letsencrypt https only works after extra tweaks

[Peter92]

I'm completely new to Linux but set up a VPS with the help of a friend who is considerably better than I am at this sort of stuff. Anyway, we had a lot of trouble with getting letsencrypt working properly, and he eventually figured how to do it. I was playing around a bit and managed to refine the process as much as I could, but I'm wondering if this is intentional on the part of Vesta or if something is being done wrong?

1. On Vesta CP log into user and create a new website called site.com
2. Either tick the letsencrypt support checkbox (and wait 5 min), or run the code after creation:

Code: Select all

letsencrypt-vesta user site.com

3. Run letsencrypt-auto, select the new website, choose reinstall certificate, and https redirection (this creates the -le-ssl.conf file, which https doesn't seem to work without)

Code: Select all

/usr/local/certbot/letsencrypt-auto

4. Add the newly created file into vesta.conf

Code: Select all

nano /etc/apache2/conf.d/vesta.conf
 Include /home/user/conf/web/site.com.apache2-le-ssl.conf

5. Restart apache

Anything less than this doesn't work with https, but it's a pain to do for every single created new website. Is there a way to automate or prevent it from being required?


Oh also just as a heads up, I use lastpass so usually pick long passwords, this forum complained that a 100 character password didn't match and 64 character password was too short.

[ScIT]

Code: Select all

letsencrypt-vesta user site.com

letsencrypt-vesta is not supported by vesta, please use the (since a long time) integrated way: v-add-letsencrypt-domain or tick let's encrypt checkbox in web backend.

[Peter92]

letsencrypt-vesta is not supported by vesta, please use the (since a long time) integrated way: v-add-letsencrypt-domain or tick let's encrypt checkbox in web backend.

Thanks, although I previously tried the checkbox and found it had the same issue in that it wouldn't fully activate it without the extra tweaks, if I load the site at that point my anti virus points out the cert is invalid. I also just tried v-add-letsencrypt-domain but it's complaining at an invalid response on whichever website I use it on.

[ScIT]

pleace share more informations, if you enter v-add-lets... manually, what happens? Any output?

[Peter92]

All I get is this:

Code: Select all

root@site:~# v-add-letsencrypt-domain user site.com
(wait a few seconds)
Error: Invalid response from http://site.com/.well-known/acme-challenge/XwXfbjCqLzM3R2VJ_Z5j9vxbXaYx6oFHx7lJoje9y0w: \

I assume similar is happening with the letsencrypt checkbox. It's weird though as letsencrypt-vesta works, so it's probably not the DNS causing issues or anything.

[ScIT]

All I get is this:

Code: Select all

root@site:~# v-add-letsencrypt-domain user site.com
(wait a few seconds)
Error: Invalid response from http://site.com/.well-known/acme-challenge/XwXfbjCqLzM3R2VJ_Z5j9vxbXaYx6oFHx7lJoje9y0w: \

I assume similar is happening with the letsencrypt checkbox. It's weird though as letsencrypt-vesta works, so it's probably not the DNS causing issues or anything.

please send me a pn with your server details, will have a look if you want.

[ScIT]

Had a short check on the server: installation is apache2 only, we only use apache2+nginx on our side, there i also noticed that let's encrypt with disabled nginx template does not work. Suggested to switch to apache2+nginx instead of apache2 only.

[Peter92]

Just got it up and running and it seems to be fine without any extra configuration needed (including https redirection), thanks :)

For the record, v-add-letsencrypt-domain doesn't work, but doing from the CP seems fine.