We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on Vesta 2.0 and expect to release it by the end of 2024. Read more about it: https://vestacp.com/docs/vesta-2-development
Let's Encrypt create/renew with force-https template
-
ThA-LaN-LaW
- Posts: 14
- Joined: Mon Jan 25, 2016 2:25 pm
Let's Encrypt create/renew with force-https template
Hi,
the vesta-cp let's encrypt plugin is great! good job!
if we use let's encrypt with proxy Template: force-https (from here: https://vestacp.com/docs/#how-to-force-https)
let's encrypt could not renew or create the certificate because the .well-know path/directory is not accessible.
my preferred way is to edit or create a new template (proxy or web?) with the .well-known entry.
something like:
or
any hints or suggestions?
best regards!
the vesta-cp let's encrypt plugin is great! good job!
if we use let's encrypt with proxy Template: force-https (from here: https://vestacp.com/docs/#how-to-force-https)
let's encrypt could not renew or create the certificate because the .well-know path/directory is not accessible.
my preferred way is to edit or create a new template (proxy or web?) with the .well-known entry.
something like:
Code: Select all
location /.well-known {
alias %home%/%user%/web/%domain%/.well-known;
}
Code: Select all
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /usr/local/vesta/data/queue/letsencrypt.pipe;
}
best regards!
-
ThA-LaN-LaW
- Posts: 14
- Joined: Mon Jan 25, 2016 2:25 pm
Re: Let's Encrypt create/renew with force-https template
got it: vesta includes the letsencrypt config...
this one is missing in the force-https templates and causes
Code: Select all
include /home/user/conf/web/nginx.userdomain.com.conf*;
Code: Select all
Error: Invalid response from http://..... /.well-known/acme-challenge....../SOMERANDOMKEYRe: Let's Encrypt create/renew with force-https template
Do you mean need to include nginx.domain.com.conf_letsencrypt file too?
Re: Let's Encrypt create/renew with force-https template
Is it OK to include both so the LE .conf gets included?
Code: Select all
include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
include %home%/%user%/conf/web/%proxy_system%.%domain%.conf*;Re: Let's Encrypt create/renew with force-https template
That change seemed to work for me - certs renewed.
Re: Let's Encrypt create/renew with force-https template
Hi,if we use let's encrypt with proxy Template: force-https let's encrypt could not renew or create the certificate because the .well-know path/directory is not accessible.
Is this a confirmed bug?
I use the https template and I had problems in the past to renew the Let's Encrypt certificates. My server is again configured the same way and I wouldn't like to have one more time the same problem.
Thanks.
Re: Let's Encrypt create/renew with force-https template
Fix for force-https templates:
/usr/local/vesta/data/templates/web/nginx/force-https.tpl
/usr/local/vesta/data/templates/web/nginx/force-https.stpl
/usr/local/vesta/data/templates/web/nginx/force-https.tpl
Code: Select all
server {
listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%;
location / {
rewrite ^(.*) https://%domain_idn%$1 permanent;
}
include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
}Code: Select all
server {
listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / {
proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%;
access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location @fallback {
proxy_pass https://%ip%:%web_ssl_port%;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
}
Re: Let's Encrypt create/renew with force-https template
force-https template updated
Re: Let's Encrypt create/renew with force-https template
I downloaded the templates from "Documentation" and still be the old ones.skurudo wrote:force-https template updated
Re: Let's Encrypt create/renew with force-https template
From here? https://vestacp.com/docs/#how-to-force-httpsTrentor wrote:I downloaded the templates from "Documentation" and still be the old ones.
Nope, I disagree
There is now one more include for Let's encrypt:
Code: Select all
include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;