AWS EC2 ? If so be aware EC2 bandwidth costs are expensive between US$90-120/TB so if you have a uncontrolled bandwidth spike to 10TB you'd be paying 10x90-120 = US$900 to US$1,200 for that !
     
  11. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    5:22 AM
    Unsure
    10
    THis is a fresh install of Centos 7.5 from Digitalocean. I installed the beta centmin mod (ran centmin) and then immediately ran the tool.
    Did I mess up somewhere?
     
  12. eva2000

    eva2000 Administrator Staff Member

    36,867
    8,069
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,427
    Local Time:
    9:22 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Your domain name's DNS is pointing to an IP owned by Amazon EC2 network IP Location Finder | Detailed geolocation data and RESTful API - if that isn't your DigitalOcean IP address, then you have setup your domain's DNS A record incorrectly and needs updating to DigitalOcean's droplet server Ip addreess - probably why letsencrypt domain validation failed as it's connecting to wrong server IP

    upload_2018-8-17_8-11-33.png
     
  13. eva2000

    eva2000 Administrator Staff Member

    36,867
    8,069
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,427
    Local Time:
    9:22 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Once you have updated domain DNS to correct DigitalOcean droplet IP address, you can verify the A record points to correct IP via Global DNS Propagation Checker - What's My DNS? select A record and search should report correct IP for all listed DNS locations.

    Once that is done, easiest way is to remove the failed nginx domain vhost creation and try again.

    To properly remove an Nginx vhost the instructions are on official site at How to delete Nginx vhost account for existing domain/subdomain ? as well as on each Nginx vhost creation's ending output too lists the commands.

    You also get a log file for each Nginx vhost created which also lists the commands in 123.09beta01 and higher example for http2.domain.com remove log at /root/centminlogs/centminmod_140218-021218_nginx_addvhost_nv-remove-cmds-http2.domain.com.log
    Code (Text):
    ls -lahrt /root/centminlogs/ | grep remove
    -rw-r--r--   1 root root 1.3K Feb 14 02:12 centminmod_140218-021218_nginx_addvhost_nv-remove-cmds-http2.domain.com.log
    
     
  14. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    5:22 AM
    Unsure
    10
    I dont see how thats possible... Cloudflare is controlling my doman and its being forwarded by namecheap

    [​IMG]

    [​IMG]
     
  15. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    5:22 AM
    Unsure
    10
    My god... I just realized, I bought .org not .com...
    My bad.. lol
     
    • Funny Funny x 1
  16. eva2000

    eva2000 Administrator Staff Member

    36,867
    8,069
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,427
    Local Time:
    9:22 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    :LOL: well that would explain things - at least you learnt something from this :)
     
  17. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    5:22 AM
    Unsure
    10
    Does Webmin work out of the box with Centmin?

    It doesnt seem to be letting me access the page
    Code:
    Total                                                                                                                            2.6 MB/s |  28 MB  00:00:10     
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : perl-Encode-Detect-1.01-13.el7.x86_64                                                                                                         1/2
    Operating system is CentOS Linux
      Installing : webmin-1.890-1.noarch                                                                                                                         2/2
    Webmin install complete. You can now login to https://site.fpgatalk.org:10000/
    as root with your root password.
      Verifying  : webmin-1.890-1.noarch                                                                                                                         1/2
      Verifying  : perl-Encode-Detect-1.01-13.el7.x86_64                                                                                                         2/2
    
    Installed:
      webmin.noarch 0:1.890-1                                                                                                                                       
    
    Dependency Installed:
      perl-Encode-Detect.x86_64 0:1.01-13.el7                                                                                                                       
    
    Complete!
    You have new mail in /var/spool/mail/root
    [23:33][[email protected] ~]#
     
  18. eva2000

    eva2000 Administrator Staff Member

    36,867
    8,069
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,427
    Local Time:
    9:22 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    no other control panel will work see FAQ item 1 FAQ - CentminMod.com LEMP Nginx web stack for CentOS

     
..