cPanel and Webmin - Apache Administration - SSL Configs

[sfriday02]

Dear Administrators,

I have a Cpanel VPS which is heavily customized with other apps (MS-SQL server, etc). I also have Webmin installed which allows you to make modifications
to Apache in a very easy way... But when I do make changes in Webmin, they work until I reboot the server.

I am fairly certain that Tailwatchd keeps reinstalling the old versions of files before, I made the changes on reboot.

Questions are as follows:
1) Is there a way to have tailwatchd ignore HTTPD.conf?
2) Can you reconfigure cpanel to use VHOST format for Apache files rather than the single all inclusive HTTPD.CONF which is hard to administer?
3) Is there a way to add mod_ssl to Easy Apache so that python-certbot-apache will install?
4) Is there a way to create a combined file from Letsencrypt files in the live directory?
5) Can you configure EA-PHP74-PHP-FPM to have a single sock for the entire server rather than per account as the cpanel instructions discuss?

 

[cPRex]

Hey there! In order to not miss anything I'll go through these individually for you :D

1 - Tailwatch is part of the monitoring service and would not be related to changes to the Apache configuration on the system. You can find more details about that tool here:

TailWatch | cPanel & WHM Documentation

The TailWatch driver monitors a log file for certain activities and then performs actions based on the activity.

docs.cpanel.net

You aren't able to make direct edits to the Apache configuration on a cPanel server, so these are likely being overwritten by some other process on the machine.

2 - There is not a way to make this change on cPanel machines.
3 - mod_ssl is available through EasyApache, but integrating the certbot tools with cPanel isn't something we officially support. Other users have done some testing with this and you can find some details on this here: AutoSSL with Let's Encrypt on Load Balanced System
4 - I'm not totally sure what you're asking, but cPanel stores the SSL for each domain in /var/cpanel/ssl/apache_tls/domain.com/combined and that file already has the cert, key, and ca bundle in one place.
5 - Currently that is not an option on a cPanel machine.

Let me know if you have any other questions.

 

[sfriday02]

Thanks, a couple of points..... on a normal Linux server when you install php-fpm it creates a system sock in /var/run/php7.x/php-fpm.sock with admin rights
However with cpanel overrides on yum the regular php-fpm doesn’t work.... can we add a repo for it so we can use ea versions and regular versions of php-fpm on same server?

4) what I am asking is certbot creates 4 files under live directory on etc....I wondered if I could cat one or more of these to make a combined file that cpanel can use? But I need to understand the construction of the combined file....

fairly sure tailwatchd keeps copies of httpd.conf and checksrvd keeps track of tailwatchd.....so you can’t disable tailwatchd without also disabling checksrvd.

 

[cPRex]

I don't think trying to run both a "normal" php-fpm and cPanel's on the same box will work well. You're welcome to try it out, but we can't guarantee any good results.

Inside the /var/cpanel/ssl/apache_tls/domain.com/combined file the cert details are in this order:

Private key
Domain cert
CA Bundle

so if you place the files in that order I would expect it to work.