We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Feature Request: Support Let's Encrypt
-
- Posts: 5
- Joined: Sun Nov 22, 2015 10:28 pm
Re: Feature Request: Support Let's Encrypt
It's a manual process at the moment, but totally doable. I've got a couple of sites up that are managed via Vesta, and now using certificates from the Let's Encrypt production CA. No, the "automatically detect my server and install the certificates" thing doesn't work with Vesta, but a few minutes on the command line sorts it all out.skurudo wrote:Why? Let's Encrypt can't read path, or you can't choose where config file are?molen wrote:Let's Encrypt program needs to read conf file or VHost setting to know what site you need certificates.
But Vesta's way can't let the Let's Encrypt program to find the site, especially the site's DNS records are not in Vesta system.
When this software will be in production, not in limited beta, then some tests make sense.. now it's just for fun only.molen wrote:So I think Vesta needs to adjust some setting to support Let's Encrypt.
I am a Let's Encrypt tester but can't get a certificates by its program. So sad. :(
There are actually a couple of ways forward:
1. The ACME client is based on plugins (Apache is the default, nginx is under development), so they could be forked to support the Vesta configuration.
2. The client could be integrated directly into Vesta (which would be awesome!).
Let me know if you'd like my quick and dirty notes I took while setting up my initial tests.
-
- Posts: 8
- Joined: Mon Nov 09, 2015 2:09 am
Re: Feature Request: Support Let's Encrypt
Can you share how you installed the certificates? -- "few minutes on the command line"
I've just got my invite for the beta.
Thanks.
I've just got my invite for the beta.
Thanks.
-
- Posts: 5
- Joined: Sun Nov 22, 2015 10:28 pm
Re: Feature Request: Support Let's Encrypt
No problem, I'll clean up my notes and post them.danimalweb wrote:Can you share how you installed the certificates? -- "few minutes on the command line"
I've just got my invite for the beta.
Thanks.
-
- Posts: 5
- Joined: Sun Nov 22, 2015 10:28 pm
Re: Feature Request: Support Let's Encrypt
For anyone interested, I've put some (very!) quick docs here: https://docs.google.com/document/d/1y5t ... sp=sharing.
Re: Feature Request: Support Let's Encrypt
Nice docs! Thanks a lot.TheRealRichii wrote:For anyone interested, I've put some (very!) quick docs here: https://docs.google.com/document/d/1y5t ... sp=sharing.
Re: Feature Request: Support Let's Encrypt
Anybody else got problems with exim after chaning the main vesta ssl?
I tried to && set chmod to 644 but still the same error message! Any ideas?
Edit:
Code: Select all
2015-12-16 12:17:37 TLS error on connection from *** [***] (SSL_CTX_use_certificate_chain_file file=/usr/local/vesta/ssl/certificate.crt): error:0200100D:system library:fopen:Permission denied
Code: Select all
chown -h root:mail /usr/local/vesta/ssl/certificate.crt
Edit:
Code: Select all
[root@admin exim]# ls -la /usr/local/vesta/ssl/certificate.crt
lrwxrwxrwx 1 root mail 40 Dec 16 09:03 /usr/local/vesta/ssl/certificate.crt -> /etc/letsencrypt/live/***.com/cert.pem
Re: Feature Request: Support Let's Encrypt
I've written an script that integrates the Let's Encrypt client with Vesta's command line tools to automate the request process for Vesta. You can clone it from GitHub at https://github.com/interbrite/letsencrypt-vesta. See the README file for installation instructions.
Once you've installed it, all you need to do is run, where USER is a Vesta user account and DOMAIN is a domain hosted under that account. The script will look up the aliases associated with the domain and request a certificate for all of them, use webroot authentication to validate the domains, and then properly install the cert using the Vesta command line tools. The same command is used for new requests and renewals and it will work on any domain, whether or not SSL support has already been enabled on it.
Once you've installed it, all you need to do is run
Code: Select all
letsencrypt-vesta USER DOMAIN
Re: Feature Request: Support Let's Encrypt
Very cool!kodiak wrote:I've written an script that integrates the Let's Encrypt client with Vesta's command line tools to automate the request process for Vesta. You can clone it from GitHub at https://github.com/interbrite/letsencrypt-vesta. See the README file for installation instructions.
Once you've installed it, all you need to do is run, where USER is a Vesta user account and DOMAIN is a domain hosted under that account. The script will look up the aliases associated with the domain and request a certificate for all of them, use webroot authentication to validate the domains, and then properly install the cert using the Vesta command line tools. The same command is used for new requests and renewals and it will work on any domain, whether or not SSL support has already been enabled on it.Code: Select all
letsencrypt-vesta USER DOMAIN
Does it also work with Apache+Nginx setup? Or Nginx+PHP-FPM?
Cheers!
Re: Feature Request: Support Let's Encrypt
It should work with anything that Vesta supports. It uses Vesta's command line tools to do the cert installs, so as long as the Vesta tools stay in line with how you can configure things in the web panel, the script should always work. Provided you're using both servers, Vesta installs the cert in both Apache and Nginx.Neso wrote: Very cool!
Does it also work with Apache+Nginx setup? Or Nginx+PHP-FPM?
Cheers!
Re: Feature Request: Support Let's Encrypt
Thank you! Good guide - just to add you will need to swap out admin for any web accounts you made under a different user.TheRealRichii wrote:For anyone interested, I've put some (very!) quick docs here: https://docs.google.com/document/d/1y5t ... sp=sharing.