Bobcares

SolusVM Letsencrypt certificate – Steps to secure your SolusVM server

by | Mar 7, 2019

Anything exposed to the internet is likely to be attacked.

So, it’s important to have a secure communication channel. And, SSL certificates play a great role in securing websites and control panels.

At Bobcares, we help server owners install SSL certificates on their websites and control panels as part of our Server Administration Services.

Today, let’s discuss how our Support Engineers install Letsencrypt certificate on a SolusVM server.

Solusvm Letsencrypt certificate – What’s this & Why it’s needed?

First, let’s get an idea on Letsencrypt certificate and why it’s needed.

When the web server communicates with the browser, the data transfer takes place in an unencrypted channel. In other words, this communication channel is highly insecure, and an attacker can easily grab the sensitive information. That’s where SSL certificate plays it’s role. It encrypts the whole communication channel.

Server owners can now use Letsencrypt certificates to secure their websites and control panels like SolusVM. These are free SSL certificates that secure the communication channel. However, Letsencrypt certificates should be renewed every 90 days.

Now, let’s see why Letsencrypt is needed for SolusVM control panel. With an invalid SSL certificate on the SolusVM master, the client will receive insecure SSL warning when they access the SolusVM control panel. So, SSL certificate is critical for SolusVM control panel.

 

Solusvm Letsencrypt certificate – How to install it?

Now, let’s see how our Dedicated Engineers install Letsencrypt certificate on a SolusVM server.

1) Verify the hostname of the server

Firstly, our Support Engineers verify that the SolusVM server has a valid hostname. Otherwise, we can’t fetch the SSL certificate for the hostname.

We always suggest customers to set a Fully Qualified Domain Name(FQDN) for their servers. In addition to that, we confirm the hostname has a valid A record. In other words, the server hostname should resolve properly. For instance, we use the dig command to confirm the hostname has valid A records.

dig server.hostname.com

2) Install Letsencrypt certificate

Installing Letsencrypt certificate on a SolusVM server involves a series of steps. Our Support Engineers commonly use ACME script(Automatic Certificate Management Environment) or Certbot utility to install Letsencrypt certificate on a SolusVM master server. Let’s see both cases in detail.

a) Using ACME

Here are the steps to install and renew Letsencrypt on SolusVM server using ACME script.

i) Install ACME script

Firstly, our Support Experts download and install the ACME script on the server. This script is available in repositories like Github.

For example, on Linux servers, we use the wget or curl command to download and install the ACME script.

wget -O - https://get.acme.sh | sh
curl https://get.acme.sh | sh

 

This installs the script on the user account and adds an alias as well. Most importantly, we logout from the current SSH session and login again to update the shell path.

In addition to that, this script checks for folder .verification in the location /usr/local/solusvm/www. So, our Support Experts ensure that this folder is created and have proper permissions.

 

ii) Request SSL certificate

The next step is to issue the SSL certificate using this ACME script. This script validates the domain over an http connection. For example, we use the below command to get the SSL certificate.

acme.sh --issue -d server.hostname.com -w /usr/local/solusvm/www/.verification

 

Here, replace server.hostname with the hostname of the SolusVM master server.

 

iii) Install SSL certificate

The next step is to install the Letsencrypt certificate on the SolusVM master server. Our Support Engineers install it using the below script.

acme.sh --installcert -d server.hostname.com --keypath /usr/local/svmstack/nginx/ssl/ssl.key --fullchainpath /usr/local/svmstack/nginx/ssl/ssl.crt

 

This will install the SSL certificate and private key to the location /usr/local/svmstack/nginx/ssl/.

Further, we restart the web server and the sshwebsocket, and then generate the ssl.pem file using the below command.

acme.sh --reloadcmd "service svmstack-nginx restart; /usr/local/svmstack/sshwebsocket/quit; /usr/local/svmstack/sshwebsocket/port_check; cd /usr/local/svmstack/nginx/ssl && cat ssl.key ssl.crt > ssl.pem"

 

iv) Setup a cron for auto renewal

The Letsencrypt certificate needs renewal every 90 days. However, this acme.sh script setup a cron job to automatically renew any certificates on the server. Our Support Engineers verify that the below cron job is added in the server using crontab -e command.

0 0 * * * "/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null

 

b) Using Certbot utility

Alternatively, our Support Experts sometimes use Certbot client to install and renew Letsencrypt certificates on Linux servers. Let’s see how we use it for installing Letsenrypt certificates.

i) Install Certbot

Firstly, our Support Engineers install Certbot client on the server. This is usually available in the EPEL repository. So, we first configure EPEL respositry and install Certbot client. For example, on CentOS servers, we install it using the below command.

yum install certbot

 

Similarly, on Ubuntu servers, we install certbot using the below command.

apt-get install certbot

 

ii) Create SSL certificate

Secondly, our Support Engineers create the certificate file using the below command.

certbot certonly --webroot -w /usr/local/solusvm/www/ -d server.hostname.com

 

Here, give the path of the document root after -w and the SolusVM hostname after -d.

Here, Certbot creates a folder named .well-known/acme-challenge in the document root. The Letsencrypt validation server makes HTTP requests to this directory to ensure that DNS is correctly pointing to the server where Certbot is running. Once this is complete, a new SSL certificate will be generated.

Finally, we combine the certificate and private key in one file.

 

iii) Install SSL certificate

Further, we update the server configuration to use the new certificate. Here, we make sure that the server hostname, document root, SSL certificate, CA bundle, etc. are intact. Also, we restart the web server to reflect these changes.

Moreover, we also re-configure the server configuration to redirect all non-https traffic to https site.

 

iv) Cron for Certificate renewal

Letsencrypt certificate is valid for 90 days. So, frequent renewal is needed for these certificates. Our Support Experts always advise customers to set up cron jobs to automatically renew SSL certificates. We can renew Letsencrypt certificates using the below command.

certbot renew

 

This will renew all the certificates that will expire in less than 30 days. So, our Server Experts configure cron jobs to run this command at frequent intervals.

[Need help in installing Letsencrypt certificate on your SolusVM server? Our Server Experts can help you here.]

Conclusion

In short, installing Letsencrypt certificate on SolusVM involves a series of steps. Today, we’ve discussed how our Dedicated Support Engineers install Letsencrypt certificate on a SolusVM master server.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF