Within the Siteworx Interface for each account i can easily generate an SSL Certificate with “Generate All With Let’s Encrypt” - unfortunately this option isn’d available for the Nodeworx - “Server - SSL Certificates”.
Is there any workaround to get the Letsencrypt SSL Certificate for the Server itself?
The easiest way is to create a siteworx account for the server hostname, create the SSL and then copy the cert to nodeworx ssl
This is because the server hostname is not a siteworx account
You can view all the SSL files from siteworx SSL, copy them and then goto nodeworx, SSL and delete the current SSL cert, create new and paste accordingly on each
I’ve always had a SW account for my server’s host mostly for mail reasons. It probably would not have occurred to me I could just paste the LE certificate like that, so thanks from me too John!
Just tried it but as i have the DNS entries already (it’s a productive system, currently with GoDaddy SSL Cert) so i can’t create a new NodeWorxs account.
In addition i just saw that i use a SAN certificate for that and with the GUI i just can issue standard SSL certificates.
Can i just create the SSL certificates manually (found the binaries of letsencrypt in /root/.local/…) or would that screw up the system?
Thanks,
Thomas
[QUOTE=d2d4j;29172]Hi thomas
The easiest way is to create a siteworx account for the server hostname, create the SSL and then copy the cert to nodeworx ssl
This is because the server hostname is not a siteworx account
You can view all the SSL files from siteworx SSL, copy them and then goto nodeworx, SSL and delete the current SSL cert, create new and paste accordingly on each
Hi Thomas
Many thanks, and yes, you can create SSL manually using LE, but please be careful
The method I mentioned above, is not creating a Nodeworx Account, it is creating a siteworx account, which matches the hostname of the server, and therefore no DNS entries would have been made in IW. eg hostname myserver.url, create siteworx account called myserver.url
Then login to your hostname siteworx account, and create LE SSL, once SSL is created, view the private key, and make a copy, and do the same with the SSL and chains.
Then go back to your nodeworx admin account, goto server SSL, and click update SSL, then select all areas of change you want, and past the private key, the SSL (including chains) and other details you need, save and restart services.
I have included 2 pics to show you if it helps.
PLease note though, LE SSL is not a wildcard SSL, and ofcourse, you will need to renew every 3 Months I think it is
I hope that helps a little
Many thanks
John
LE is only on siteworx accounts, and not on nodeworx
You can copy and paste the SSL setup by LE into the nodeworx SSL but you would need to do this every time is renews
I think LE requires a siteworx account for its DNS settings, which confirms the domain is live and pointed at your server, but I think this maybe a good feature to have for nodeworx, so I’ll email IW this thread so you have credit
Thanks John for the quick reply, I sucessfully generated the LE cert in siteworx, this will work and auto renew by cron - as You described.
If I’m right I only have to copy this into nodeworx in every 3 month because the LE cron is working only in siteworx. It will be a great feature if it is also can auto renew like in siteworx
HPKP (HTTP Public Key Pinning) is against MITM attack, you can read more here. As I know, the Let’s Encrypt plugin generates everything on renew it is not possible to have “fixed” public keys. It is possible to generate certificate manually with certonly --csr commands but as I know it will not work with automatic renew.
Careful I think you have an error in your script with a space in !eN ULL which should be !eNULL. *** Funny, it displays ok in edit mode but when I read the post it show a space that appear in the copy paste as well.
/** cypher=‘HIGH:MEDIUM:!EXPORT:!SSLv2:!ADH:!aNULL:!eN ULL:!NULL:!LOW’ **/
[QUOTE=marco114;29637]Here’s a bash script I just completed to copy the siteworx SSL certificates to nodeworx SSL and update all the services automatically. It would be nice if it ran right after the renewal process
This assumes you already have a siteworx account with the same domain name as your control panel on the same server. It will work with LetsEncrypt.
Note that RETURN is intentional so that it creates the CHAIN in the next line down.
I’ve implemented this on my servers and so far seems to be working well, but I did make a few tweaks ? mainly just the paths to the Let’s Encrypt SSL certs. I’m running CentOS so that might make a difference.
#!/bin/bash
# Copies Let's Encrypt certificates from SiteWorx account to the server SSL certs
interworxUser="INSERT__NODEWORX_EMAIL__HERE"
siteworxDomain="INSERT__DOMAIN_HERE__INLOWERCASE"
key=$(cat "/etc/letsencrypt/live/$siteworxDomain/privkey.pem")
sslcrt=$(cat "/etc/letsencrypt/live/$siteworxDomain/cert.pem")
chain=$(cat "/etc/letsencrypt/live/$siteworxDomain/chain.pem" "/etc/letsencrypt/live/$siteworxDomain/fullchain.pem")
cypher='HIGH:MEDIUM:!EXPORT:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW'
# this needs to be 2 lines
nodeworx -u "$interworxUser" -o pretty -n -v -c Ssl --ssl_ciphersuite $cypher --key "$key" --crt "$sslcrt
$chain" --restart_now 1 --services all --action updateall