Are you looking for steps to secure osTicket with Let’s Encrypt SSL Certificates? Take a peek at this blog.
Here at Bobcares, we have seen several such Let’s Encrypt SSL-related queries as part of our Server Management Services for web hosts and online service providers.
Today we’ll take a look at how to secure osTicket with Let’s Encrypt SSL Certificates.
How to secure osTicket with Let’s Encrypt SSL Certificates
Now let’s take a look at how our Support Engineers secure osTicket.
Here we are making use of Certbot to request SSL certificates from the Let’s Encrypt Certificate Authority. Since the tool is not available by default, we need to install it manually.
Step 1: Install certbot certificate generation tool
We run the below command to install certbot on Ubuntu /Debian:
# Install certbot on Ubuntu /Debian
sudo apt update
# Apache
sudo apt-get install python-certbot-apache
# Nginx
sudo apt-get install python-certbot-nginxIf you are using CentOS, then you can install certbot on CentOS 8 / CentOS 7 by running the below command.
# CentOS 8
## For Apache
sudo yum -y install python3-certbot-apache
## For Nginx
sudo yum -y install python3-certbot-nginx
# CentOS 7
## For Apache
sudo yum -y install python2-certbot-apache
## For Nginx
sudo yum -y install python2-certbot-nginx
Step 2: Updating osTicket Apache Configurations
We run the below command to obtain a single certificate using the /var/www/osTicket/upload webroot directory.
sudo certbot certonly --webroot -w /var/www/osTicket/upload -d osticket.bobcares.comThen we enter an email address used for urgent renewal and security notices:
$ sudo certbot certonly --webroot -w /var/www/osTicket/upload -d osticket.bobcares.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): webmaster@bobcares.comAfter that, we read and accept the terms of service by typing Y and hitting Enter.
Optionally, we can agree to share the email address with the Electronic Frontier Foundation:
Now the Let’s Encrypt certificate generation process should begin.
Then we update the Web Server osTicket configuration file to look as below:
$ cat /etc/httpd/conf.d/osticket.conf
ServerAdmin webmaster@bobcares.com
DocumentRoot /var/www/osTicket/upload
ServerName osticket.bobcares.com
ServerAlias www.osticket.bobcares.com
We then back up the HTTP config file:
sudo cp /etc/httpd/conf.d/osticket.conf{,.bak}After that, we open the file for editing by running the below command.
sudo vim /etc/httpd/conf.d/osticket.confInto it we paste the below contents to update the configuration:
# osTicket configuration using Let's Encrypt SSLServerName osticket.bobcares.com RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] ServerAdmin webmaster@bobcares.com DocumentRoot /var/www/osTicket/upload ServerName osticket.bobcares.com Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all Require all granted ErrorLog /var/log/httpd/osticket_error.log CustomLog /var/log/httpd/osticket_access.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/osticket.bobcares.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/osticket.bobcares.com/privkey.pem
Then we confirm configuration syntax is okay:
$ sudo /usr/sbin/httpd -t
Syntax OKWe then restart the webserver. Here is the command for it.
# Ubuntu / Debian
$ sudo a2enmod rewrite expires
$ sudo systemctl restart apache2
# CentOS / RHEL
$ sudo systemctl restart httpdAs a result, the service should return Running status:
$ systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/httpd.service.d └─php-fpm.conf Active: active (running) since Wed 2021-03-31 12:30:26 UTC; 8s ago Docs: man:httpd.service(8) Main PID: 9299 (httpd) Status: "Started, listening on: port 443, port 80" Tasks: 213 (limit: 11232) Memory: 27.7M CGroup: /system.slice/httpd.service ├─9299 /usr/sbin/httpd -DFOREGROUND ├─9301 /usr/sbin/httpd -DFOREGROUND ├─9302 /usr/sbin/httpd -DFOREGROUND ├─9303 /usr/sbin/httpd -DFOREGROUND └─9304 /usr/sbin/httpd -DFOREGROUND Mar 31 12:30:26 osticket.bobcares.com systemd[1]: httpd.service: Succeeded. Mar 31 12:30:26 osticket.bobcares.com systemd[1]: Stopped The Apache HTTP Server. Mar 31 12:30:26 osticket.bobcares.com systemd[1]: Starting The Apache HTTP Server... Mar 31 12:30:26 osticket.bobcares.com systemd[1]: Started The Apache HTTP Server. Mar 31 12:30:26 osticket.bobcares.com httpd[9299]: Server configured, listening on: port 443, port 80
Then we run the below command to renew the certificate.
$ sudo /usr/bin/certbot renew
Step 3: Access osTicket Web Portal
We open osTicket web portal to confirm if the website is loaded with https.
If we click on the lock button then we can see if the connection is secure or not.
We can click on “More Information” to get more details about the certificate. We can see the SSL details and confirm the installation of the SSL certificate.
[Need any further assistance with Let’s Encrypt SSL-related queries? – We’re available 24*7]
Conclusion
Today, we saw how our Support Engineers secure osTicket with Let’s Encrypt SSL Certificates.
0 Comments