Setting up an SSL certificate for your hostname on CWP (CentOS Web Panel) ensures secure access to your server’s control panel, mail server, and other services.
By default, CWP provides an option to install an SSL certificate for the hostname using Let’s Encrypt
Prerequisites: #
- CWP Installed on your server. Check this guide on how to properly install CWP.
- A valid hostname with a fully qualified subdomain name such as
server.yourdomain.com. The hostname should point to your server’s IP address via DNS, and a ping test of it should return the server’s IP - Ensure your hostname is properly configured. You can access the server via SSH then check or set your hostname using this command:
hostnamectl set-hostname server.yourdomain.comA server with no hostname SSL will display an error message such as this below, when CWP is accessed using the hostname
Step 1: Verify Your Hostname in CWP #
- Log in to your CWP Admin Panel by use of these steps
- Go to Server Settings > Change Hostname as in the image bellow
- Here you need to verify that your hostname is correctly set. Ensure it’s a valid fully qualified sudomain, as in the image below.
- If the hostname is not valid, confirm that whatever you have points to your server’s IP. If not, change to a subdomain that points to the server’s IP or point what you have to the serve’s IP and do a ping test.
- Once you have confirmed that the hostname is valid and you have the success message as in the image above, click the blue button labeled Change Hostname
- CWP will automatically issue a hostname SSL when you click on this button, provided the subdomain that you have put there pings to the serve’s IP.
3. Enforce SSL redirection #
At this point, your hostname URL will be accessible with https if you explicitly type https in the browser. It will also be accessed with http if you type in http. However, the desired result is to have it to auto-redirect to https even if it is accessed with http hence need to redirect. Fix that as follows
- Access the server via SSH. Here is how to
- Open this file /usr/local/apache/htdocs/.htaccess using your favourite text editor, like vim or nano
vi /usr/local/apache/htdocs/.htaccessnano /usr/local/apache/htdocs/.htaccessIf you are using vi or vim, you will see a blank window like below, when you run the above command on your server
*You will then add the code below to the file, then save the file
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- Next, you need to restart cwp service and apache using these two command
systemctl reload cwpsrv
systemctl restart httpd
With those, your CWP hostname SSL is issued and you can now securely access your server using the hostname with https with redirection on. Email service will also work well and can be accessed securely
You may need to log out of the insecure session and log back in to CWP to see the https URL
Optionally. you may refer to this guide on how to Configure your CWP server for email use.