Feature Request: Support Let's Encrypt

[BBuchanan1013]

I've written an script that integrates the Let's Encrypt client with Vesta's command line tools to automate the request process for Vesta. You can clone it from GitHub at https://github.com/interbrite/letsencrypt-vesta. See the README file for installation instructions.

Once you've installed it, all you need to do is run

Code: Select all

letsencrypt-vesta USER DOMAIN

, where USER is a Vesta user account and DOMAIN is a domain hosted under that account. The script will look up the aliases associated with the domain and request a certificate for all of them, use webroot authentication to validate the domains, and then properly install the cert using the Vesta command line tools. The same command is used for new requests and renewals and it will work on any domain, whether or not SSL support has already been enabled on it.

Using it on 2 sites right now (centos 7 + apache + fpm). I actually have a Comodo Positive SSL Cert on a 3rd domain. Single IP address. Chrome picks it up right away, everything looks good and I have to say......Well done.

[BBuchanan1013]

Now my last question is this? When a client/user creates their domain, and set SSL support, will vesta actually call the scripts and setup the domain with ssl? Or is that still something the admin/root needs to do?

[newtron]

Be careful... olders versions of IE dont recognizes the cert as valid... (only IE 10+), really, IE its a pain in the ass

[pandabb]

^ Thanks for reminding.

[newtron]

^ Thanks for reminding.

And reminding a fix...

Code: Select all

# Redirect MSIE <10 to HTTP site    
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_USER_AGENT} "MSIE [6-9]" [NC]
RewriteRule ^(.*)$         http://www.yourwebsite.com/$1 [L,R]

[pandabb]

Thanks sir, am i supposed to add that code on my .htaccess?

[kodiak]

Using it on 2 sites right now (centos 7 + apache + fpm). I actually have a Comodo Positive SSL Cert on a 3rd domain. Single IP address. Chrome picks it up right away, everything looks good and I have to say......Well done.

Thank you. Glad you find it useful.

[pandabb]

can i ask again, how to apply this for a subdomain? Thanks

[Spheerys]

I've written an script that integrates the Let's Encrypt client with Vesta's command line tools to automate the request process for Vesta. You can clone it from GitHub at https://github.com/interbrite/letsencrypt-vesta. See the README file for installation instructions.

Once you've installed it, all you need to do is run

Code: Select all

letsencrypt-vesta USER DOMAIN

, where USER is a Vesta user account and DOMAIN is a domain hosted under that account. The script will look up the aliases associated with the domain and request a certificate for all of them, use webroot authentication to validate the domains, and then properly install the cert using the Vesta command line tools. The same command is used for new requests and renewals and it will work on any domain, whether or not SSL support has already been enabled on it.

Wonderfull !
Works very well, thank you !
I hope it will be implemented officialy in future VestaCP version :)

I'm just looking for the good way to change the lentgh of the generated keys.
I want to switch from 2048bits to 4096 and I don't know how to set this correctly (there is no /etc/letsencrypt/cli.ini file)

[Spheerys]

Finally, I have another problem...
For my first domain, the LE command worked perfectely.
But on the second domain, I have this error :

Code: Select all

# letsencrypt-vesta Customer mywebsite.pro

Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt -t --renew-by-default --agree-tos --webroot -w /etc/letsencrypt/webroot --server https://acme-v01.api.letsencrypt.org/directory -m [email protected] -d mywebsite.pro,www.mywebsite.pro certonly
Failed authorization procedure. www.mywebsite.pro (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [uockZgg0DnhUDwa1elW2ydRl6BIrpyKXCBLIk9X0CLc.DfsW_bCmthmM10DmlBEQctRqa86-XccmOpQ5j8C0xu8] != [uockZgg0DnhUDwa1elW2ydRl6BIrpyKXCBLIk9X0CLc.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8], mywebsite.pro (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [EqrRRyskcSR2BjiDcnrrVwwjUK6RkleM6JvEh6F3Hpw.DfsW_bCmthmM10DmlBEQctRqa86-XccmOpQ5j8C0xu8] != [EqrRRyskcSR2BjiDcnrrVwwjUK6RkleM6JvEh6F3Hpw.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.mywebsite.pro
   Type:   urn:acme:error:unauthorized
   Detail: The key authorization file from the server did not match
   this challenge [uockZgg0DnhUDwa1elW2ydRl6BIrpyKXCBLIk9X0CLc.DfsW_bC
   mthmM10DmlBEQctRqa86-XccmOpQ5j8C0xu8] !=
   [uockZgg0DnhUDwa1elW2ydRl6BIrpyKXCBLIk9X0CLc
   .4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]

   Domain: mywebsite.pro
   Type:   urn:acme:error:unauthorized
   Detail: The key authorization file from the server did not match
   this challenge [EqrRRyskcSR2BjiDcnrrVwwjUK6RkleM6JvEh6F3Hpw.DfsW_bC
   mthmM10DmlBEQctRqa86-XccmOpQ5j8C0xu8] !=
   [EqrRRyskcSR2BjiDcnrrVwwjUK6RkleM6JvEh6F3Hpw
   .4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]
Let's encrypt returned an error status.  Aborting.

I follow with attention the doc on https://github.com/interbrite/letsencrypt-vesta
I didn't change nginx config because I have apache2 installed...

What am I doing wrong ?