On the server is a site that wants to be both SSL and non SSL, this is not something that is natavily supported by Sentora/ZPanel, so what we did in SSL on Zpanel / Sentora will not work here (sad face) EXPLICITLY DON’T do that! if you have done it like that (by that I mean the VHost Override) undo it now, and re run the demon and apachectl restart.
In order for this to work both accessible in port 80 and port 443, you need to add a custom SSL-Vhost manually (this is not ZPanel or Sentora Default Vhost Config).
You can try this if you are planning to give you panel accessible to port 80 and 443:
- Do not touch the original VHOST
- Create a Vhost file called: http-ssl-vhost.conf (or whatever file name you want as long as it is .CONF) in “/etc/zpanel/configs/apache” with the following:
# DOMAIN: domain_name.com <virtualhost *:443> ServerName domain_name.com ServerAlias domain_name.com www.domain_name.com ServerAdmin [email protected]_name.co.uk DocumentRoot "/var/zpanel/hostdata/user_name/public_html/domain_name_com" php_admin_value open_basedir "/var/zpanel/hostdata/user_name/public_html/domain_name_com:/var/zpanel/temp/" php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec" ErrorLog "/var/zpanel/logs/domains/user_name/domain_name.com-error-ssl.log" CustomLog "/var/zpanel/logs/domains/user_name/domain_name.com-access-ssl.log" combined CustomLog "/var/zpanel/logs/domains/user_name/domain_name.com-bandwidth-ssl.log" common <Directory /> Options FollowSymLinks Indexes AllowOverride All Order Allow,Deny Allow from all </Directory> AddType application/x-httpd-php .php3 .php DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm # Custom Global Settings (if any exist) # Custom VH settings (if any exist) SSLEngine On SSLCertificateFile /etc/ssl/certs/domain_name.com/domain_name_com.crt SSLCertificateKeyFile /etc/ssl/certs/domain_name.com/domain_name_com.key SSLCACertificateFile /etc/ssl/certs/domain_name.com/gs_root.pem SSLCertificateChainFile /etc/ssl/certs/domain_name.com/gs_intermediate_ca.crt SSLProtocol -ALL +TLSv1 SSLHonorCipherOrder on SSLCipherSuite HIGH:!aNULL:!MD5 </virtualhost> # END DOMAIN: domain_name.com ################################################################
- Follow the instructions in this post regarding how to store certificates.
- Open your /etc/httpd/httpd.conf and insert this at the bottom:
# Custom SSL Apache config Include /etc/zpanel/configs/apache/httpd-ssl-vhosts.conf
- Make sure everything is correctly set… File, Path, and Configuration of your Cert and Key files.
- Final step is to restart your Apache Service “apachectl restart”
3 thoughts on “More SSL on Sentora / ZPanel”
Thank you so much for this. I didn’t use the last three lines (SSLProtocol, etc.) because I didn’t see them on any other posts, and it still worked OK. But this is the one perfect post that made everything work. Brilliant.
Useless post.
Few domains on the same server:
Starting httpd: [Tue Jul 04 15:17:11 2017] [warn] default VirtualHost overlap on port 443, the first has precedence
LOL
I have no idea how you have managed to get it wrong, but its my working setup