Welcome to Centmin Mod Community
Register Now

SSL StartSSL Or Lets Encrypt . Confirm

Discussion in 'Domains, DNS, Email & SSL Certificates' started by R0rke, Jun 3, 2016.

  1. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    9:46 AM
    1.11.1
    10.1
    hi @eva2000
    can you please explain which is this service providers are good and more stable for 123.09beta01?
    recently i read this article : Letsencrypt Free SSL Certificates
    but i have a problem here :
    Code:
    /root/.local/share/letsencrypt/bin/letsencrypt -c /etc/letsencrypt/webroot.ini --user-agent centminmod-centos6-webroot --webroot-path /home/nginx/domains/le10.http2ssl.xyz/public -d le10.http2ssl.xyz certonly
    Code:
    --user-agent centminmod-centos6-webroot
    what should i do when i using Centos 7 ? i think simply i just need to change centos6 to centos7 ?
    Code:
    --user-agent centminmod-centos7-webroot

     
  2. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    2:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes just change centos6 to centos7 that's just user agent identifying to letsencrypt nothing for actual issuance of ssl certificate

    as to which is more stable, in terms of letsencrypt official client it's constantly in development and evolving over time - recently got renamed from letsencrypt to certbot for the client so stable wise startssl would be more stable with longer expiry times

    as such centmin mod's letsencrypt integration is switching from official client to a 3rd party lighter pure shell bash script one called acme.sh which will be used in my addon wrapper script called acmetool.sh Letsencrypt - Welcome to acmetool.sh - new letsencrypt addon for Centmin Mod LEMP stacks | Centmin Mod Community

    if you're manually doing it, check out acme.sh client instead GitHub - Neilpang/acme.sh: An ACME Shell script, a certbot client: acme.sh
     
    • Like Like x 1
  3. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    9:46 AM
    1.11.1
    10.1
    so there ist any article about using startssl on Centmin mod ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    2:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    no as startssl like all other web browser trusted paid ssl certificates are installed the same way as outlined at Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS and SSL - How to install an ssl certificate? | Centmin Mod Community

    centmin mod nginx vhost routines if you answer yes to self-signed ssl cert, will auto setup the http/ssl nginx vhost for you first, then you just switch from self-signed ssl to paid or startssl ssl certificate as outlined below
     
    • Like Like x 1
  5. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    9:46 AM
    1.11.1
    10.1
    i should make the key then copy on startssl ? right ? a box that want some codes + a command like this on below :
    Code:
    openssl req -new -newkey rsa:2048 -sha256 -nodes -out yourdomain_com.csr -keyout yourdomain_com.key -subj "/C=US/ST=Rhode Island/L=East Greenwich/O=Fidelity Test/CN=yourdomain.com"
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    2:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1
  7. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    9:46 AM
    1.11.1
    10.1
    i think i just use method 1 ?
    help me with that pic i attached , how i must fill those fields .
     

    Attached Files:

  8. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    2:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    Believe first box is for domain so
    Code (Text):
    domain.com
    www.domain.com
    

    2nd box, in the *.csr file you generated, open it up or in SSH just
    Code (Text):
    cat /path/to/your/yourdomain_com.csr

    i.e. if csr file is at /usr/local/nginx/conf/ssl/domain.com/yourdomain_com.csr
    Code (Text):
    cat /usr/local/nginx/conf/ssl/domain.com/yourdomain_com.csr

    then copy and paste csr file contents into the 2nd box
     
    • Like Like x 1
  9. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    9:46 AM
    1.11.1
    10.1
    when i trying to add a vhost should i say yes to use self signed ssl ? #ForStartSSL
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    2:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes as that auto generates the domain.com.ssl.conf file for you so you just have to modify it for startssl or any paid ssl via the switch from self signed SSL to paid SSL see sections at Nginx Vhost & NSD DNS Setup
     
    • Like Like x 1
  11. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    9:46 AM
    1.11.1
    10.1
    what a fast supporting thank you dear friend :X
    well here are .
    Code:
     rm -rf /usr/local/nginx/conf/conf.d/aryaii.com.conf
    /usr/local/nginx/conf/conf.d/aryaii.com.ssl.conf
    /usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.crt
    /usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.key
    /usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.csr
    /usr/local/nginx/conf/ssl/aryaii.com
    /home/nginx/domains/aryaii.com
    i could't get this part :
    Code:
    mkdir -p /usr/local/nginx/conf/ssl/domaincom/
    well this directory was created by automatic vhosts adder , ok ?
    and i have a self-signed ssl too ?
    now how can i get the codes and copy on the StartSSL Control panel
     
  12. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    2:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    don't need to run mkdir for that directory as it's auto created when you answer yes to self-signed ssl generation in centmin.sh menu option 2, 22 and /usr/bin/nv cmd options

    as to copying contents of files, just use cat command above SSL - StartSSL Or Lets Encrypt . Confirm | Centmin Mod Community to output contents of a file to your ssh client window screen and then copy and paste just that code
     
    • Like Like x 1
  13. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    2:46 AM
    Nginx 1.13.x
    MariaDB 5.5
  14. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    9:46 AM
    1.11.1
    10.1
    done , but the start ssl give me a file , i must upload this file on my server ? i attached here
     
  15. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    2:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    no no DO NOT upload and attach your ssl zip to the forums, security issue as it would contain your private key !

    yes upload to server via sftp as root user or just use linux text editor like vim or nano to copy and paste contents of zip files into newly created files via sshd client
     
    • Like Like x 1
  16. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    9:46 AM
    1.11.1
    10.1
    thank you , this original cert of my website aryaii.com.csr and the downloaded one is 1_aryaii.com_bundle.crt i should replace or just copy ?

    you mean editing aryaii.com.csr by nano editor and then copy 1_aryaii.com_bundle.crt content on aryaii.com.csr then replace the codes ?
     
  17. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    2:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    open .csr and .crt files locally on own computer and copy it's contents into exact file names on the server at /usr/local/nginx/conf/ssl/youromain.com directory so on /usr/local/nginx/conf/ssl/yourdomain.com you create using nano or vim the similar file names and paste the contents - basically recreating the file on the server without needing to use sftp and root user

    or if your ssh client has inbuilt sftp support like with securecrt ssh client i use, you can switch between ssh and sftp within the same app to just use sftp command put to upload to the directory and use lcd, lls to locally change directory and locally list directory and cd and ls to remotely change and list directory contents.

    example

    [​IMG]
     
    • Like Like x 1
  18. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    9:46 AM
    1.11.1
    10.1
    i only had crt file there is't any csr file . any way
     
  19. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    2:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    yeah just a dummy example above but same method
     
    • Like Like x 1
  20. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    9:46 AM
    1.11.1
    10.1
    you confirmed replacing by using A[LL] ok ? so what when the name of those certs are different ? i should rename then copy as ftp ?