Today, a website installed with ssl certificate is no stranger to us. Not only does it make the site look secure, it also helps with SEO. If you have installed Centmin Mod on your VPS, you don’t know how to enable LetsEncrypt with Centmin Mod?
Ok, it’s no problem, we will guide you how to enable LetsEncrypt with Centmin Mod on your VPS.
How to enable LetsEncrypt with Centmin Mod?
Step 1. Enable Let’s Encrypt with custom Config.
Right now acmetool.sh is in beta testing so is disabled by default. To enable it, edit or create your persistent config file at /etc/centminmod/custom_config.inc and add the below variable to enable acmetool.sh.
LETSENCRYPT_DETECT='y'
Step 2. Install acmetool
Then use acmetool.sh to install the acme.sh Letsencrypt client and the automated auto Letsencrypt SSL renewal cronjob script which will auto renew your Letsencrypt SSL certificate every 60 days.
cd /usr/local/src/centminmod/addons ./acmetool.sh acmeinstall
After pressing enter you will be notified acmetool is in the testing phase, if any errors during use can respond via the link.
https://centminmod.com/acmetool
------------------------------------------------- acmetool.sh is in beta testing phase please read & provide bug reports & feedback for this tool via the forums https://centminmod.com/acmetool ------------------------------------------------- continue [y/n] ? y
Click “y” to continue installing acmetool.
After pressing “y” the installation process will begin.
Step 3. Issue a free Letsencrypt SSL certificate
Now you can proceed to use acmetool.sh to create the Nginx vhost site demo.howvps.com + issue a free Letsencrypt SSL certificate via the underlying acme.sh client.
cd /usr/local/src/centminmod/addons ./acmetool.sh issue demo.howvps.com lived
If you need to force a reissue of Letsencrypt SSL certificate before it’s expiry date, use reissue command instead.
cd /usr/local/src/centminmod/addons ./acmetool.sh reissue demo.howvps.com lived
Below is an example of successfull Letsencrypt SSL certificate issuance and Centmin Mod Nginx HTTP/2 based HTTPS default site creation as well as saved to log files in /etc/centminlogs. You can use https://dev.ssllabs.com/ssltest/ to test the site’s HTTPS setup for errors etc. Note, if you’re behind Cloudflare and use HTTPS default site setup, you would want to switch from Cloudflare Flexible SSL to Full SSL or Full SSL (strict).
./acmetool.sh issue demo.howvps.com lived
-----------------------------------------------------
updating acme.sh client...
-----------------------------------------------------
[Tue Jan 24 07:21:38 UTC 2017] Installing to /root/.acme.sh
[Tue Jan 24 07:21:38 UTC 2017] Installed to /root/.acme.sh/acme.sh
[Tue Jan 24 07:21:38 UTC 2017] Installing alias to '/root/.bashrc'
[Tue Jan 24 07:21:38 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
[Tue Jan 24 07:21:38 UTC 2017] Installing alias to '/root/.cshrc'
[Tue Jan 24 07:21:38 UTC 2017] Installing alias to '/root/.tcshrc'
[Tue Jan 24 07:21:38 UTC 2017] Installing cron job
59 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Tue Jan 24 07:21:38 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Jan 24 07:21:38 UTC 2017] OK
https://github.com/Neilpang/acme.sh
v2.6.6
-----------------------------------------------------
acme.sh updated
-----------------------------------------------------
demo.howvps.com nginx vhost + pureftp virtual ftp user setup
/usr/bin/nv -d demo.howvps.com -s ydle -u *********
---------------------------------------------------------------
Nginx Vhost Setup...
---------------------------------------------------------------
FTP password auto generated: *********
Password:
Enter it again:
---------------------------------------------------------------
SSL Vhost Setup...
---------------------------------------------------------------
---------------------------------------------------------------
Generating self signed SSL certificate...
CSR file can also be used to be submitted for paid SSL certificates
If using for paid SSL certificates be sure to keep both private key and CSR safe
creating CSR File: demo.howvps.com.csr
creating private key: demo.howvps.com.key
creating self-signed SSL certificate: demo.howvps.com.crt
Generating a 2048 bit RSA private key
................................................+++
...+++
writing new private key to 'demo.howvps.com.key'
-----
No value provided for Subject Attribute C, skipped
No value provided for Subject Attribute ST, skipped
No value provided for Subject Attribute L, skipped
Signature ok
subject=/O=demo.howvps.com/OU=demo.howvps.com/CN=demo.howvps.com
Getting Private key
---------------------------------------------------------------
Generating backup CSR and private key for HTTP Public Key Pinning...
creating CSR File: demo.howvps.com-backup.csr
creating private key: demo.howvps.com-backup.key
Generating a 2048 bit RSA private key
.................+++
...........................................................................................+++
writing new private key to 'demo.howvps.com-backup.key'
-----
---------------------------------------------------------------
Generating dhparam.pem file - can take a few minutes...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
...++*++*
dhparam file generation time: 106.744755009
-------------------------------------------------------------
/usr/local/src/centminmod/tools/autoprotect.sh
generated nginx include file [same]: /usr/local/nginx/conf/autoprotect/demo.howvps.com/autoprotect-demo.howvps.com.conf
autoprotect.sh run completed skipped nginx restart...
Restarting nginx (via systemctl): [ OK ]
systemctl restart pure-ftpd.service
-------------------------------------------------------------
FTP hostname : 107.170.215.183
FTP port : 21
FTP mode : FTP (explicit SSL)
FTP Passive (PASV) : ensure is checked/enabled
FTP username created for demo.howvps.com : *********
FTP password created for demo.howvps.com : *********
-------------------------------------------------------------
vhost for demo.howvps.com created successfully
domain: http://demo.howvps.com
vhost conf file for demo.howvps.com created: /usr/local/nginx/conf/conf.d/demo.howvps.com.conf
vhost ssl for demo.howvps.com created successfully
domain: https://demo.howvps.com
vhost ssl conf file for demo.howvps.com created: /usr/local/nginx/conf/conf.d/demo.howvps.com.ssl.conf
/usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.crt.key.conf created
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.crt
SSL Private Key: /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.key
SSL CSR File: /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.csr
Backup SSL Private Key: /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-backup.key
Backup SSL CSR File: /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-backup.csr
upload files to /home/nginx/domains/demo.howvps.com/public
vhost log files directory is /home/nginx/domains/demo.howvps.com/log
-------------------------------------------------------------
Current vhost listing at: /usr/local/nginx/conf/conf.d/
Dec 27 15:58 2.5K virtual.conf
Jan 24 07:23 2.1K demo.howvps.com.conf
Jan 24 07:23 3.2K demo.howvps.com.ssl.conf
-------------------------------------------------------------
Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/demo.howvps.com
Jan 24 07:21 1.7K demo.howvps.com.key
Jan 24 07:21 989 demo.howvps.com.csr
Jan 24 07:21 1.2K demo.howvps.com.crt
Jan 24 07:21 1.7K demo.howvps.com-backup.key
Jan 24 07:21 989 demo.howvps.com-backup.csr
Jan 24 07:21 45 hpkp-info-primary-pin.txt
Jan 24 07:21 45 hpkp-info-secondary-pin.txt
Jan 24 07:23 424 dhparam.pem
Jan 24 07:23 374 demo.howvps.com.crt.key.conf
-------------------------------------------------------------
Commands to remove demo.howvps.com
pure-pw userdel *********
rm -rf /usr/local/nginx/conf/conf.d/demo.howvps.com.conf
rm -rf /usr/local/nginx/conf/conf.d/demo.howvps.com.ssl.conf
rm -rf /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.crt
rm -rf /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.key
rm -rf /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.csr
rm -rf /usr/local/nginx/conf/ssl/demo.howvps.com
rm -rf /home/nginx/domains/demo.howvps.com
service nginx restart
-------------------------------------------------------------
vhost for demo.howvps.com setup successfully
demo.howvps.com setup info log saved at:
/root/centminlogs/centminmod_240117-072138_nginx_addvhost_nv.log
-------------------------------------------------------------
backup & remove /usr/local/nginx/conf/conf.d/demo.howvps.com.conf
[self-signed ssl cert check] required by acmetool.sh
[self-signed ssl] /usr/local/nginx/conf/ssl/demo.howvps.com/dhparam.pem exists
[self-signed ssl] /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.crt exists
[self-signed ssl] /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.key exists
[sslvhostsetup] create /usr/local/nginx/conf/conf.d/demo.howvps.com.ssl.conf
[non-wp] backup & remove /usr/local/nginx/conf/conf.d/demo.howvps.com.conf
cat /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.crt.key.conf
ssl_dhparam /usr/local/nginx/conf/ssl/demo.howvps.com/dhparam.pem;
ssl_certificate /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.key;
#ssl_trusted_certificate /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-trusted.crt;
Reloading nginx configuration (via systemctl): [ OK ]
grep 'root' /usr/local/nginx/conf/conf.d/demo.howvps.com.conf
root /home/nginx/domains/demo.howvps.com/public;
grep 'root' /usr/local/nginx/conf/conf.d/demo.howvps.com.ssl.conf
root /home/nginx/domains/demo.howvps.com/public;
-----------------------------------------------------------
issue & install letsencrypt ssl certificate for demo.howvps.com
-----------------------------------------------------------
testcert value = lived
/root/.acme.sh/acme.sh --issue --days 60 -d demo.howvps.com -w /home/nginx/domains/demo.howvps.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-240117-072132.log --log-level 2
[Tue Jan 24 07:23:52 UTC 2017] Single domain='demo.howvps.com'
[Tue Jan 24 07:23:52 UTC 2017] Getting domain auth token for each domain
[Tue Jan 24 07:23:52 UTC 2017] Getting webroot for domain='demo.howvps.com'
[Tue Jan 24 07:23:52 UTC 2017] _w='/home/nginx/domains/demo.howvps.com/public'
[Tue Jan 24 07:23:52 UTC 2017] Getting new-authz for domain='demo.howvps.com'
[Tue Jan 24 07:23:54 UTC 2017] The new-authz request is ok.
[Tue Jan 24 07:23:54 UTC 2017] Verifying:demo.howvps.com
[Tue Jan 24 07:23:56 UTC 2017] Success
[Tue Jan 24 07:23:56 UTC 2017] Verify finished, start to sign.
[Tue Jan 24 07:23:57 UTC 2017] Cert success.
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISA1PXrpSKk854XylKViUSb8TdMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAxMjQwNjI0MDBaFw0x
NzA0MjQwNjI0MDBaMB8xHTAbBgNVBAMTFGh0dHAyLmNlbnRtaW5tb2QuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3CLTa0ITCPO0ATzSPurBxIT
77z1+UjqgcO0u+Zpwbr1fhNINcmtsfeo3UrNntD42RH8UqZEVdjMFQ0aMxb2WTlm
yLIB67G0N4X0RDl++90EcSzWZv4n60NFFybNGyNmXagtl+0ys5mlP37VhlrXd7c1
Il4mpB9PivYlQgxuAw59FjCy1mizjrJqrA4xZGtwXLoHP+VtAN5EUbc5WXcAJlHn
WcF2hYpTHFgHciyGwreXjEyC+r1r+xc67yghw3daFxdRqKpGVZ6/hf5+LgfuJBSd
X2Gk70CV7fQ6YQRfFy6hSQN+iCOUzVuxMSfRvP70+uWpU2aiIRDQKS58KvO60wID
AQABo4ICFTCCAhEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTWUhSbkoj1Xj2mXOAe
pl7b7IEqgzAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBwBggrBgEF
BQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
cnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2Vu
Y3J5cHQub3JnLzAfBgNVHREEGDAWghRodHRwMi5jZW50bWlubW9kLmNvbTCB/gYD
VR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB
m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs
eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn
L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBTWRwGwUjnWeaj8ifm7Apg
OZw7L2bRP8EGepjFwnxfHf38EC0GYRyYcv0taF3BuIDpn37ICbUaUkK4dvF/K4VE
pAUpdS0c0ikfAhu2rHqrhF2CR7L87EUke5Df3QFEZib5kjbXRIYBpo7C0gglGaQx
3R6vuqWjMceso9dFfixkGcrdAxeIlN5jrsHJyXpA9yZOj1Krr1lmbPD4B1947wgW
wPuLMqWm1+91zZl08LdvPFHfOsibQL+0UNX/Kh7ijVEn1Y2+kr6TyIOWXcdzUqEW
WOI8wta1FRJLvAlZQ8/X89HHIaQ9JlTZE35RCU0Uh4RX7g7pIIYcoqRUj8P9ESXI
-----END CERTIFICATE-----
[Tue Jan 24 07:23:57 UTC 2017] Your cert is in /root/.acme.sh/demo.howvps.com/demo.howvps.com.cer
[Tue Jan 24 07:23:57 UTC 2017] Your cert key is in /root/.acme.sh/demo.howvps.com/demo.howvps.com.key
[Tue Jan 24 07:23:57 UTC 2017] The intermediate CA cert is in /root/.acme.sh/demo.howvps.com/ca.cer
[Tue Jan 24 07:23:57 UTC 2017] And the full chain certs is there: /root/.acme.sh/demo.howvps.com/fullchain.cer
switch to HTTPS default after verification
setting HTTPS default in /usr/local/nginx/conf/conf.d/demo.howvps.com.ssl.conf
sed -i 's|^##x# HTTPS-DEFAULT|#x# HTTPS-DEFAULT|g' /usr/local/nginx/conf/conf.d/demo.howvps.com.ssl.conf
remove /usr/local/nginx/conf/conf.d/demo.howvps.com.conf
LECHECK = 0
ssl_dhparam /usr/local/nginx/conf/ssl/demo.howvps.com/dhparam.pem;
ssl_certificate /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.key;
ssl_trusted_certificate /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer;
-----------------------------------------------------------
install cert
-----------------------------------------------------------
/root/.acme.sh/acme.sh --installcert -d demo.howvps.com --certpath /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer --keypath /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.key --capath /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-fullchain-acme.key
[Tue Jan 24 07:23:57 UTC 2017] Installing cert to:/usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer
[Tue Jan 24 07:23:57 UTC 2017] Installing CA to:/usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer
[Tue Jan 24 07:23:57 UTC 2017] Installing key to:/usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.key
[Tue Jan 24 07:23:57 UTC 2017] Installing full chain to:/usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-fullchain-acme.key
[Tue Jan 24 07:23:57 UTC 2017] Run Le_ReloadCmd: /usr/bin/ngxreload
Reloading nginx configuration (via systemctl): [ OK ]
[Tue Jan 24 07:23:58 UTC 2017] Reload success
letsencrypt ssl certificate setup completed
ssl certs located at: /usr/local/nginx/conf/ssl/demo.howvps.com
openssl x509 -noout -text < /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:53:d7:ae:94:8a:93:ce:78:5f:29:4a:56:25:12:6f:c4:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Jan 24 06:24:00 2017 GMT
Not After : Apr 24 06:24:00 2017 GMT
Subject: CN=demo.howvps.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cb:70:8b:4d:ad:08:4c:23:ce:d0:04:f3:48:fb:
ab:07:12:13:ef:bc:f5:f9:48:ea:81:c3:b4:bb:e6:
69:c1:ba:f5:7e:13:48:35:c9:ad:b1:f7:a8:dd:4a:
cd:9e:d0:f8:d9:11:fc:52:a6:44:55:d8:cc:15:0d:
1a:33:16:f6:59:39:66:c8:b2:01:eb:b1:b4:37:85:
f4:44:39:7e:fb:dd:04:71:2c:d6:66:fe:27:eb:43:
45:17:26:cd:1b:23:66:5d:a8:2d:97:ed:32:b3:99:
a5:3f:7e:d5:86:5a:d7:77:b7:35:22:5e:26:a4:1f:
4f:8a:f6:25:42:0c:6e:03:0e:7d:16:30:b2:d6:68:
b3:8e:b2:6a:ac:0e:31:64:6b:70:5c:ba:07:3f:e5:
6d:00:de:44:51:b7:39:59:77:00:26:51:e7:59:c1:
76:85:8a:53:1c:58:07:72:2c:86:c2:b7:97:8c:4c:
82:fa:bd:6b:fb:17:3a:ef:28:21:c3:77:5a:17:17:
51:a8:aa:46:55:9e:bf:85:fe:7e:2e:07:ee:24:14:
9d:5f:61:a4:ef:40:95:ed:f4:3a:61:04:5f:17:2e:
a1:49:03:7e:88:23:94:cd:5b:b1:31:27:d1:bc:fe:
f4:fa:e5:a9:53:66:a2:21:10:d0:29:2e:7c:2a:f3:
ba:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D6:52:14:9B:92:88:F5:5E:3D:A6:5C:E0:1E:A6:5E:DB:EC:81:2A:83
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org/
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:demo.howvps.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
User Notice:
Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
Signature Algorithm: sha256WithRSAEncryption
53:59:1c:06:c1:48:e7:59:e6:a3:f2:27:e6:ec:0a:60:39:9c:
3b:2f:66:d1:3f:c1:06:7a:98:c5:c2:7c:5f:1d:fd:fc:10:2d:
06:61:1c:98:72:fd:2d:68:5d:c1:b8:80:e9:9f:7e:c8:09:b5:
1a:52:42:b8:76:f1:7f:2b:85:44:a4:05:29:75:2d:1c:d2:29:
1f:02:1b:b6:ac:7a:ab:84:5d:82:47:b2:fc:ec:45:24:7b:90:
df:dd:01:44:66:26:f9:92:36:d7:44:86:01:a6:8e:c2:d2:08:
25:19:a4:31:dd:1e:af:ba:a5:a3:31:c7:ac:a3:d7:45:7e:2c:
64:19:ca:dd:03:17:88:94:de:63:ae:c1:c9:c9:7a:40:f7:26:
4e:8f:52:ab:af:59:66:6c:f0:f8:07:5f:78:ef:08:16:c0:fb:
8b:32:a5:a6:d7:ef:75:cd:99:74:f0:b7:6f:3c:51:df:3a:c8:
9b:40:bf:b4:50:d5:ff:2a:1e:e2:8d:51:27:d5:8d:be:92:be:
93:c8:83:96:5d:c7:73:52:a1:16:58:e2:3c:c2:d6:b5:15:12:
4b:bc:09:59:43:cf:d7:f3:d1:c7:21:a4:3d:26:54:d9:13:7e:
51:09:4d:14:87:84:57:ee:0e:e9:20:86:1c:a2:a4:54:8f:c3:
fd:11:25:c8
log files saved at /root/centminlogs
-rw-r--r-- 1 root root 1.2K Jan 24 07:23 centminmod_240117-072138_nginx_addvhost_nv-remove-cmds-demo.howvps.com.log
-rw-r--r-- 1 root root 18K Jan 24 07:23 centminmod_240117-072138_nginx_addvhost_nv.log
-rw-r--r-- 1 root root 29K Jan 24 07:23 acmetool.sh-debug-log-240117-072132.log
-rw-r--r-- 1 root root 30K Jan 24 07:23 acmesh-issue_240117-072132.log
The resulting output lists the log files as well:
log files saved at /root/centminlogs -rw-r--r-- 1 root root 1.2K Jan 24 07:23 centminmod_240117-072138_nginx_addvhost_nv-remove-cmds-demo.howvps.com.log -rw-r--r-- 1 root root 18K Jan 24 07:23 centminmod_240117-072138_nginx_addvhost_nv.log -rw-r--r-- 1 root root 29K Jan 24 07:23 acmetool.sh-debug-log-240117-072132.log -rw-r--r-- 1 root root 30K Jan 24 07:23 acmesh-issue_240117-072132.log
Part of logged output is also the Nginx vhost site details, path to web root, log file path, self-signed SSL certificate info and pure-ftpd virtual ftp username/password which is generated before Letsencrypt SSL cert.
------------------------------------------------------------- FTP hostname : 107.170.215.183 FTP port : 21 FTP mode : FTP (explicit SSL) FTP Passive (PASV) : ensure is checked/enabled FTP username created for demo.howvps.com : ********* FTP password created for demo.howvps.com : ********* ------------------------------------------------------------- vhost for demo.howvps.com created successfully domain: http://demo.howvps.com vhost conf file for demo.howvps.com created: /usr/local/nginx/conf/conf.d/demo.howvps.com.conf vhost ssl for demo.howvps.com created successfully domain: https://demo.howvps.com vhost ssl conf file for demo.howvps.com created: /usr/local/nginx/conf/conf.d/demo.howvps.com.ssl.conf /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.crt.key.conf created /usr/local/nginx/conf/ssl_include.conf created Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.crt SSL Private Key: /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.key SSL CSR File: /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.csr Backup SSL Private Key: /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-backup.key Backup SSL CSR File: /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-backup.csr upload files to /home/nginx/domains/demo.howvps.com/public vhost log files directory is /home/nginx/domains/demo.howvps.com/log -------------------------------------------------------------
After Letsencrypt SSL issuance, additional Letsencrypt SSL certificate files are generated at /root/.acme.sh/demo.howvps.com/
-----END CERTIFICATE----- [Tue Jan 24 07:23:57 UTC 2017] Your cert is in /root/.acme.sh/demo.howvps.com/demo.howvps.com.cer [Tue Jan 24 07:23:57 UTC 2017] Your cert key is in /root/.acme.sh/demo.howvps.com/demo.howvps.com.key [Tue Jan 24 07:23:57 UTC 2017] The intermediate CA cert is in /root/.acme.sh/demo.howvps.com/ca.cer [Tue Jan 24 07:23:57 UTC 2017] And the full chain certs is there: /root/.acme.sh/demo.howvps.com/fullchain.cer
Which is that copied from /root/.acme.sh/demo.howvps.com/ to Nginx site’s directory at /usr/local/nginx/conf/ssl/demo.howvps.com/. And your Nginx vhost /usr/local/nginx/conf/conf.d/demo.howvps.com.ssl.conf is automatically updated for correct paths.
ssl_dhparam /usr/local/nginx/conf/ssl/demo.howvps.com/dhparam.pem; ssl_certificate /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer; ssl_certificate_key /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.key; ssl_trusted_certificate /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer;
Example of Centmin Mod Nginx HTTP/2 HTTPS vhost auto generated contents with only a 302 temporarily redirect for HTTP to HTTPS. Once you confirm all is working you can change return 302 to permanent 301 redirect return 301:
#x# HTTPS-DEFAULT
server {
server_name demo.howvps.com www.demo.howvps.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name demo.howvps.com www.demo.howvps.com;
include /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.crt.key.conf;
include /usr/local/nginx/conf/ssl_include.conf;
http2_max_field_size 16k;
http2_max_header_size 32k;
# mozilla recommended
ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
#add_header Alternate-Protocol 443:npn-spdy/3;
# before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
#add_header X-Frame-Options SAMEORIGIN;
#add_header X-Xss-Protection "1; mode=block" always;
#add_header X-Content-Type-Options "nosniff" always;
#spdy_headers_comp 5;
ssl_buffer_size 1369;
ssl_session_tickets on;
# enable ocsp stapling
resolver 8.8.8.8 8.8.4.4 valid=10m;
resolver_timeout 10s;
ssl_stapling on;
ssl_stapling_verify on;
# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;
# limit_conn limit_per_ip 16;
# ssi on;
access_log /home/nginx/domains/demo.howvps.com/log/access.log combined buffer=256k flush=5m;
error_log /home/nginx/domains/demo.howvps.com/log/error.log;
include /usr/local/nginx/conf/autoprotect/demo.howvps.com/autoprotect-demo.howvps.com.conf;
root /home/nginx/domains/demo.howvps.com/public;
# uncomment cloudflare.conf include if using cloudflare for
# server and/or vhost site
#include /usr/local/nginx/conf/cloudflare.conf;
include /usr/local/nginx/conf/503include-main.conf;
location / {
include /usr/local/nginx/conf/503include-only.conf;
# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;
# Enables directory listings when index file not found
#autoindex on;
# Shows file listing times as local time
#autoindex_localtime on;
# Enable for vBulletin usage WITHOUT vbSEO installed
# More example Nginx vhost configurations at
# http://centminmod.com/nginx_configure.html
#try_files $uri $uri/ /index.php;
}
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/php.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
include /usr/local/nginx/conf/vts_server.conf;
}
Which contains an include file which lists the actual paths to Letsencrypt SSL certificates at /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com.crt.key.conf.
ssl_dhparam /usr/local/nginx/conf/ssl/demo.howvps.com/dhparam.pem; ssl_certificate /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer; ssl_certificate_key /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.key; ssl_trusted_certificate /usr/local/nginx/conf/ssl/demo.howvps.com/demo.howvps.com-acme.cer;
How to use acmetool in Centmin Mod Menu
After installing acmetool successfully to create an SSL certificate from Let’s Encrypt, to use this tool still in the Centon Mod addon folder you use the command.
./acmetool.sh acme-menu
After using the above command, a menu will appear
--------------------------------------------------------
SSL Management
--------------------------------------------------------
1). acemtool.sh install
2). acmetool.sh update
3). acmetool.sh setup
4). Issue SSL Management
5). Renew SSL Management
6). Reissue SSL Management
7). Renew All Staging /Test Certs
8). Renew ALL Live Certs
9). Renew All Live Certs HTTPS Default
10). Exit
--------------------------------------------------------
Enter option [ 1 - 10 ]
This menu will include the functionality of the installed acmetool. In it to create an SSL certificate from Let’s Encrypt we use function number 4.
--------------------------------------------------------
Enter option [ 1 - 10 ] 4
--------------------------------------------------------
...
--------------------------------------------------------
SSL Issue Management
--------------------------------------------------------
1). Issue SSL Cert Staging/Test
2). Issue SSL Cert Staging/Test HTTPS Default
3). Issue SSL Cert Live
4). Issue SSL Cert Live HTTPS Default
5). Custom Webroot Issue SSL Cert Staging/Test
6). Custom Webroot Issue SSL Cert Staging/Test HTTPS Default
7). Custom Webroot Issue SSL Cert Live
8). Custom Webroot Issue SSL Cert Live HTTPS Default
9). S3 Issue SSL Cert
10). S3 Issue SSL Cert
11). S3 Issue SSL Cert
12). S3 Issue SSL Cert
13). Exit
--------------------------------------------------------
Enter option [ 1 - 13 ]
In the section for managing and creating SSL certificates, you only need to care about function number 3 or 4. I will try to create an SSL certificate using menu number 4 for testcentmin.ml domain.
Note: before creating the certificate, make sure that the domain points to the IP of the VPS.
--------------------------------------------------------
SSL Issue Management
--------------------------------------------------------
1). Issue SSL Cert Staging/Test
2). Issue SSL Cert Staging/Test HTTPS Default
3). Issue SSL Cert Live
4). Issue SSL Cert Live HTTPS Default
5). Custom Webroot Issue SSL Cert Staging/Test
6). Custom Webroot Issue SSL Cert Staging/Test HTTPS Default
7). Custom Webroot Issue SSL Cert Live
8). Custom Webroot Issue SSL Cert Live HTTPS Default
9). S3 Issue SSL Cert
10). S3 Issue SSL Cert
11). S3 Issue SSL Cert
12). S3 Issue SSL Cert
13). Exit
--------------------------------------------------------
Enter option [ 1 - 13 ] 4
--------------------------------------------------------
...
Enter SSL certificate domain name you want without www. prefix host: testcentmin.ml
-------------------------------------------------
acmetool.sh is in beta testing phase
please read & provide bug reports &
feedback for this tool via the forums
https://centminmod.com/acmetool
-------------------------------------------------
continue [y/n] ? y
-----------------------------------------------------
updating acme.sh client...
-----------------------------------------------------
Cloning into 'acme.sh'...
[Tue Sep 24 09:07:13 UTC 2019] It is recommended to install socat first.
[Tue Sep 24 09:07:13 UTC 2019] We use socat for standalone server if you use standalone mode.
[Tue Sep 24 09:07:13 UTC 2019] If you don't use standalone mode, just ignore this warning.
[Tue Sep 24 09:07:13 UTC 2019] Installing to /root/.acme.sh
[Tue Sep 24 09:07:13 UTC 2019] Installed to /root/.acme.sh/acme.sh
[Tue Sep 24 09:07:13 UTC 2019] Installing alias to '/root/.bashrc'
[Tue Sep 24 09:07:13 UTC 2019] OK, Close and reopen your terminal to start using acme.sh
[Tue Sep 24 09:07:13 UTC 2019] Installing alias to '/root/.cshrc'
[Tue Sep 24 09:07:13 UTC 2019] Installing alias to '/root/.tcshrc'
[Tue Sep 24 09:07:13 UTC 2019] Installing cron job
29 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Tue Sep 24 09:07:13 UTC 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Sep 24 09:07:14 UTC 2019] OK
https://github.com/Neilpang/acme.sh
v2.8.3
-----------------------------------------------------
acme.sh updated
-----------------------------------------------------
testcentmin.ml nginx vhost + pureftp virtual ftp user setup
/usr/bin/nv -d testcentmin.ml -s ydle -u QPECW1F3oQstbNN
---------------------------------------------------------------
Nginx Vhost Setup...
---------------------------------------------------------------
FTP password auto generated: 1I}6M4K^zx.|bi)%7DFvu
Password:
Enter it again:
---------------------------------------------------------------
SSL Vhost Setup...
---------------------------------------------------------------
--2019-09-24 09:07:18-- https://support.cloudflare.com/hc/en-us/article_attachments/201243967/origin-pull-ca.pem
Resolving support.cloudflare.com... 104.16.51.111, 104.16.55.111, 104.16.54.111, ...
Connecting to support.cloudflare.com|104.16.51.111|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2151 (2.1K) [application/x-x509-ca-cert]
Saving to: ‘/usr/local/nginx/conf/ssl/cloudflare/testcentmin.ml/origin.crt’
0K .. 100% 14.5M=0s
2019-09-24 09:07:18 (14.5 MB/s) - ‘/usr/local/nginx/conf/ssl/cloudflare/testcentmin.ml/origin.crt’ saved [2151/2151]
---------------------------------------------------------------
Generating self signed SSL certificate...
CSR file can also be used to be submitted for paid SSL certificates
If using for paid SSL certificates be sure to keep both private key and CSR safe
creating CSR File: testcentmin.ml.csr
creating private key: testcentmin.ml.key
creating self-signed SSL certificate: testcentmin.ml.crt
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = California
L = Los Angeles
O = testcentmin.ml
OU = testcentmin.ml
CN = testcentmin.ml
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = testcentmin.ml
DNS.2 = www.testcentmin.ml
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = testcentmin.ml
DNS.2 = www.testcentmin.ml
Generating a 2048 bit RSA private key
..................+++
..................+++
writing new private key to 'testcentmin.ml.key'
-----
DNS:testcentmin.ml, DNS:www.testcentmin.ml
Signature ok
subject=/C=US/ST=California/L=Los Angeles/O=testcentmin.ml/OU=testcentmin.ml/CN=testcentmin.ml
Getting Private key
---------------------------------------------------------------
Generating dhparam.pem file - can take a few minutes...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
................................................................................................................+.............................................................................................................+...............................................................................................................+...............................................................................................+.................................................................................................+...............................................................................................................................+..............................................................................................................................................+..............................................................................................................................+.......................................................................+..+...............................+...............................................+.....................................................................................................................++*++*
dhparam file generation time: 12.546216351
-------------------------------------------------------------
/usr/local/src/centminmod/tools/autoprotect.sh
generated nginx include file [same]: /usr/local/nginx/conf/autoprotect/demodomain.com/autoprotect-demodomain.com.conf
generated nginx include file [initial]: /usr/local/nginx/conf/autoprotect/testcentmin.ml/autoprotect-testcentmin.ml.conf
autoprotect.sh run completed skipped nginx reload...
Reloading nginx configuration (via systemctl): [ OK ]
Restarting nginx (via systemctl): [ OK ]
-------------------------------------------------------------
FTP hostname : 45.77.154.110
FTP port : 21
FTP mode : FTP (explicit SSL)
FTP Passive (PASV) : ensure is checked/enabled
FTP username created for testcentmin.ml : QPECW1F3oQstbNN
FTP password created for testcentmin.ml : 1I}6M4K^zx.|bi)%7DFvu
-------------------------------------------------------------
vhost for testcentmin.ml created successfully
domain: http://testcentmin.ml
vhost conf file for testcentmin.ml created: /usr/local/nginx/conf/conf.d/testcentmin.ml.conf
vhost ssl for testcentmin.ml created successfully
domain: https://testcentmin.ml
vhost ssl conf file for testcentmin.ml created: /usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf
/usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.crt.key.conf created
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.crt
SSL Private Key: /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.key
SSL CSR File: /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.csr
Backup SSL Private Key: /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-backup.key
Backup SSL CSR File: /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-backup.csr
upload files to /home/nginx/domains/testcentmin.ml/public
vhost log files directory is /home/nginx/domains/testcentmin.ml/log
-------------------------------------------------------------
Current vhost listing at: /usr/local/nginx/conf/conf.d/
Sep 21 16:34 1.1K demodomain.com.conf
Sep 21 16:59 1.4K virtual.conf
Sep 24 09:07 2.2K testcentmin.ml.conf
Sep 24 09:07 3.7K testcentmin.ml.ssl.conf
-------------------------------------------------------------
Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/testcentmin.ml
Sep 24 09:07 1.7K testcentmin.ml.key
Sep 24 09:07 1.2K testcentmin.ml.csr
Sep 24 09:07 1.6K testcentmin.ml.crt
Sep 24 09:07 424 dhparam.pem
Sep 24 09:07 332 testcentmin.ml.crt.key.conf
-------------------------------------------------------------
Commands to remove testcentmin.ml
pure-pw userdel QPECW1F3oQstbNN
rm -rf /usr/local/nginx/conf/conf.d/testcentmin.ml.conf
rm -rf /usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf
rm -rf /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.crt
rm -rf /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.key
rm -rf /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.csr
rm -rf /usr/local/nginx/conf/ssl/testcentmin.ml
rm -rf /home/nginx/domains/testcentmin.ml
rm -rf /root/.acme.sh/testcentmin.ml
rm -rf /root/.acme.sh/testcentmin.ml_ecc
rm -rf /usr/local/nginx/conf/pre-staticfiles-local-testcentmin.ml.conf
service nginx restart
-------------------------------------------------------------
vhost for testcentmin.ml setup successfully
testcentmin.ml setup info log saved at:
/root/centminlogs/centminmod_240919-090714_nginx_addvhost_nv.log
-------------------------------------------------------------
backup & remove /usr/local/nginx/conf/conf.d/testcentmin.ml.conf
[self-signed ssl cert check] required by acmetool.sh
[self-signed ssl] /usr/local/nginx/conf/ssl/testcentmin.ml/dhparam.pem exists
[self-signed ssl] /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.crt exists
[self-signed ssl] /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.key exists
[sslvhostsetup] create /usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf
[non-wp] backup & remove /usr/local/nginx/conf/conf.d/testcentmin.ml.conf
cat /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.crt.key.conf
ssl_dhparam /usr/local/nginx/conf/ssl/testcentmin.ml/dhparam.pem;
ssl_certificate /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml.key;
#ssl_trusted_certificate /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-trusted.crt;
Reloading nginx configuration (via systemctl): [ OK ]
grep 'root' /usr/local/nginx/conf/conf.d/testcentmin.ml.conf
root /home/nginx/domains/testcentmin.ml/public;
grep 'root' /usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf
root /home/nginx/domains/testcentmin.ml/public;
-----------------------------------------------------------
issue & install letsencrypt ssl certificate for testcentmin.ml
-----------------------------------------------------------
testcert value = lived
/root/.acme.sh/acme.sh --issue -d testcentmin.ml -d www.testcentmin.ml --days 60 -w /home/nginx/domains/testcentmin.ml/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-240919-090709.log --log-level 2
[Tue Sep 24 09:07:49 UTC 2019] Create account key ok.
[Tue Sep 24 09:07:49 UTC 2019] Registering account
[Tue Sep 24 09:17:50 UTC 2019] Registered
[Tue Sep 24 09:17:50 UTC 2019] ACCOUNT_THUMBPRINT='gXdjBkF1QcrNqtOTutlC5hSJxkHMdVs3hztWqLwH-GI'
[Tue Sep 24 09:17:50 UTC 2019] Creating domain key
[Tue Sep 24 09:17:50 UTC 2019] The domain key is here: /root/.acme.sh/testcentmin.ml/testcentmin.ml.key
[Tue Sep 24 09:17:50 UTC 2019] Multi domain='DNS:testcentmin.ml,DNS:www.testcentmin.ml'
[Tue Sep 24 09:17:50 UTC 2019] Getting domain auth token for each domain
[Tue Sep 24 09:17:52 UTC 2019] Getting webroot for domain='testcentmin.ml'
[Tue Sep 24 09:17:53 UTC 2019] Getting webroot for domain='www.testcentmin.ml'
[Tue Sep 24 09:17:53 UTC 2019] Verifying: testcentmin.ml
[Tue Sep 24 09:17:57 UTC 2019] Success
[Tue Sep 24 09:17:57 UTC 2019] Verifying: www.testcentmin.ml
[Tue Sep 24 09:18:00 UTC 2019] Success
[Tue Sep 24 09:18:00 UTC 2019] Verify finished, start to sign.
[Tue Sep 24 09:18:00 UTC 2019] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/67157997/1150853613
[Tue Sep 24 09:18:02 UTC 2019] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/04f3ac1bd1f956de5c7899ca7785e70f5f0d
[Tue Sep 24 09:18:02 UTC 2019] Cert success.
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgISBPOsG9H5Vt5ceJnKd4XnD18NMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MjQwODE4MDBaFw0x
OTEyMjMwODE4MDBaMBkxFzAVBgNVBAMTDnRlc3RjZW50bWluLm1sMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQg5zKiaLNC2GruutG2n/p0QVh4pL8K9
GZ8GkqkPUiZEmQFe85PG+wOBIVFJOQaynL5/GcONRwm/AdQtsfDGrNPymnwRS2TF
z+/B+dtIqZcWjHgk55Yw49xs8Qz46JkzpNT1G7sIQH5/V7XiIkvzUYMxIh3EDJcQ
i8PcChGuL58v3372OxBB5/gytF2nCRJmsBmxCGfcxr9jqYcZCsCOiNzYHBfUiia2
u3zbH+UsjX9nkZIeweDHFaiSzh2cUMsU4rgRf2Rk0dKY6zncGuoO6CcogcSmrDmK
tqR8cPkdldenWhCtuaoxV3cDxFefl6RX4y363VnvKRILhrlRIn+1kQIDAQABo4IC
eDCCAnQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTuCPDZ8ECfnIxL3EvZhRfDJrnp
NzAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRj
MGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5v
cmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5v
cmcvMC0GA1UdEQQmMCSCDnRlc3RjZW50bWluLm1sghJ3d3cudGVzdGNlbnRtaW4u
bWwwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEF
BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEFBgorBgEEAdZ5AgQC
BIH2BIHzAPEAdgB0ftqDMa0zEJEhnM4lT0Jwwr/9XkIgCMY3NXnmEHvMVgAAAW1i
kDQ5AAAEAwBHMEUCIQDGt1BopnZ2QK29hY6uzATwwMGB9/zGvFTt5b5GcQyXpgIg
CmBpQA2mFE5dnLXYacBoLJEAnlxvzKT8vL86VfyVtzUAdwBj8tvN6DvMLM8LcoQn
V2szpI1hd4+9daY4scdoVEvYjQAAAW1ikDQuAAAEAwBIMEYCIQD9CnVYIMwCnRDP
B2v3Uiw6nUUrmtIeFVZ6is06oo8mpwIhAKUzHxahsR9GRguCQgc09bQyRaORarIB
Lkbnm65KqMXVMA0GCSqGSIb3DQEBCwUAA4IBAQBxlio6bzX4FJ7m6bnP4ZO9OpG5
1K+eB4BkeLN0sA+bueF3rEsdixAx/j5NoBtHP9ltLrATwQqFmeMHigHo1sLb1dcp
Qf8l+uMpQPctc65wN0kuxlD7D8UOLMBQNTazTDdE5H5kFJQXedOVlpwn7hKwxBim
k0f3/abu3zpk11YUZ/m9tY8VzFc4aggFkcd+dls9asOWXVaEVD8kBSpRsjxMkuLj
MOBAZCrYOZFMleGhqHMvs6A2npM+ner5g9ACYnNhKWAw+CehDXS/8HCdqRgQb/Sk
uYNFfyqyJ4pam8aLqFL0wYv6daNReRY1y4UgSfSWQmyb/eXTAqlt0DsbqN9h
-----END CERTIFICATE-----
[Tue Sep 24 09:18:02 UTC 2019] Your cert is in /root/.acme.sh/testcentmin.ml/testcentmin.ml.cer
[Tue Sep 24 09:18:02 UTC 2019] Your cert key is in /root/.acme.sh/testcentmin.ml/testcentmin.ml.key
[Tue Sep 24 09:18:02 UTC 2019] The intermediate CA cert is in /root/.acme.sh/testcentmin.ml/ca.cer
[Tue Sep 24 09:18:02 UTC 2019] And the full chain certs is there: /root/.acme.sh/testcentmin.ml/fullchain.cer
switch to HTTPS default after verification
setting HTTPS default in /usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf
sed -i 's|^##x# HTTPS-DEFAULT|#x# HTTPS-DEFAULT|g' "/usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf"
sed -i "s|#x# server {| server {|" "/usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf"
sed -i "s|#x# | |" "/usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf"
sed -i "s|#x# server_name testcentmin.ml www.testcentmin.ml;| server_name testcentmin.ml www.testcentmin.ml;|" "/usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf"
sed -i "s|#x# return 302 https://testcentmin.ml$request_uri;| return 302 https://testcentmin.ml$request_uri;|" "/usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf"
sed -i "s|#x# include \/usr\/local\/nginx\/conf\/staticfiles.conf;| include \/usr\/local\/nginx\/conf\/staticfiles.conf;|" "/usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf"
sed -i "s|#x# }| }|" "/usr/local/nginx/conf/conf.d/testcentmin.ml.ssl.conf"
remove /usr/local/nginx/conf/conf.d/testcentmin.ml.conf
LECHECK = 0
ssl_dhparam /usr/local/nginx/conf/ssl/testcentmin.ml/dhparam.pem;
ssl_certificate /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-acme.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-acme.key;
ssl_trusted_certificate /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-acme.cer;
-----------------------------------------------------------
install cert
-----------------------------------------------------------
/root/.acme.sh/acme.sh --installcert -d testcentmin.ml -d www.testcentmin.ml --certpath /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-acme.cer --keypath /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-acme.key --capath /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-fullchain-acme.key
[Tue Sep 24 09:18:03 UTC 2019] Installing cert to:/usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-acme.cer
[Tue Sep 24 09:18:03 UTC 2019] Installing CA to:/usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-acme.cer
[Tue Sep 24 09:18:03 UTC 2019] Installing key to:/usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-acme.key
[Tue Sep 24 09:18:03 UTC 2019] Installing full chain to:/usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-fullchain-acme.key
[Tue Sep 24 09:18:03 UTC 2019] Run reload cmd: /usr/bin/ngxreload
Reloading nginx configuration (via systemctl): [ OK ]
[Tue Sep 24 09:18:03 UTC 2019] Reload success
letsencrypt ssl certificate setup completed
ssl certs located at: /usr/local/nginx/conf/ssl/testcentmin.ml
openssl x509 -noout -text < /usr/local/nginx/conf/ssl/testcentmin.ml/testcentmin.ml-acme.cer
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:f3:ac:1b:d1:f9:56:de:5c:78:99:ca:77:85:e7:0f:5f:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Sep 24 08:18:00 2019 GMT
Not After : Dec 23 08:18:00 2019 GMT
Subject: CN=testcentmin.ml
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a9:08:39:cc:a8:9a:2c:d0:b6:1a:bb:ae:b4:6d:
a7:fe:9d:10:56:1e:29:2f:c2:bd:19:9f:06:92:a9:
0f:52:26:44:99:01:5e:f3:93:c6:fb:03:81:21:51:
49:39:06:b2:9c:be:7f:19:c3:8d:47:09:bf:01:d4:
2d:b1:f0:c6:ac:d3:f2:9a:7c:11:4b:64:c5:cf:ef:
c1:f9:db:48:a9:97:16:8c:78:24:e7:96:30:e3:dc:
6c:f1:0c:f8:e8:99:33:a4:d4:f5:1b:bb:08:40:7e:
7f:57:b5:e2:22:4b:f3:51:83:31:22:1d:c4:0c:97:
10:8b:c3:dc:0a:11:ae:2f:9f:2f:df:7e:f6:3b:10:
41:e7:f8:32:b4:5d:a7:09:12:66:b0:19:b1:08:67:
dc:c6:bf:63:a9:87:19:0a:c0:8e:88:dc:d8:1c:17:
d4:8a:26:b6:bb:7c:db:1f:e5:2c:8d:7f:67:91:92:
1e:c1:e0:c7:15:a8:92:ce:1d:9c:50:cb:14:e2:b8:
11:7f:64:64:d1:d2:98:eb:39:dc:1a:ea:0e:e8:27:
28:81:c4:a6:ac:39:8a:b6:a4:7c:70:f9:1d:95:d7:
a7:5a:10:ad:b9:aa:31:57:77:03:c4:57:9f:97:a4:
57:e3:2d:fa:dd:59:ef:29:12:0b:86:b9:51:22:7f:
b5:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EE:08:F0:D9:F0:40:9F:9C:8C:4B:DC:4B:D9:85:17:C3:26:B9:E9:37
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:testcentmin.ml, DNS:www.testcentmin.ml
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
Timestamp : Sep 24 09:18:00.761 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:C6:B7:50:68:A6:76:76:40:AD:BD:85:
8E:AE:CC:04:F0:C0:C1:81:F7:FC:C6:BC:54:ED:E5:BE:
46:71:0C:97:A6:02:20:0A:60:69:40:0D:A6:14:4E:5D:
9C:B5:D8:69:C0:68:2C:91:00:9E:5C:6F:CC:A4:FC:BC:
BF:3A:55:FC:95:B7:35
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
Timestamp : Sep 24 09:18:00.750 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:FD:0A:75:58:20:CC:02:9D:10:CF:07:
6B:F7:52:2C:3A:9D:45:2B:9A:D2:1E:15:56:7A:8A:CD:
3A:A2:8F:26:A7:02:21:00:A5:33:1F:16:A1:B1:1F:46:
46:0B:82:42:07:34:F5:B4:32:45:A3:91:6A:B2:01:2E:
46:E7:9B:AE:4A:A8:C5:D5
Signature Algorithm: sha256WithRSAEncryption
71:96:2a:3a:6f:35:f8:14:9e:e6:e9:b9:cf:e1:93:bd:3a:91:
b9:d4:af:9e:07:80:64:78:b3:74:b0:0f:9b:b9:e1:77:ac:4b:
1d:8b:10:31:fe:3e:4d:a0:1b:47:3f:d9:6d:2e:b0:13:c1:0a:
85:99:e3:07:8a:01:e8:d6:c2:db:d5:d7:29:41:ff:25:fa:e3:
29:40:f7:2d:73:ae:70:37:49:2e:c6:50:fb:0f:c5:0e:2c:c0:
50:35:36:b3:4c:37:44:e4:7e:64:14:94:17:79:d3:95:96:9c:
27:ee:12:b0:c4:18:a6:93:47:f7:fd:a6:ee:df:3a:64:d7:56:
14:67:f9:bd:b5:8f:15:cc:57:38:6a:08:05:91:c7:7e:76:5b:
3d:6a:c3:96:5d:56:84:54:3f:24:05:2a:51:b2:3c:4c:92:e2:
e3:30:e0:40:64:2a:d8:39:91:4c:95:e1:a1:a8:73:2f:b3:a0:
36:9e:93:3e:9d:ea:f9:83:d0:02:62:73:61:29:60:30:f8:27:
a1:0d:74:bf:f0:70:9d:a9:18:10:6f:f4:a4:b9:83:45:7f:2a:
b2:27:8a:5a:9b:c6:8b:a8:52:f4:c1:8b:fa:75:a3:51:79:16:
35:cb:85:20:49:f4:96:42:6c:9b:fd:e5:d3:02:a9:6d:d0:3b:
1b:a8:df:61
log files saved at /root/centminlogs
-rw-r--r-- 1 root root 1.3K Sep 24 09:07 centminmod_240919-090714_nginx_addvhost_nv-remove-cmds-testcentmin.ml.log
-rw-r--r-- 1 root root 8.2K Sep 24 09:07 centminmod_240919-090714_nginx_addvhost_nv.log
-rw-r--r-- 1 root root 64K Sep 24 09:18 acmetool.sh-debug-log-240919-090709.log
-rw-r--r-- 1 root root 23K Sep 24 09:18 acmesh-issue_240919-090709.log
Above, I instructed you to install and use acmetool to create an SSL certificate from Let’s Encrypt for Centmin Mod. Because this addon is still in the testing process, so there is an error during use, you can comment below or go to the forum centmin mod to report an error.
