Bobcares

Secure osTicket with Let’s Encrypt SSL Certificates – How we do it

by | Apr 6, 2021

Are you looking for steps to secure osTicket with Let’s Encrypt SSL Certificates? Take a peek at this blog.

Here at Bobcares, we have seen several such Let’s Encrypt SSL-related queries as part of our Server Management Services for web hosts and online service providers.

Today we’ll take a look at how to secure osTicket with Let’s Encrypt SSL Certificates.

 

How to secure osTicket with Let’s Encrypt SSL Certificates

Now let’s take a look at how our Support Engineers secure osTicket.

Here we are making use of Certbot to request SSL certificates from the Let’s Encrypt Certificate Authority. Since the tool is not available by default, we need to install it manually.

 

Step 1: Install certbot certificate generation tool

We run the below command to install certbot on Ubuntu /Debian:

# Install certbot on Ubuntu /Debian
sudo apt update

# Apache
sudo apt-get install python-certbot-apache

# Nginx
sudo apt-get install python-certbot-nginx

If you are using CentOS, then you can install certbot on CentOS 8 / CentOS 7 by running the below command.

# CentOS 8
## For Apache
sudo yum -y install python3-certbot-apache

## For Nginx
sudo yum -y install python3-certbot-nginx

# CentOS 7
## For Apache
sudo yum -y install python2-certbot-apache

## For Nginx
sudo yum -y install python2-certbot-nginx

 

Step 2: Updating osTicket Apache Configurations

We run the below command to obtain a single certificate using the /var/www/osTicket/upload webroot directory.

sudo certbot certonly --webroot -w /var/www/osTicket/upload -d osticket.bobcares.com

Then we enter an email address used for urgent renewal and security notices:

$ sudo certbot certonly --webroot -w /var/www/osTicket/upload -d osticket.bobcares.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): webmaster@bobcares.com

After that, we read and accept the terms of service by typing Y and hitting Enter.

Optionally, we can agree to share the email address with the Electronic Frontier Foundation:

Now the Let’s Encrypt certificate generation process should begin.

Then we update the Web Server osTicket configuration file to look as below:

$ cat /etc/httpd/conf.d/osticket.conf
<VirtualHost *:80>
ServerAdmin webmaster@bobcares.com
DocumentRoot /var/www/osTicket/upload
ServerName osticket.bobcares.com
ServerAlias www.osticket.bobcares.com
<Directory /var/www/osTicket/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>

ErrorLog /var/log/httpd/osticket_error.log
CustomLog /var/log/httpd/osticket_access.log combined
</VirtualHost>

We then back up the HTTP config file:

sudo cp /etc/httpd/conf.d/osticket.conf{,.bak}

After that, we open the file for editing by running the below command.

sudo vim /etc/httpd/conf.d/osticket.conf

Into it we paste the below contents to update the configuration:

# osTicket configuration using Let's Encrypt SSL
<VirtualHost *:80>
ServerName osticket.bobcares.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</virtualhost>
<VirtualHost *:443>
ServerAdmin webmaster@bobcares.com
DocumentRoot /var/www/osTicket/upload
ServerName osticket.bobcares.com
<Directory /var/www/osTicket/upload/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
ErrorLog /var/log/httpd/osticket_error.log
CustomLog /var/log/httpd/osticket_access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/osticket.bobcares.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/osticket.bobcares.com/privkey.pem
</VirtualHost>

Then we confirm configuration syntax is okay:

$ sudo /usr/sbin/httpd -t
Syntax OK

We then restart the webserver. Here is the command for it.

# Ubuntu / Debian
$ sudo a2enmod rewrite expires
$ sudo systemctl restart apache2

# CentOS / RHEL
$ sudo systemctl restart httpd

As a result, the service should return Running status:

$ systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/httpd.service.d
└─php-fpm.conf
Active: active (running) since Wed 2021-03-31 12:30:26 UTC; 8s ago
Docs: man:httpd.service(8)
Main PID: 9299 (httpd)
Status: "Started, listening on: port 443, port 80"
Tasks: 213 (limit: 11232)
Memory: 27.7M
CGroup: /system.slice/httpd.service
├─9299 /usr/sbin/httpd -DFOREGROUND
├─9301 /usr/sbin/httpd -DFOREGROUND
├─9302 /usr/sbin/httpd -DFOREGROUND
├─9303 /usr/sbin/httpd -DFOREGROUND
└─9304 /usr/sbin/httpd -DFOREGROUND

Mar 31 12:30:26 osticket.bobcares.com systemd[1]: httpd.service: Succeeded.
Mar 31 12:30:26 osticket.bobcares.com systemd[1]: Stopped The Apache HTTP Server.
Mar 31 12:30:26 osticket.bobcares.com systemd[1]: Starting The Apache HTTP Server...
Mar 31 12:30:26 osticket.bobcares.com systemd[1]: Started The Apache HTTP Server.
Mar 31 12:30:26 osticket.bobcares.com httpd[9299]: Server configured, listening on: port 443, port 80

Then we run the below command to renew the certificate.

$ sudo /usr/bin/certbot renew

 

Step 3: Access osTicket Web Portal

We open osTicket web portal to confirm if the website is loaded with https.

If we click on the lock button then we can see if the connection is secure or not.

We can click on “More Information” to get more details about the certificate. We can see the SSL details and confirm the installation of the SSL certificate.

[Need any further assistance with Let’s Encrypt SSL-related queries? – We’re available 24*7]

 

Conclusion

Today, we saw how our Support Engineers secure osTicket with Let’s Encrypt SSL Certificates.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF