********* only renew ***********
1) download certificate zip file from godaddy,
only 6e1dce9c9beeeed6.crt is we need.
Note: Never put private.key file at this folder, Only public.cer file
otherwise, goDaddy will revoke this SSL
2) upload crt file to cpanel. cpanel -- ssl , click certificate(CRT)
upload a new certificate, click choose file, choose xxx.crt(just downloaded).
3) install new crt, by click install.
---------------------------
4) node.js
copy xxx.crt from cpanel, to node.js
/bin/www/public.cert
Done
******************** full steps ***********************
godaddy SSL
ON Server
1) cpanel --------- click SSL/TLS
2) click
Certificate Signing Requests (CSR)
click Generate
3) copy first part: encoded CSR
ON godaddy
my product ------------ SSL certificate ----- click manage button
you should see your ssl certificate, click it.
Re-Key
Top menu, click repository,
3 big button, download, re-key, xxx. click re-key
3 plus + sign, click first +, past your CSR here.
Click Save button
at bottom, click "generate certificate" button.
Wait .................. hours? days?.........................
You got a email from godaddy, follow download link to download zip file.
zip file has 2 crt file.
Upload 2 crt file at cpanel. click SSL/STL
click
Certificates (CRT)
Upload a New Certificate
choose file, 2 crt.
then you upload crt.
at SSL/STL click
Manage Installed SSL Websites
click
Browse certificate, choose the new one you just uploaded.
then install.
Done
****** check certificate ******
https://ssltools.godaddy.com/views/certChecker
node express add SSL
1)
download private key file from cpanel ----- ssl/STL ---- private key---
click edit, copy encoded part into a new file. Save to /bin/www/private.key
2)
download certificate file, from godaddy, my product, SSL,
click download button, choose other type.
Only 1 file xxxx.crt is the one we need, copy to /bin/www/public.cert
you can copy past encoded certificate from cpanel---ssl , click Certificate(CRT), click edit,
copy encoded certificate
3)
/bin/www file add https code.
// readFileSync function must use __dirname get current directory
// require use ./ refer to current directory.
==================== redirect http:// to https:// ===============================
Because of domain transparentgov.net bind to IP, by default, user will get http://transparentgov.net
We must redirect all http://.... to https://..........
Other urls are automatically without this .htaccess file.
http://agv1.transparentgov.net will forward to https://transparentgov.net:3000 at google domain.
http://ms1.transparentgov.net will forward to https://transparentgov.net/mapserver1/viewer at google domain
pdfbay.org domain forward to https://transparentgov.net/glassgov1
so only .htaccess under cleargov1 need to update redirect.
cpanel ----- file manager ------
public_html/cleargov1/ folder,
setting (top right corner) ---- show hidden files
htaccess file must be at the folder you want redirect really happen !
Not public_html ( root ) folder.
update file
.htaccess
add following code, to bottom
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?transparentgov\.net
RewriteRule ^(.*)$ https://transparentgov.net/$1 [R,L]
cleargove1/.htaccess
Options -Indexes DirectoryIndex index.phpRewriteEngine On #RewriteBase / RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ RewriteRule . %1/%2 [R=301,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^.*$ index.php?qa-rewrite=$0&%{QUERY_STRING} [L] RewriteCond %{SERVER_PORT} 80 RewriteCond %{HTTP_HOST} ^(www\.)?transparentgov\.net RewriteRule ^(.*)$ https://transparentgov.net/cleargov1/$1 [R,L]
https://www.godaddy.com/help/redirect-my-website-to-https-in-cpanellinux-27870
Effect by restart apache service -----
whm ------ search 'restart' ----- find restart service section,
click 'HTTP server (apache)' --- click Yes.
https://www.webhostinghub.com/help/learn/website/ssl/force-website-to-use-ssl
==============End ====== redirect http:// to https:// ===============================
How do I Force my Website to use SSL?
From time to time we are asked how you can force your website visitors to view your website over https. For example, if a visitor access http://domain.com, you can force them to https://domain.com so that they are always using the SSL certificate.Please note, if you use the Premium Website Builder to create your site, please see our article on How to Force your Premium Website Builder site to use SSL.The following instructions gives you code to add to an .htaccess file. If your .htaccess file has existing code, then you shoud place the following code examples above the existing code of your .htaccess file so that the newly added code is executed first.How to force your visitors to use your Shared SSL Certificate
To force your visitors to use your Shared SSL certificate:
- log into your cPanel and access the redirects section
- Set Type to Permanent (301)
- Next to http://(www.)? choose the domain name you are working with
- Next to redirects to, enter your website's url using the Shared SSL Certificate
- We recommend having Redirect with or without www. selected, so that the user will be forced to use SSL whether they use domain.com or www.domain.com
- Ensure Wild Card Redirect is selected
- Click Add
When testing, we were redirecting example.com to https://secure21.webhostinghub.com/~whhsup5/You can see below how the rewrite was setup before we clicked "Add"When you save this redirect, cPanel actually sets up the redirect by editing your .htaccess file. You don't need to do anything further from here (other than test). If you were actually looking for the .htaccess code to perform this type of redirect, cPanel added the following code to the .htaccess file:RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{HTTP_HOST} ^example.com$ [OR] RewriteCond %{HTTP_HOST} ^www.example.com$ RewriteRule ^(.*)$ "https\:\/\/secure21\.webhostinghub\.com\/\~whhsup5\/$1" [R=301,L]How to force your visitors to use your Dedicated SSL certificate
If you try to setup a Dedicated SSL redirect using the same steps above, cPanel will fail with an error message, similar to:Redirecting to https://www.example.com/ will cause a redirection loop because 'http://example.com/'which is located at /home/whhsup5/public_html/is above 'https://www.example.com/'which is located at /home/whhsup5/public_html/The following changes to the .htaccess file will require that you make use of the edit options available within the cPanel. You will need to edit the .htaccess file to force the re-direct. Depending on your situation, you may need to re-direct all website traffic, only a specific domain, or a folder to use HTTPS.Forcing a specific domain to use HTTPS
To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{HTTP_HOST} ^abcd\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.xyz.com/$1 [R,L]In the .htaccess code above, if abcd.com website is accessed, it will re-direct to https://xyz.com You will need to replace abcd\.com with the domain name you're forcing to https and also replace www.xyz.comwith the domain name to where the website traffic will be re-directed. Here's an example:RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{HTTP_HOST} ^test-site\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.some-website.com/$1 [R,L]In the example above, any one typing in http://test-site.com will automatically be re-directed to https://some-website.com.Forcing all website traffic to use HTTPS
In order to force all web traffic to use HTTPS, use the following code in your .htaccess file. If you are hosting multiple websites on your account, it is possible to have an .htaccess file for each website. Make sure that you are editing the .htaccess file that is in the root folder where you want the re-direct to occur.RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]Be sure to replace www.yourdomain.com with your actual domain name.Forcing SSL on a specific folder
If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} folder RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]Make sure you change the folder reference to the actual folder name. Then be sure to replace www.yourdomain.com/folder with your actual domain name and folder you want to force the SSL on.If you need further assistance please feel free to ask a question on our support center website.
==================================================================================
free SSL install letsencrypt
Set --- apache default website.1) whm ----- search for apache configuration2) click -- DirectoryIndex Priority3) add --- /cleargov14) move up to top5) restart apache6) google domain DNS, can add A record @ , only need to put ip address, no sub-folder needed------------------------------7) install letsencrypt https://certbot.eff.org/lets-encrypt/centos6-apache
wget https://dl.eff.org/certbot-autochmod a+x certbot-autosudo /home/hoogw/certbot-auto --apache..............follow screen...........type 3 for transparentgov.nettype 1 for no- redirectthen you should successfully get ssl free certificate.IMPORTANT NOTES:- We were unable to set up enhancement redirect for your server,however, we successfully installed your certificate.- Congratulations! Your certificate and chain have been saved at:/etc/letsencrypt/live/transparentgov.net/fullchain.pemYour key file has been saved at:/etc/letsencrypt/live/transparentgov.net/privkey.pemYour cert will expire on 2018-10-21. To obtain a new or tweakedversion of this certificate in the future, simply run certbot-autoagain with the "certonly" option. To non-interactively renew *all*of your certificates, run "certbot-auto renew"Renew: just runsudo /home/hoogw/certbot-auto --apache certonlyAutomating renewal
try simulate renewsudo /home/hoogw/certbot-auto renew --dry-runif above works fine, we schedule job ( Not do yet, don't know how)/home/hoogw/certbot-auto renewgoogle search for "cpanel cron job"************************************************************************************************************************************************************putty:
// check domain ip[hoogw@server ~]$ dig +short transparentgov.net
104.238.125.233
// check subdomain ip [hoogw@server ~]$ dig +short ms1.transparentgov.net
ghs.googlehosted.com.
172.217.11.83
//above means subdomain ms1 not right.
// check name server [hoogw@server ~]$ dig +short transparentgov.net ns
ns-cloud-a4.googledomains.com.
ns-cloud-a2.googledomains.com.
ns-cloud-a3.googledomains.com.
ns-cloud-a1.googledomains.com.
//above means use google name server, not use cpanel subdomain.//so you have to setup A record on google domain
No comments:
Post a Comment