Join the community today
Register Now

SSL StartSSL Or Lets Encrypt . Confirm

Discussion in 'Domains, DNS, Email & SSL Certificates' started by R0rke, Jun 3, 2016.

  1. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    5:52 AM
    1.11.1
    10.1
    123.09beta01
     
  2. eva2000

    eva2000 Administrator Staff Member

    46,231
    10,510
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,293
    Local Time:
    11:52 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    strange then should http2 via centmin.sh menu option 2 unless you followed instructions at Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS and missed the note that says

     
  3. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    5:52 AM
    1.11.1
    10.1
    not working , btw fixing this is hard for me what are you thinking about Lets Encrypt ? how should i install on latest beta version of centmin
     
  4. eva2000

    eva2000 Administrator Staff Member

    46,231
    10,510
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,293
    Local Time:
    11:52 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    what isn't working what errors ?

    from Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS

    1. use openssl command to generate csr file and private key file and upload those to /usr/local/nginx/conf/ssl/domain.com directory
    2. give ssl provider the csr file contents to generate a ssl certificate and ca bundle zip and upload those to /usr/local/nginx/conf/ssl/domain.com directory
    3. concatenate the files in /usr/local/nginx/conf/ssl/domain.com as outlined Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS to get your ssl-unified.crt and ssl-trust.crt files
    4. update your domain.com.ssl.conf to set paths to those ssl-unified.crt and ssl-trust.crt files as outlined at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS
    5. restart nginx server
    6. may need to clear browser cache, restart browser to see the updated ssl certificate if you saw self-signed ssl certificate before

    letsencrypt integration is being rewritten from scratch for 123.09beta01 as an addon, acmetool.sh Letsencrypt - Welcome to acmetool.sh - new letsencrypt addon for Centmin Mod LEMP stacks | Centmin Mod Community not available for public use yet so might want to watch/subscribe to that acmetool.sh thread for future update notifications
     
    Last edited: Jun 3, 2016
  5. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    5:52 AM
    1.11.1
    10.1
    i do all of the steps yo mention , but still nothing .
     
  6. eva2000

    eva2000 Administrator Staff Member

    46,231
    10,510
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,293
    Local Time:
    11:52 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    what do you mean nothing ? did you reissue the ssl certificate at startssl after you used a new private key and csr file ? if you used a new private key from openssl command, then the old private key, csr file and domain certificate are all invalid now and you need to start from scratch again for the steps to get a startssl certificate meaning all above steps listed at SSL - StartSSL Or Lets Encrypt . Confirm | Page 3 | Centmin Mod Community have to be done again - you can't reuse the old domain.cert and key again, you need to reissue with a new domain.cert zip file and new private key

    iirc startssl free certs' reissue costs US$25 per reissue so you would have to had paid to reissue ssl certificate again, okay okay revocations cost $9.90 now StartSSL™ Certificates & Public Key Infrastructure
     
    Last edited: Jun 3, 2016
  7. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    5:52 AM
    1.11.1
    10.1
    Code:
    -- Unit nginx.service has begun starting up.
    Jun 02 20:53:14 Aryaii.co nginx[17769]: Starting nginx: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.key") failed (SSL: e
    Jun 02 20:53:14 Aryaii.co nginx[17769]: [FAILED]
    Jun 02 20:53:14 Aryaii.co systemd[1]: nginx.service: control process exited, code=exited status=1
    Jun 02 20:53:14 Aryaii.co systemd[1]: Failed to start SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server.
    -- Subject: Unit nginx.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit nginx.service has failed.
    --
    -- The result is failed.
    Jun 02 20:53:14 Aryaii.co systemd[1]: Unit nginx.service entered failed state.
    Jun 02 20:53:14 Aryaii.co systemd[1]: nginx.service failed.
    Jun 02 20:53:14 Aryaii.co polkitd[667]: Unregistered Authentication Agent for unix-process:17764:2334231 (system bus name :1.195, object path /org/freedesktop/PolicyKit
    ~
    ~
    ~
    
     
  8. eva2000

    eva2000 Administrator Staff Member

    46,231
    10,510
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,293
    Local Time:
    11:52 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    what is output of this command below
    Code (Text):
    nginx -t

    it's related to /usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.key private key