AWS Monster | Your Technical Partner

By default, Webmin uses a self-signed SSL certificate so your web browser will warn you that the connection is not secure. You can accept the self-signed SSL certificate and proceed to the log in screen. Let's replace it with a valid certificate from Let's Encrypt. We have already generated Lets Encrypt SSL certificate for our Server FQDN using certbot. Please check the Let's Encrypt section for How to install Let's Encrypt for Server FQDN?  Click Here Open the configuration file and add the following : # systemctl stop webmin # vi /etc/webmin/miniserv.conf ssl=1 server=MiniServ/1.900 userfile=/etc/webmin/miniserv.users keyfile=/etc/letsencrypt/live/host.datahead.biz/privkey.pem certfile=/etc/letsencrypt/live/host.datahead.biz/fullchain.pem For CWP: keyfile=/etc/pki/tls/private/hostname.key certfile=/etc/pki/tls/certs/hostname.bundle # This will redirect from http to https ssl_redirect=1 Restart the Webmin Service: # systemctl restart webmin # systemctl

Auto_SSL location For Admin Panel: WeServer Settings >> SSL Certificates Auto_SSL location For User Panel: Domain >> AutoSSL Both are not working when i try install ssl certificate for my parent & sub-domain. Error Type: "ErrorErrorInvalid Domainfile_get_contents(/usr/local/cwp/.conf/vhosts-ssl.json): failed to open stream: No such file or directory" DNS Issues , .htacess issue Solutions: Goto Server Settings >> Change Hostname >> Click on Change Hostname Then Install Auto SSL from Admin Panel , Restart & Reload WebServer . If success then Install another Auto SSL for another sub-domain , If success then Okay . Now login to your user panel and Install AutoSSL .

I have two dedicated ip(s) on my CWP server, one is for shared and another is still alive . I have done Lets Encrypt successfully & there is no warning from any web-browser but SSL Labs (https://ssllabs.com/ssltest/) showing "SSL Inconsistent server configuration" and  I am checking my server that it showing "[ Error: SSL_ERROR_RX_RECORD_TOO_LONG in CWP ]"  . The Solution is simple . 1.Goto the templates directory and change it to as per your needs or use  <VirtualHost *:PORT_REPLACE> on apache.conf , apache_ssl.conf # cd /usr/local/cwpsrv/htdocs/resources/conf/web_servers/conf_templates/ # ll total 24 -rw-r--r-- 1 root root 799 Aug 28 2018 apache.conf - rw-r--r-- 1 root root 1142 Aug 28 2018 apache_ssl.conf -rw-r--r-- 1 root root 127 Oct 20 2017 named_conf.conf -rw-r--r-- 1 root root 707 Jun 27 2018 named_new_dns_zone.conf -rw-r--r-- 1 root root 1198 Jan 15 03:52 nginx_proxy_vhost.conf -rw-r--r-- 1 root root 1732 Jan 15 03:52 nginx_proxy_vhost

If you want use https always for Admin/User/Wemail panel , So You need to redirect http to https . For Admin Panel # vi /usr/local/cwpsrv/conf/cwpsrv.conf server { listen 2030; listen 2086; server_name localhost; return 301 https://$host:2031$request_uri; rewrite "/cwp_([0-9a-zA-Z]{32})/(.*)" /$2; For User Panel # vi /usr/local/cwpsrv/conf.d/users.conf server { listen 2082; server_name localhost; return 301 https://$host:2083$request_uri; rewrite "/cwp_([0-9a-zA-Z]{16})/(.*)" /$2; error_log logs/error_log debug; error_page 404 /index.php?error=404; For Webmail # vi /usr/local/cwpsrv/conf.d/webmail.conf server { listen 2095; server_name localhost; return 301 https://$host:2096$request_uri;

Check certificate expiry time to verify that renewal has worked: # openssl x509 -noout -dates -in /etc/letsencrypt/live/host.datahead.biz/cert.pem notBefore=Jan 12 13:16:11 2019 GMT notAfter=Apr 12 13:16:11 2019 GMT Add the Cron job # crontab -e 0 */12 * * * certbot renew --cert-name host.datahead.biz --renew-hook "systemctl restart httpd && systemctl restart cwpsrv" To test the renewal process, you can use the certbot --dry-run switch: # certbot renew --cert-name example.com --dry-run If there are no errors, it means that the renewal process was successful. Check the log: # tail -f /var/log/letsencrypt/letsencrypt.log n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU= -----END CERTIFICATE----- 2019-01-13 02:05:42,952:DEBUG:certbot.renewal:Dry run: skipping updating lineage at /etc/letsencrypt/live/host.datahead.biz 2019-01-13 02:05:42,954:DEBUG:certbot.updater:Skipping updaters in dry-run mode. 2019-01-13 02:05:42,955:DEBUG:certbot.renewal:

I wrote a blog on http://forum.centos-webpanel.com regarding Let's Encrypt SSL Certificate for CentOS Web Panel when "Letsencrypt Manager"   option was exist under  Apache Settings >> Letsencrypt Manager >> Install Letsencrypt . At Present CWP Team has been removed "Letsencrypt Manager"   that's why it will not renew any cert automatic . They made Auto SSL by default but Auto SSL grade is B and I'm not satisfied with Auto SSL. Previous Article Link :  Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working  N.B: I am using the below cipherlist  https://cipherli.st/ https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://wiki.mozilla.org/Security/Server_Side_TLS https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.0.2k-fips https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options https://ssldecoder.org/ So now