If there are several sites with SSL on the same IP address, then old ancient browsers that do not support SNI will not be able to determine which certificate to download and will most likely download the first one that is registered at the beginning of the web server configuration.Continue reading “The problem with multiple SSL on the same IP”
Once on one of the sites I noticed in WordPress the menu “Tools” – “Site Health” the following errors:Continue reading “WordPress. Solution “cURL error 60: SSL certificate problem: unable to get local issuer certificate””
I will give an example of setting up FTPS for PureFTPd running on a server with cPanel. For ProFTPD, the setup is almost the same.Continue reading “Configuring FTPS in cPanel”
Recently, Dovecot was automatically updated on one of the servers with cPanel, and the PHP self-recording system stopped importing letters, that is, it could not connect to the mail server, in the log file /var/log/maillog I discovered the following:Continue reading “cPanel. Solution of the error “dovecot: pop3-login: Disconnected (no auth attempts in 0 secs)””
In this article I will give an example of installing the Let’s Encrypt plugin in cPanel (WHM).
Let’s Encrypt allows you to install free three-month certificates for domains and automatically renew them.
I will give an example of setting up AutoSSL in cPanel, which installs free three-month certificates, and also periodically renew them automatically. When certificates are installed, they are also configured in the Apache, Dovecot and Exim services.Continue reading “Setting up AutoSSL in cPanel”
One day after installing Certbot, I entered the wrong email address and later notifications from Let’s Encrypt did not go where necessary.Continue reading “How to change email after registering Certbot (Let’s Encrypt)”
Suppose we have a signed SSL certificate, or we will receive it from Let’s Encrypt, as I described in this article:
Installing Certbot in Ubuntu
To install an SSL certificate for iRedMail, you need to specify it in the Dovecot, Postfix and Apache2 configuration.Continue reading “Install SSL Certificate for iRedMail”
To use Let’s Encrypt in cPanel, you need to install a special plugin.
To do this, connect to the server by SSH and execute the command from the root user:
After installing the Let’s Encrypt plug-in, you can use it in the AutoSSL management menu (WHM >> Home >> SSL/TLS >> Manage AutoSSL).
If you need to remove the plugin, then run the command:
Установка Certbot в Ubuntu
On the test I will install ACME client Certbot in Ubuntu 16.04 (xenial), which will help to get Free SSL certificates Let’s Encrypt for 90 days and automatically update them.
For other versions of Ubuntu, the Certbot client is installed similarly.
The first step is to add the Certbot repository and perform the installation:
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-apache
Now run Certbot to get an SSL certificate:
sudo certbot --apache
To manually change the configuration of Apache2 and Certbot did not change it, you can run the following command:
sudo certbot --apache certonly
After running the command, you must select the site for which you want to request an SSL certificate.
After receiving the certificate, the following information was displayed:
– Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2018-08-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew *all* of
your certificates, run “certbot renew”
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
A separate site configuration file for HTTPS was created, but in that lines that redirected from HTTP to HTTPS were added, the general similar changes as I described in this article – Installing and Configuring Let’s Encrypt SSL.
To update automatically, run the following command:
sudo certbot renew
You can also add a command to Cron for automatic updates, see my article – Using and configuring CRON
Example of adding to Cron (every Monday at 3:15):
sudo crontab -e 15 3 * * 1 certbot renew >> /var/log/certbot-renew.log
Or to /etc/crontab:
15 7 * * 1 root certbot renew >> /var/log/certbot-renew.log
For a test update, you can run a command (configuration and certificates will not be affected):
sudo certbot renew --dry-run
If the certificate expires and the update is run, nothing will happen.
To update certificates, apache2 should also work on port 80.
To update the version of Certbot itself, run the following commands:
sudo apt update sudo apt install certbot