Welcome to Centmin Mod Community
Register Now

SSL I have bought an Comodo Positive SSL from Namecheap. How to install and use it in Centminmod

Discussion in 'Domains, DNS, Email & SSL Certificates' started by pheonis, Feb 8, 2019.

  1. pheonis

    pheonis Member

    54
    3
    8
    Dec 21, 2018
    Ratings:
    +4
    Local Time:
    11:03 AM
    Hi,
    How can i install SSL that i have bought from a 3rd party vendor to use in my website?
    Any documentation should help.I dont want to use lets encrypt SSL.

    Thanks
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Method 1 is how what you're looking for. Though Method 3 is probably easiest to just use free letsencrypt SSL certificates.

    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

    You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

    If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
    Note:
    • For wordpress auto installer, you actually need a read method 2 to enable LETSENCRYPT_DETECT='y' then run centmin.sh menu option 22 which will detect letsencrypt support and display the additional letsencrypt prompts required to issue free letsencrypt ssl certificates for wordpress auto installer
     
  3. pheonis

    pheonis Member

    54
    3
    8
    Dec 21, 2018
    Ratings:
    +4
    Local Time:
    11:03 AM
    I have bought SSL from namecheap during blackfriday offer and according to Namecheap "Promo SSL is only for the domains that were not previously assigned for SSL certificates." So i have to install the SSL to a domain that has not installed letsencrypt SSL at first.
     
  4. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    i think that means previous paid SSL certs they provided themselves i.e. to prevent folks from using promo ssl to renew an existing promo ssl domain over time. Nothing to do with letsencrypt ssl pre-existing
     
  5. pheonis

    pheonis Member

    54
    3
    8
    Dec 21, 2018
    Ratings:
    +4
    Local Time:
    11:03 AM
  6. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  7. pheonis

    pheonis Member

    54
    3
    8
    Dec 21, 2018
    Ratings:
    +4
    Local Time:
    11:03 AM
    1-Used
    Code:
    mkdir -p /usr/local/nginx/conf/ssl/zepperin/
    2-Then
    Code:
    cd /usr/local/nginx/conf/ssl/zepperin/
    3-Generted CSR using this code
    Code:
    openssl req -new -newkey rsa:2048 -nodes -out zepper_in.csr -keyout zepper_in.key -subj "/C=IN/ST=xxxx/L=xxxx/O=xxxx/OU=xxxx/CN=zepper.in"
    4- Put the CSR in Namecheap Comodo SSL and generated 3 files
    zepper_in.p7b , zepper_in.crt , zepper_in.ca-bundle
    5-Created Dhparam
    Code:
    openssl dhparam -out dhparam.pem 2048
    6-Created SSL-unified.crt using
    Code:
    cat zepper_in.crt zepper_in.ca-bundle > ssl-unified.crt
    7-Created SSL-trusted.crt using
    Code:
    cat zepper_in.ca-bundle > ssl-trusted.crt
    8-Everything placed inside /usr/local/nginx/conf/ssl/zepperin/
    9-Then
    Code:
     cd /usr/local/nginx/conf/conf.d/ 
    and edited zepper.in.ssl.conf below
    Code:
    ssl_dhparam /usr/local/nginx/conf/ssl/zepperin/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/zepperin/zepper_in.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/zepperin/zepper_in.key;
     ssl_trusted_certificate /usr/local/nginx/conf/ssl/zepperin/ssl-trusted.crt;
    10-Restarted nginx

    Still SSL not showing up. Am i doing something wrong?
     
  8. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Where are you verifying that SSL cert isn't showing up ? Run your HTTPS domain site through SSLLabs tester at SSL Server Test (Powered by Qualys SSL Labs)

    If you have cloudflare in front of centmin mod nginx, then cloudflare ssl cert is show as expected and not your comodo ssl cert on nginx
     
    • Dumb Dumb x 1
  9. pheonis

    pheonis Member

    54
    3
    8
    Dec 21, 2018
    Ratings:
    +4
    Local Time:
    11:03 AM
    thanks for the prompt reply, I got this working.its working. but i got this "
    This server's certificate chain is incomplete. Grade capped to B." at ssllabs
     
  10. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    incorrect paths for
    Code (Text):
    ssl_dhparam /usr/local/nginx/conf/ssl/zepperin/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/zepperin/zepper_in.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/zepperin/zepper_in.key;
     ssl_trusted_certificate /usr/local/nginx/conf/ssl/zepperin/ssl-trusted.crt;
    

    from method 1 linked instructions at Nginx HTTP/2 & SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS ssl_certificate needs to point to ssl-unified.crt you created.
    Code (Text):
    ssl_dhparam /usr/local/nginx/conf/ssl/zepperin/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/zepperin/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/zepperin/zepper_in.key;
     ssl_trusted_certificate /usr/local/nginx/conf/ssl/zepperin/ssl-trusted.crt;
    
     
  11. pheonis

    pheonis Member

    54
    3
    8
    Dec 21, 2018
    Ratings:
    +4
    Local Time:
    11:03 AM
    getting this error"
    Restarting nginx (via systemctl): Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details."
    after changing to ssl-unified.crt and during restart im getting the above error
     
  12. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    run nginx config test
    Code (Text):
    nginx -t
    

    for posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)
     
  13. pheonis

    pheonis Member

    54
    3
    8
    Dec 21, 2018
    Ratings:
    +4
    Local Time:
    11:03 AM
    Code:
    nginx -t
    got this
    Code:
    nginx: [emerg] PEM_read_bio_X509_AUX("/usr/local/nginx/conf/ssl/zepperin/ssl-unified.crt") failed (SSL: error:0908F066:PEM routines:get_header_and_data:bad end line)
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    
     
  14. pheonis

    pheonis Member

    54
    3
    8
    Dec 21, 2018
    Ratings:
    +4
    Local Time:
    11:03 AM
    The error was which is two lines became one line during concatenation , i fixed that and the issue resolved.
     
    • Like Like x 1
  15. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Glad to hear :)
     
    • Like Like x 1