AWS Monster | Your Technical Partner

Webmin is a modern, web control panel for any Linux machine. It allows you to administer your server through an simple interface. It’s one of the most popular open source hosting control panels. Webmin is largely based on Perl, running as its own process and web server. It defaults to TCP port 10000 for communicating, and can be configured to use SSL if OpenSSL is installed with additional required Perl Modules. In this tutorial we are going to show you, how to install Latest Webmin on CentOS 7 along with CentOS Webpanel .  It is really an easy task, just follow the steps bellow. Prerequisites To complete this tutorial, you will need: 1. CentOS Linux release 7.6.1810 (Core) 2. CWP7.admin , CWP version: 0.9.8.772 3. CSF Firewall Update the yum packages before Webmin installation # yum clean all # rm -rf /var/cache/yum # yum repolist # yum update -y Create Webmin repo # vi /etc/yum.repos.d/webmin.repo [Webmin] name=Webmin Distribution Neutral #baseurl=https://downlo

Auto_SSL location For Admin Panel: WeServer Settings >> SSL Certificates Auto_SSL location For User Panel: Domain >> AutoSSL Both are not working when i try install ssl certificate for my parent & sub-domain. Error Type: "ErrorErrorInvalid Domainfile_get_contents(/usr/local/cwp/.conf/vhosts-ssl.json): failed to open stream: No such file or directory" DNS Issues , .htacess issue Solutions: Goto Server Settings >> Change Hostname >> Click on Change Hostname Then Install Auto SSL from Admin Panel , Restart & Reload WebServer . If success then Install another Auto SSL for another sub-domain , If success then Okay . Now login to your user panel and Install AutoSSL .

I have two dedicated ip(s) on my CWP server, one is for shared and another is still alive . I have done Lets Encrypt successfully & there is no warning from any web-browser but SSL Labs (https://ssllabs.com/ssltest/) showing "SSL Inconsistent server configuration" and  I am checking my server that it showing "[ Error: SSL_ERROR_RX_RECORD_TOO_LONG in CWP ]"  . The Solution is simple . 1.Goto the templates directory and change it to as per your needs or use  <VirtualHost *:PORT_REPLACE> on apache.conf , apache_ssl.conf # cd /usr/local/cwpsrv/htdocs/resources/conf/web_servers/conf_templates/ # ll total 24 -rw-r--r-- 1 root root 799 Aug 28 2018 apache.conf - rw-r--r-- 1 root root 1142 Aug 28 2018 apache_ssl.conf -rw-r--r-- 1 root root 127 Oct 20 2017 named_conf.conf -rw-r--r-- 1 root root 707 Jun 27 2018 named_new_dns_zone.conf -rw-r--r-- 1 root root 1198 Jan 15 03:52 nginx_proxy_vhost.conf -rw-r--r-- 1 root root 1732 Jan 15 03:52 nginx_proxy_vhost

If you want use https always for Admin/User/Wemail panel , So You need to redirect http to https . For Admin Panel # vi /usr/local/cwpsrv/conf/cwpsrv.conf server { listen 2030; listen 2086; server_name localhost; return 301 https://$host:2031$request_uri; rewrite "/cwp_([0-9a-zA-Z]{32})/(.*)" /$2; For User Panel # vi /usr/local/cwpsrv/conf.d/users.conf server { listen 2082; server_name localhost; return 301 https://$host:2083$request_uri; rewrite "/cwp_([0-9a-zA-Z]{16})/(.*)" /$2; error_log logs/error_log debug; error_page 404 /index.php?error=404; For Webmail # vi /usr/local/cwpsrv/conf.d/webmail.conf server { listen 2095; server_name localhost; return 301 https://$host:2096$request_uri;

Check certificate expiry time to verify that renewal has worked: # openssl x509 -noout -dates -in /etc/letsencrypt/live/host.datahead.biz/cert.pem notBefore=Jan 12 13:16:11 2019 GMT notAfter=Apr 12 13:16:11 2019 GMT Add the Cron job # crontab -e 0 */12 * * * certbot renew --cert-name host.datahead.biz --renew-hook "systemctl restart httpd && systemctl restart cwpsrv" To test the renewal process, you can use the certbot --dry-run switch: # certbot renew --cert-name example.com --dry-run If there are no errors, it means that the renewal process was successful. Check the log: # tail -f /var/log/letsencrypt/letsencrypt.log n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU= -----END CERTIFICATE----- 2019-01-13 02:05:42,952:DEBUG:certbot.renewal:Dry run: skipping updating lineage at /etc/letsencrypt/live/host.datahead.biz 2019-01-13 02:05:42,954:DEBUG:certbot.updater:Skipping updaters in dry-run mode. 2019-01-13 02:05:42,955:DEBUG:certbot.renewal:

I wrote a blog on http://forum.centos-webpanel.com regarding Let's Encrypt SSL Certificate for CentOS Web Panel when "Letsencrypt Manager"   option was exist under  Apache Settings >> Letsencrypt Manager >> Install Letsencrypt . At Present CWP Team has been removed "Letsencrypt Manager"   that's why it will not renew any cert automatic . They made Auto SSL by default but Auto SSL grade is B and I'm not satisfied with Auto SSL. Previous Article Link :  Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working  N.B: I am using the below cipherlist  https://cipherli.st/ https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://wiki.mozilla.org/Security/Server_Side_TLS https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.0.2k-fips https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options https://ssldecoder.org/ So now

The biggest German email providers are currently running a big marketing campaign and promise secure email. They are using the same technique described on this page. After checking my logs, I can confirm that GMX-emails were delivered unencrypted on Aug 5, but arrived encrypted on Aug 6. Thanks to Mr. Snowden, we know two important facts about the world of security and email: First, most governments in the world will eavesdrop and store your communication, if they get the chance. They don't have a specific reason and the benefits are highly disputed. Second, your users can't/won't use PGP or S/MIME to encrypt their email. The job is left to admins. We need to maximize usability and compatibility, while ensuring that user data stays confidential. If you are running Postfix, I'd like to draw your attention to some useful settings that will protect your user's email in transit. If emails stay on the same server or the other server is secured as well, there is lit