Install SSL Certificate in Sentora

Step 1) Enable SSL on Apache

Login into your terminal as root.
sudo -i

Now enable SSL on Apache.
a2enmod ssl

Restart Apache.
service apache2 restart

Step 2) Copying SSL Certificates

Setup a FTP/SFTP account that links to the root folder of my Sentora Account ( /var/sentora/hostdata/zadmin/ ). Next fire up your favorite FTP software, mine happens to be Filezilla, and copy your certificates from the local computer to the FTP/SFTP server into the root of the directory. Please note that it will be best to use SFTP to copy the files from the local computer to the server. SFTP will encrypt all of the data between your local computer and the server whereas plain ole FTP will not.

Next we need to create a location for the SSL certificates to safely reside. I prefer for them to be in the /etc/apache2/ssl folder. The SSL folder does not exist out of the box so we will need to create it by giving the following command:
mkdir /etc/apache2/ssl

Now we need to copy our SSL certificates from our Sentora account root folder ( /var/sentora/hostdata/zadmin/ ) into the /etc/apache2/ssl folder.
cp /var/sentora/hostdata/zadmin/public_html/test-domain.crt /etc/apache2/ssl/
cp /var/sentora/hostdata/zadmin/public_html/test-domain.key /etc/apache2/ssl/
cp /var/sentora/hostdata/zadmin/public_html/test-domain-bundle.crt /etc/apache2/ssl/

Now that we have the SSL certificates copied over to their new home we can delete them from our Sentora account root FTP/SFTP access folder. Since FTP/SFTP access it open to the world it is best that we delete these files so that no one is able to access them from the outside world.
rm /var/sentora/hostdata/zadmin/public_html/test-domain.crt
rm /var/sentora/hostdata/zadmin/public_html/test-domain.key
rm /var/sentora/hostdata/zadmin/public_html/test-domain-bundle.crt

Step 3) Setup SSL Certificates in Sentora

Login into the Sentora Control Panel and navigate to the Admin tab and click “Module Admin” in the drop down.

Next under “Administration Modules” click the “Apache Config” link.


Next, scroll to the bottom of the page until you see the section called “Override a Virtual Host Setting”. Select the domain you would like to modify and click the “Select Vhost” button.

For the option “Port Override”, enter in 443. 443 is the port that HTTPS traffic travels on. Next, we need to check the box for “Forward Port 80 to Overridden Port”. This will put a redirect into the Vhost file that will redirect all HTTP (Port 80) traffic to HTTPS (Port 443).

Last, in the “Custom Entry” option, we need to put the following lines in:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/test-domain.crt
SSLCertificateKeyFile /etc/apache2/ssl/test-domain.key
SSLCertificateChainFile /etc/apache2/ssl/test-domain-bundle.crt

The line “SSLEngine On” tells that we are using SSL for this particular domain. The other three lines tell Apache where the SSL certificates are located. Once we have everything in the correct place we can select Save Vhost to save the configuration.

Step 5) Restart Sentora

Once you save everything you will notice that nothing will change and your new settings will seem not to work. That is because Sentora stores all of the settings inside of a database and has a daemon set to modify the data every 5 minutes or so. If you would like to manually run the daemon you can run the following command:
php -q /etc/sentora/panel/bin/daemon.php

Keep in mind by doing this you are restarting services so proceed with caution.

Once you have restarted Sentora your website should now be encrypted. To verify that it is being encrypted launch your favorite browser and make sure that the URL starts with https://

 Troubleshooting Tips

It best to backup at least the httpd.conf and the httpd-vhosts.conf file in the /etc/sentora/configs/apache/ directory trying any of these steps. In the event you do have problems this will give you a working baseline to go back to.

When you modify the “Custom Entry” and check the “Forward Port 80 to Overridden Port” you are eventually modifying the httpd-vhosts.conf file. Below is an example showing what is being modified. Below is an example of what is modified and what is new. What is modified is represented in red and what is new is represented in green. In the event, you do need to modify the httpd-vhosts.conf, manually do not use the daemon to restart Apache. Use service apache2 restart