# rm -rf /var/cache/yum/*
Month: February 2017
Introduction to FreeNAS
Let’s Encrypt on VirtualMIN
Guide to install FREE SSL certificate from Letsencrypt on Virtualmin & Webmin. 100% working.
I’ve been going at this for a little while but came up with the following steps to get it working.
*** 1. First install Let’s Encrypt script/programm. ***
Login to SSH and get root privileges (root/sudo -i):
cd /home/user/ && git clone https://github.com/letsencrypt/letsencrypt
OR
cd /root/ && git clone https://github.com/letsencrypt/letsencrypt
^^ This will download the Let’s Encrypt from github with executable script
*** 2. Create your directory where you will be saving your certificate later on. Reason for this is because Virtualmin has a protection where it only allows a certificate from the user/domains directory: ***
mkdir /home/MYUSERNAMEFORDOMAIN/ssl_certificates
*** 3. Setup your cronjobs by running: “sudo crontab -e” ***
It wil probably ask you which editor, i choose Nano, once in the editor enter the following somewhere on a new line (pick the option you choose on step 1!):
01 3 1 * * cd /home/user/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem
OR
01 3 1 * * cd /root/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/MYDOMAIN/public_html/ -d www.MYDOMAIN.net -d MYDOMAIN.net --authenticator webroot && cp /etc/letsencrypt/live/www.MYDOMAIN.net/cert.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/chain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/privkey.pem /home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem
^^ Above command will copy the certificates to the correct directory after requesting them (i gave a warning in step 2). It will do this every 1st of the month during the night. The reason we do this every month is because the certs are only valid 90 days and we have plenty of time to repair if something appears to be wrong with the cert later on..
Allright! The hard part is done!
*** 3.1 Please log into your Virtualmin admin panel, Select “Webmin -> System -> Scheduled Cron Jobs”. Go to your newly created Cronjob by clicking on it and select “RUN NOW”.
*** 4. in Virtualmin, select you domain and go to “Edit virtual server”, make sure that SSL is enabled under “Enabled features”.
*** 5. Under “Server configuration” go to “Manage SSL Certificate”. Select the tab “Update Certificate and Key” and under “Signed SSL certificate” select the option “File on server”, fill in the location of the certificate: "/home/MYUSERNAMEFORDOMAIN/ssl_certificates/cert.pem"
*** 6. Do the same for section “Matching private key”. Select: "/home/MYUSERNAMEFORDOMAIN/ssl_certificates/privkey.pem"
*** 7. Click on “Install Now”.
*** 8. Switch to tab “CA Certificate”, select “In file on server ” and fill in: "/home/MYUSERNAMEFORDOMAIN/ssl_certificates/fullchain.pem"
*** 9. Click on “Save Certificate”. ***
DONE! ! ! It will now update every month 🙂
Go to your website with HTTPS, what do you get??? 😀 🙂 😀
IF you run into any issues please let me know in the comments and i’ll try to help out!
NOTE: You can’t request a lot of different certificates. You will get the message: Too many certificates already issued for: xxx. If you want a lot of certificates for subdomains please consider using a paid wildcard certificate. Letsencrypt is a service to help out (starting/small) websites.
I used Remi repo and PHP7 seems to work perfect. This is what I did (if someone sees something bad, just say because I am not 100% sure if it is perfect, but here it works).
yum install scl-utils
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install php70
yum install php70-php-mysqlnd
yum install php70-php-curl
yum install php70-php-simplexml
yum install php70-php-devel php70-php-gd php70-php-json php70-php-mcrypt php70-php-mbstring php70-php-opcache php70-php-pear php70-php-pecl-apcu php70-php-pecl-geoip php70-php-pecl-imagick php70-php-pecl-json-post php70-php-pecl-memcache php70-php-pecl-xmldiff php70-php-pecl-zip php70-php-pspell php70-php-soap php70-php-tidy php70-php-xml php70-php-xmlrpc
With this you have PHP7 and all important extensions running next to the other PHP versions!
If anyone sees room for improvement, then I am very interested. Would be good information on this topic.
And I know it would be better to not use third party repos, but I could not find PHP7 for CentOS 7.2 then. Is it correct you only can get this with a third party (Remi) repo?
Also I hope it wasn’t a bad choice to choose this repo.
Had a hard time installing the php 5.6.x version on VirtualMIN
module php5.x-mysql missing… when loading your WordPress?? 😉
# yum install scl-utils
# yum -y update
# yum -y install php56-php-mysql
Installation done!
Now test your wordpress, set VirtualMIN domain to use PHP version 5.6.x!
NOTE: Must “Re-Check Configuration” after adding a new php version into VirtualMIN
> VirtualMIN > System Settings > Re-Check Configuration
The following PHP versions are available : 5.4.16 (/bin/php-cgi), 5.5.38 (/bin/php55-cgi), 5.6.30 (/bin/php56-cgi), 7.0.15 (/bin/php70-cgi)
Et voilà !