Getting started
Installation & Setup
Administration
Audience Management
Email Marketing
Plug-Ins & Add-Ons
Developers
Advanced
Help
SSL Certificates
New SSL Certificate Initialization
If you want to activate SSL certificate and run Oempro with https://, please follow the listed steps below.
On the server that runs Oempro v4.9.1+ Docker version, go to the Oempro directory and then SSH login to the “oempro_haproxy” container:
$ docker exec -ti oempro_haproxy bash
Request the Let’s Encrypt SSL certificate:
certbot certonly --standalone -d oempro.domain.com \
--non-interactive --agree-tos --email your@email.com \
--http-01-port=8888
Certbot will verify the domain and then issue the certificate. Here’s an example output:
$ certbot certonly --standalone -d oempro.domain.com \
> --non-interactive --agree-tos --email your@email.com \
> --http-01-port=8888
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for oempro.domain.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/oempro.yourdomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/oempro.yourdomain.com/privkey.pem
Your cert will expire on 2020-03-19. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
In order to make the certificate usable by HAProxy, you need to combine certificates. Go to oempro/_dockerfiles/letsencrypt/live/ folder, and run;
$ cat mydomain.com/fullchain.pem mydomain.com/privkey.pem | tee mydomain.com/mydomain.com.pem
Edit the _dockerfiles/haproxy.cfg file, uncomment HTTPS related two lines:
# Enable these two lines if you have activated LetsEncrypt SSL
#bind *:443 ssl crt /etc/letsencrypt/live/mydomain.com/mydomain.com.pem
#redirect scheme https if !{ ssl_fc }
Make sure that you have replaced mydomain.com with your actual domain.
TIP: If you’ve multiple certificates to set for HAProxy, add .pem files separating by space. Example:
# Enable these two lines if you have activated LetsEncrypt SSL (multiple pem files)
#bind *:443 ssl crt /etc/letsencrypt/live/mydomain.com/mydomain.com.pem crt /etc/letsencrypt/live/mydomain.com/mydomain2.com.pem crt /etc/letsencrypt/live/mydomain.com/mydomain3.com.pem
#redirect scheme https if !{ ssl_fc }
If you make a change on haproxy.cfg file or on Dockerfile-haproxy file, simply follow these steps:
$ docker-compose build haproxy
$ docker-compose kill haproxy
$ docker-compose up -d haproxy
Don’t forget to edit /opt/oempro/data/config.inc.php and change the value of APP_URL from “http://” to “https://”
Adding New Domains To The SSL Certificate
If you would like to add a new domain to your existing SSL certificate, simply use the following command to expand your current SSL certificate:
certbot certonly --standalone --expand -d <certificate_name>,<new_domain_to_add> --non-interactive --agree-tos --email your@email.com --http-01-port=8888SSL Certificate Renewals
To renew the certificate every three months, run this command inside oempro_haproxy Docker container:
$ certbot renew --tls-sni-01-port=8888 --allow-subset-of-names
After renewing the certificate, run the following command:
$ cat mydomain.com/fullchain.pem mydomain.com/privkey.pem | tee mydomain.com/mydomain.com.pem
To apply changes, restart the HAProxy Docker container:
$ docker-compose build haproxy
$ docker-compose kill haproxy && docker-compose up -d haproxy
©Copyright Octeth, Inc. All rights reserved.