Getting started
What’s New
Roadmap
Octeth Training ProgramInstallation & Setup
Requirements
Architecture
Server Setup
Oempro InstallationCommunity Edition InstallSSL Certificates
Version Upgrade
TroubleshootingVideo Tutorials
Video TutorialsAdministration
Quick Walkthrough
Security
Sub Admin AccountsSettingsDelivery Servers
Global Segments
Global Custom Fields
Bounce Processing
Spam Complaints
Suppression List
Plug-Ins
Delivery ReportUser ManagementMaintenanceAudience Management
Introduction
Subscriber ListsCustom FieldsSegmentsSubscribers
Webhooks
Website Event TrackingEmail Marketing
Introduction
Auto RespondersEmail CampaignsSender Domain Man.
Journeys (Automation)Bounce ProcessingEmail PersonalizationFBL ProcessingEmail Builder IntegrationsEmail DeliverabilitySender Domain ManagementPlug-Ins & Add-Ons
AI Plug-InRSS Plug-InBounce Catcher Add-OnLink Proxy Add-OnDevelopers
Introduction
Single Sign On
APIPlug-In Development
DatabaseAdvanced
Reverse Proxy
CookbookHelp
Troubleshooting
Contact UsSSL Certificates
New SSL Certificate Initialization
To activate an SSL certificate and run Oempro over HTTPS, please follow the steps below.
On the server running Oempro v4.9.1+ Docker version, navigate to the Oempro directory and SSH into the oempro_haproxy container:
docker exec -ti oempro_haproxy bashRequest a Let’s Encrypt SSL certificate:
# For Octeth v5.5.5 and newer versions
certbot certonly -d oempro.domain.com \
--non-interactive --agree-tos --email support@octeth.com \
--preferred-challenges http --webroot -w /var/www/html
# For Octeth v5.5.4 and older versions
certbot certonly --standalone -d oempro.domain.com \
--non-interactive --agree-tos --email your@email.com \
--http-01-port=8888Certbot will verify the domain and then issue the certificate. Here’s an example output:
certbot certonly --standalone -d oempro.domain.com \
--non-interactive --agree-tos --email your@email.com \
--http-01-port=8888
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for oempro.domain.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/oempro.domain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/oempro.domain.com/privkey.pem
Your cert will expire on 2020-03-19. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: <https://letsencrypt.org/donate>
Donating to EFF: <https://eff.org/donate-le>To make the certificate usable by HAProxy, combine the certificates. Navigate to the opt/oempro/_dockerfiles/letsencrypt/live/ folder, and run:
cat mydomain.com/fullchain.pem mydomain.com/privkey.pem | tee mydomain.com/mydomain.com.pemEdit the _dockerfiles/haproxy.cfg file, uncomment the HTTPS related lines:
# Enable these lines if you have activated LetsEncrypt SSL
#bind *:443 ssl crt /etc/letsencrypt/live/mydomain.com/mydomain.com.pem
#redirect scheme https if !{ ssl_fc }Ensure that you replace mydomain.com with your actual domain.
.pem files separated by space. Example:# Enable these lines if you have activated LetsEncrypt SSL (multiple pem files)
#bind *:443 ssl crt /etc/letsencrypt/live/mydomain.com/mydomain.com.pem crt /etc/letsencrypt/live/mydomain.com/mydomain2.com.pem crt /etc/letsencrypt/live/mydomain.com/mydomain3.com.pem
#redirect scheme https if !{ ssl_fc }If you make changes to the haproxy.cfg file or Dockerfile-haproxy, follow these steps:
docker-compose build haproxy
docker-compose kill haproxy
docker-compose up -d haproxyDon’t forget to edit /opt/oempro/data/config.inc.php and change the value of APP_URL from http:// to https://
Adding New Domains To The SSL Certificate
To add a new domain to your existing SSL certificate, use the following command to expand your current SSL certificate:
# For Octeth v5.5.5 and newer versions
certbot certonly --expand -d oempro.domain.com \
--non-interactive --agree-tos --email support@octeth.com \
--preferred-challenges http --webroot -w /var/www/html
# For Octeth v5.5.4 and older versions
certbot certonly --standalone --expand -d existingdomain.com,newdomain.com --non-interactive --agree-tos --email your@email.com --http-01-port=8888SSL Certificate Renewals
For Octeth versions v5.5.2 and newer
For versions v5.5.2 and newer, the SSL certificate renewal process has been automated. Renewal tasks are managed directly within the application.
Ensure that the renewal job is enabled in the system's scheduled tasks. Review the scheduled tasks documentation for specific setup instructions.
For Octeth versions v5.5.1 and older
To renew the certificate every three months, execute this command inside the oempro_haproxy Docker container:
certbot renew --tls-sni-01-port=8888 --allow-subset-of-namesAfter renewing the certificate, run the following command to recombine the certificates:
cat mydomain.com/fullchain.pem mydomain.com/privkey.pem | tee mydomain.com/mydomain.com.pemTo apply changes, restart the HAProxy Docker container:
docker-compose build haproxy
docker-compose kill haproxy && docker-compose up -d haproxy
