Posts by kess

    Pour commencer, il faudrait analyser les logs...

    Après, il faudrait voir ce qu'on trouve écrit dans les fichier de config apache pour le domaine en question (SSL)...

    Regarde que le certificats sont ce que tu necessites et pas les anciennes...

    OK guys, it seems I found the way to renew certificates per cron job in the normal way.

    Thank you to vege.net for you hint here LetsEncrypt - SSL certificate is not valid but unfortunately it's not complete.


    The following little modifications, works for LE certificates and for paid certificates.

    Edit file /var/www/imscp/engine/PerlLib/iMSCP/OpenSSL.pm and instead of modifying line 134 as stated in the previous post, just add the little code below.

    Please let me know if it works for you also,

    bye Kess.

    1. Edit /etc/apache2/sites-enabled/00_nameserver.conf

    A. Substitute

    Code
    1. SSLProtocol all -SSLv2 -SSLv3

    with:

    Code
    1. SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

    B. Substitute

    Code
    1. SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

    with:

    Code
    1. SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256

    2. Restart apache2

    3. Test with ssllabs.com


    Your changes should be kept on reconfigurations also. If you need to reinstall or to run the installer again, you'll need to reapply these changes.


    Hope it helps,

    bye Kess.