Valid [ROOT CA] SSL Certificate for Interworx control panel?


Hi deheleri

I don’t know lets encrypt, and have not had a look at your link, but will do so over the next few days when I have time.

To answer your question though, over a valid SSL been used for IW-CP, YES.

You set this from nodeworx, server, SSL. In fact my updated post from Sunday re hooks shows the correct position of setting the SSL and ciphers, which defunct the hook.

If you want to see a valid SSL been used for nodeworx and siteworx, have a look at 3sh.co.uk/nodeworx or siteworx

Many thanks

John

Sorry, here’s the link

Many thanks

John

http://forums.interworx.com/showpost.php?p=27901

Thanks it worked, I was able to paste the same RSA private key and Certificate text from my CA as my primary domain.

Accessing the site on the IP will just have a certificate error, it looks like SSL cannot be used on IPs starting November 1, 2015:
https://www.godaddy.com/help/phasing-out-intranet-names-and-ip-addresses-in-ssls-6935
https://www.digicert.com/internal-names.htm

Hi deheleri

Sorry, I did not think you could still get an SSL cert on an IP address. I thought that had been phased out a few years ago

Glad you’ve resolved it

Many thanks

John

Letsencrypt is very nice and I am currently thinking of creating a hook that generates a free ssl certificate automatically for every new siteworx-account:
I think you should integrate it in Interworx.

This is how it works:

Best regards

Alex

Hi arusa

Sounds good and you may want to email IW to ask.

I think though, you maybe better posting your hook so those that want to use it, can.

This is because not everyone may wish to have this or if lets encrypt suffer any outage/cease

Kudos to you and this is only my opinion

Many thanks

John

Let’s Encrypt Integration

So, a friend of mine asked me in an IRC channel if InterWorx was going to add Let’s Encrypt integration.

Right now, cPanel has a feature request over here for LE integration. Since this applies to both NodeWorx and SiteWorx, I figured posting the request here would be a better idea until someone moves it to the appropriate place.

One thing to be concerned about may be the e-mail that LE needs for contacting a site owner about their certs. You should probably ensure that it’s properly accounted for in our shared/reseller hosting environments for those of us who offer shared/reseller hosting.

I’m surprised a request hadn’t been posted here, as so far, LE is now in Open Beta as of December 3rd. We plan on implementing this but it’ll be a manual process, requiring us to temporarily stop the httpd server to do the standalone SSL cert install.

I’d personally prefer to have an InterWorx-tested LE implementation rather than one that I cobble together, especially since I suspect that presenting the UI for cert generation and the like would require working on IW itself. Which we obviously can’t do as per our Reseller agreement with IW.

Edit: And of course, someone’s already made a how-to for using LE with cPanel, here. So they’ve already got an implementation going… at least, for their API stuff.

If InterWorx wants to hold off on releasing a proper, official integration, you could drop an “unofficial” how-to yourself - that would be clever (it would be turning whoever attempts it into alpha testers). Perfect way to test out your implementation, especially against the staging server that LE has.

Hi kerio

Many thanks, and I’ll move your post to the bottom of the recent post over lets encrypt when I’m I front of my PC

To be honest, you need to add your post to ideas webpage on IW, where it gets voted on, which I cannot move to ideas page, as it is not part of forum.

Many thanks

John

[QUOTE=d2d4j;28117]Hi kerio

Many thanks, and I’ll move your post to the bottom of the recent post over lets encrypt when I’m I front of my PC

To be honest, you need to add your post to ideas webpage on IW, where it gets voted on, which I cannot move to ideas page, as it is not part of forum.

Many thanks

John[/QUOTE]

Dammit, I should’ve checked deeper for an existing thread. :stuck_out_tongue: I’ll also check and see if it’s present on the ideas webpage.

Edit: Checked; not present. Made an idea post, it’ll be a bit before somebody at IW posts the idea publicly.

I managed to get Let’s Encrypt working with InterWorx… unfortunately, not in an automated manner… and now I know why no one’s made a guide for it.

Getting it working for customer sites requires support from InterWorx for automated SSL regeneration as per LE requirements.

I kept hitting the “SSL Certificate key or file is not available or empty!” error every time I tried to enable it in a customer’s site after they agreed to be a guinea pig.

Let’s Encrypt works perfectly. Right up until you try editing the vhosts for a customer’s site resulting in the above error because at this point in time, there really isn’t a way to reliably and effectively install SSL certificates from Let’s Encrypt.

I ended up having to go to the SiteWorx front-end and installing the SSL certificates that way.

I don’t know exactly why it kept saying that


/etc/letsencrypt/live/domain.com/privkey.pem
/etc/letsencrypt/live/domain.com/fullchain.pem

was invalid or empty. It clearly exists. Is it a permissions issue? I don’t know.

But I noticed after I installed the SSL certificate and private key via Siteworx, the vhost_domain.com.conf now has:


  SSLEngine on
  SSLCACertificatePath /home/domain/var/domain.com/ssl
  SSLCertificateKeyFile /home/domain/var/domain.com/ssl/domain.com.priv.key
  SSLCertificateFile /home/domain/var/domain.com/ssl/domain.com.crt

Additionally, if you did the same thing with your NodeWorx’s SSL configs… you will have to install them via the front-end as well.

So… it works. But it doesn’t work perfectly yet. I’ll report back once I figure out how to resolve this issue. Just means I have to manually renew the SSL certificates.

Sidenote:

https://daedalus.eidolonhost.com:2443/nodeworx if you wanna check out LE live. It works, as you can obviously see.

Hi

Just a heads up to anyone wanting to try lets encrypt.

Interworx release candidate has a beta plugin for LE

Please be aware this is a beta plugin, so may have bugs.

Good work IW, you guys rock

Many thanks

John

[QUOTE=d2d4j;28255]Hi

Just a heads up to anyone wanting to try lets encrypt.

Interworx release candidate has a beta plugin for LE

Please be aware this is a beta plugin, so may have bugs.

Good work IW, you guys rock

Many thanks

John[/QUOTE]

Awesome. I will have our servers check into the RC tier. I should be able to provide pretty good feedback given my difficulties in installing it. :stuck_out_tongue:

Hi

LE works lovely, after testing LE today

It didn’t work so well yesterday when I first tried, but all praise to Jenna for looking into it for me, and for anyone trying LE themselves, you need to take note off:

The domain must be fully live on your server (ie the A records must resolve to your hosting server where the domain is setup as a siteworx account)

It does not matter if your server is natted, as long as the aliase external IP is the same external IP for DNS

I hope this helps

Many thanks

John

[QUOTE=d2d4j;28259]Hi

LE works lovely, after testing LE today

It didn’t work so well yesterday when I first tried, but all praise to Jenna for looking into it for me, and for anyone trying LE themselves, you need to take note off:

The domain must be fully live on your server (ie the A records must resolve to your hosting server where the domain is setup as a siteworx account)

It does not matter if your server is natted, as long as the aliase external IP is the same external IP for DNS

I hope this helps

Many thanks

John[/QUOTE]

Yup, the installer itself, if you do it manually, will say so itself. It’ll generate SNI errors or domain could not be authenticated or similar errors.

You can install SSL certificates generated on another server in order to sidestep that issue, but that’s more hassle than it’s worth unless you have serious issues in getting the LE ACME client to auth for you.

I’ve enabled LE plugin in Interworx, but I get errors… before that error, I got that /var/log/letsencrypt/letsencrypt.log was missing.

? is_file() expects parameter 1 to be a valid path, array given
A system error has occurred. Please try your request again in a few minutes.
If the error persists, please contact support.

Hi falconinternet

Please could I ask what distro your using and if you updated your distro if centos from an earlier version

I ask because we had a similar issue which was due to some old centos 5 not been updated to centos 6

I would think you would be best advised to open a support ticket as its beta

I hope that helps and please could you update your post when resolved, so it helps others

Many thanks

John

I am using CentOS 6.7, 64-bit all updates have been applied. This was a fresh CentOS 6 install and it’s pretty much un-molested. I already opened a ticket.

-marc

/home/interworx/bin/install-letsencrypt.sh, line 34 is missing an ending if statement (fi).

marc