Iphutha le-CWP7 SSL?Igama lomethuleli lingasifaka kanjani isitifiketi samahhala se-Letsencrypt?

Ungasifaka kanjani isitifiketi samahhala se-Letsencrypt SSL SSL segama lomethuleli we-CWP7?

• lokhu Iphaneli yokulawula ye-CWP Igayidi ye-AutoSSL yokufaka ngokuzenzakalelayo izitifiketi zamahhala ze-Letsencrypt SSL.

Uma umlayezo wephutha we-CWP7 SSL "cwpsrv.service failed.", sicela upheqa isixazululo sesifundo esilandelayo▼

Iphaneli Yokulawula ye-CWP iphansi futhi ayikwazi ukufinyeleleka? Qala/Misa/Qalisa kabusha/Buka Amasevisi e-CWP

Qala/misa/qalisa kabusha/buka isimo sesevisi ye-CWP, engenziwa ngokusebenzisa le miyalo elandelayo: insiza ye-cwpsrv isiqalo sesevisi cwpsrv stop service cwpsrv restart service cwpsrv status Isevisi yephaneli yokulawula ye-CWP yehlulekile ukuqala...

Ungalishintsha kanjani igama lomethuleli ku-CWP?

Ake sithi igama lomethuleli wakho server.yourdomain.com

1. Okokuqala, dala isizinda esingaphansi kwe-CWP:server.yourdomain.com
2. Engeza irekhodi elingu-A ku-DNS, isizinda esingaphansi sikhomba kwakhoLinuxIkheli le-IP yeseva.
3. Iya kokuthi → Izilungiselelo ze-CWP → Shintsha Igama Lomethuleli kumenyu engakwesokunxele ye-cwp.admin ukuze ulondoloze igama lakho lomethuleli.

• I-SSL izofakwa ngokuzenzakalelayo, umbandela kuphela ukuthi usethe irekhodi le-DNS A legama lomethuleli.
• Uma ungenalo irekhodi elingu-A legama lomethuleli, i-CWP izofaka isitifiketi esizisayinele yona.
• Qaphela ukuthi igama lomethuleli kufanele libe isizinda esingaphansi kwesinye hhayi isizinda esikhulu.

Ku-http:// kuya ku-https:// ukuqondisa kabusha, ungakwazi/usr/local/apache/htdocs/.htaccessDala leli fayela le-htaccess:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I-Let Encrypt inegunya lesitifiketi elethulwa ngo-April 2016, 4, ngenhloso yokususa ukudalwa kwamanje mathupha, ukuqinisekiswa, ukusayinda, ukufakwa nokubuyekezwa kwezitifiketi zamawebhusayithi avikelekile.

Igama lomethuleli/FQDN Faka Isitifiketi se-Letsencrypt SSL

Isho ukuthini i-FQDN??

• I-FQDN (fully qualified domain name) Igama lesizinda elifaneleke ngokugcwele, okuyigama lesizinda eliphelele lekhompyutha ethile noma umsingathi ku-inthanethi.

Usifaka kanjani isicelo se-Let Encrypt?

Kunemojula entsha efakwe ku-CWP7 Imenyu Engakwesokunxele → Izilungiselelo Zeseva Yewebhu → Izitifiketi Ze-SSL, ukusuka lapho ungafaka izitifiketi ze-Letsencrypt zanoma yisiphi isizinda/isizinda esincane usebenzisa i-AutoSSL.

(Uma ukhetha Yakha Masibhale Ngemfihlo ngesikhathi esifanayo lapho wengeza igama lesizinda noma igama lesizinda esingaphansi kwesinye, ungeqa izinyathelo ezingenhla)

Izici zesitifiketi se-Letsencrypt SSL

• I-Letsencrypt yesizinda se-akhawunti eyinhloko kanye ne-www alias
• I-Letsencrypt yengeza igama lesizinda kanye ne-www. alias
• I-Letsencrypt yezizinda ezingaphansi kanye ne-www.alias
• I-Letsencrypt nayo ingafaka ngokwezifiso
• Hlola usuku lokuphelelwa yisikhathi kwesitifiketi
• vuselela ngokuzenzakalelayo
• Phoqa inkinobho yokuvuselela
• Ukutholwa okuzenzakalelayo kwe-Apache port 443

Ukuvuselela okuzenzakalelayo kwezitifiketi ze-Letsencrypt SSL

Ngokuzenzakalelayo, izitifiketi ze-Letsencrypt zisebenza izinsuku ezingama-90.

Ukuvuselela kuyazenzakalela futhi izitifiketi zivuselelwa ezinsukwini ezingama-30 ngaphambi kokuphelelwa yisikhathi.

Kunemojula entsha efakwe ku-CWP7 Imenyu Engakwesokunxele → Izilungiselelo Zeseva Yewebhu → Izitifiketi Ze-SSL, ukusuka lapho ungafaka izitifiketi ze-Letsencrypt zanoma yisiphi isizinda/isizinda esincane usebenzisa i-AutoSSL.

Hlela ifayela lokumisa ukuze umiselele indlela yesitifiketi se-SSL

Okulandelayo, udinga ukuhlela ifayela lokucushwa bese wengeza indlela eya kusitifiketi se-SSL (inothi ukuze ususe amazwana, futhi ushintshe indlela eya eyakho).

Hlela ifayela lokumisa le-cwpsrv ▼

/usr/local/cwpsrv/conf/cwpsrv.conf

Engeza kuBheka ukuqaphaImbobo ye-SSL ▼

listen 2812 ssl;

Kukhona nesigaba esilandelayo ▼

ssl_certificate /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;

Faka esikhundleni ngale ndlela elandelayo ▼

ssl_certificate /etc/pki/tls/certs/server.yourdomain.com.bundle;
ssl_certificate_key /etc/pki/tls/private/server.yourdomain.com.key;

Uma usuqedile, ungakhohlwa ukuqala kabusha insiza ye-cwpsrv ngomyalo olandelayo ▼

service cwpsrv restart

Bese uya kokuthi Izilungiselelo ZeWebserver → Isihleli Se-WebServers Conf → Apache → /usr/local/apache/conf.d/

Hlela iphrofayela ▼

hostname-ssl.conf

Faka isigaba esilandelayo ▼

ssl_certificate /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;

Faka esikhundleni ngale ndlela elandelayo ▼

ssl_certificate /etc/pki/tls/certs/server.yourdomain.com.bundle;
ssl_certificate_key /etc/pki/tls/private/server.yourdomain.com.key;

• Uma usebenzisa i-Nginx, udinga ukwenza okufanayo.

Bese uqala kabusha isevisi ye-Apache (ne-Nginx) futhi uqiniseke ukuthi isebenza njengenjwayelo?

systemctl restart httpd
systemctl restart nginx

Ekugcineni, vuselela isixhumanisi sokungena ukuze ubuke i-port 2087https:// server.yourdomain. com:2087/login/index.phpIngabe ikhona i-dongle?