Installing SSL Certificate in Centos 6 with Zpanel and Mod_SSL

This will be a straight forward tutorial on how to install a SSL certificate in Centos 6 operating system. There are many tutorials out there which will show you how to achieve this. So why did I bother adding the same tutorial? Well, I tried installing a SSL certificate recently and ended up in all sorts of problems and there was no tutorial online which mentioned the steps required to achieve my goal. when you have zpanel installed in centos it becomes slightly complicated as locations of the files are slightly different.

This tutorial assumes that you will NOT be generating your own certificate. Although, the steps are not that different even if you are going down that route.

Lets begin Installing SSL Certificate in Centos 6 with Zpanel

first step… Install mod_ssl

1	yum install mod_ssl openssl

Next, Go to certs folder in centos 6

1	cd /etc/ssl/certs/

Next step generate a key and CSR with following command.

1	penssl req -nodes -newkey rsa:2048 -keyout namhuy_net.key -out namhuy_net.csr

Now you need a certificate. you can either create your own with open SSL which is not the best way to do it or you can buy a premium  one. They are cheap these days and won’t break your bank. I would recommendhttps://www.globessl.com/ (for $9/year)

Once you have the certificate most likely sent to you via email, copy these certificates in certs folder as above

You should receive your certificate as well as a crt bundle. We will need to merge these two and create a .pem file

So in vim create a new file xyz_cert.pem (make sure you are in location /etc/ssl/certs/)

1	touch xyz_cert.pem

Now these are the important steps, specially, if you have zPanel installed like me.

Now go to the location /etc/zpanel/configs/apache

and open file httpd-vhosts.conf in text editor

find a block similar to the one below for your domain in this file

1 2 3 4 5 6 7 8 9 10 11 12 13

<VirtualHost *:80> DocumentRoot "/var/zpanel/hostdata/zadmin/public_html/website" ServerName your-website.com ServerAlias www.your-website.com ErrorLog /var/log/httpd/website.com-error_log CustomLog /var/log/httpd/website.com-access_log common <Directory "/var/zpanel/hostdata/zadmin/public_html/website">         Options Indexes FollowSymLinks         AllowOverride all         Order allow,deny         allow from all </Directory> </VirtualHost>

copy this block and paste immediately below it and make few changes as below.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

<VirtualHost *:443> DocumentRoot "/var/zpanel/hostdata/zadmin/public_html/website" ServerName your-website.com:443 ErrorLog /var/log/httpd/website.com-error_log CustomLog /var/log/httpd/website.com-access_log common <Directory "/var/zpanel/hostdata/zadmin/public_html/website">     Options Indexes FollowSymLinks     AllowOverride all     Order allow,deny     allow from all </Directory>   SSLEngine on SSLOptions +StrictRequire SSLCertificateFile /etc/ssl/certs/xyz_cert.crt SSLCertificateKeyFile /etc/ssl/certs/xyz_cert.key SSLCertificateChainFile /etc/ssl/certs/xyz_cert.pem </VirtualHost>

Now restart apache

1	service httpd restart

When you try to restart apache you may receive an error similar to  one below:

1	default_ virtualhost overlap on port 443

———————————————————————————————————————

Only If you receive an error as above. Follow these steps:

solution is to edit ssl.conf file in /etc/httpd/conf.d and remove the entire virtual host definition.
make sure you back your ssl.conf file before editing.
you can use this command to make a copy of your ssl.conf file and call it ssl.conf.bak file:

1	cp ssl.conf ssl.conf.bak

What to edit in ssl.conf?

open you ssl.conf file in vim

find a very long block that reads

 <Virtualhost _default_:443>

#

#

</Virtualhost>

and comment out everything in between above block. Every single line that is not commented needs to be commented and there are many of them so be patient. (***reminder*** Back up your ssl.conf before doing this as you may regret not backing it up later)

now finally restart the apache.