We are starting CHRISTMAS Sale. Get 30% OFF on lifetime licenses with code: FYSKK72

Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it Topic is solved

Section with additional software for Vesta
dpeca
Collaborator
Posts: 239
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Thu Sep 08, 2016 3:35 pm

Many server owners don't know how to install Letsencrypt SSL and configure all daemons to use it, especially Exim4 and dovecot.
I wrote a script that do it automatically.
In short - this script will generate SSL, for your server hostname or for any other domain on your server, and it will automatically configure all daemons to use that SSL.

Detail explanation what this script does:
  1. When you run this script for the first time, it will install letsencrypt from GitHub, then you will be asked for your email (you will not be asked anymore for email after that), then script will create a cron to ensure that all your SSLs will be renewed each 2 months
  2. Letsencrypt SSL will be generated
  3. Web servers (both Apache2 and nginx) will be configured to use that SSL for domain you specified
  4. If domain you specified is your server hostname then script will configure Exim4, dovecot and Vesta service (nginx on 8083 port) to use that SSL
  5. Script will add your domain to /usr/local/bin/generate_all_ssls which will be automatically called every 2 months from cron (in order to renew all SSL's)

Installation:
In your SSH console, as root, just run:

Code: Select all

wget http://dl.mycity.tech/vesta/generate_ssl -O /usr/local/bin/generate_ssl
chmod u+x /usr/local/bin/generate_ssl

That's it.

How to use it:
Let's say your server hostname is myserver.com and that domain is probably in admin account.
All you have to do in your SSH console (as root) is:

Code: Select all

generate_ssl admin myserver.com

That's all.
Your Apache2 and nginx will be configured to use that SSL for myserver.com domain.
And if myserver.com is your server hostname, Exim4, dovecot and your Vesta panel will be configured too - so you will have proper SSL on all your daemons - including Webmail, phpmyadmin, etc...
You can run this script for every other domain that you have on server:

Code: Select all

generate_ssl someuser somesite.com

(of course, in that case only Apache2 and nginx will be configured to use that SSL for domain you specified.)

How to stop renewing for some domain?
Edit /usr/local/bin/generate_all_ssls and remove a line which contains domain for which you want to stop renewing.

How to stop renewing for all domains?
Run crontab -e and remove a line that contains /usr/local/bin/generate_all_ssls

How to completely uninstall this?
Run crontab -e and remove a line that contains /usr/local/bin/generate_all_ssls
Then run:

Code: Select all

rm /usr/local/bin/generate_all_ssls
rm /usr/local/bin/generatel_ssl
rm -rf /root/letsencrypt


My wget can not download your script?
Maybe CloudFlare is blocking your server.
Download script manualy on your computer from http://dl.mycity.tech/vesta/generate_ssl
Upload it to /usr/local/bin/generatel_ssl
Then run: chmod u+x /usr/local/bin/generate_ssl

What when VestaCP start to support letsencrypt naturally?
I'll just write a new script that will use already generated SSL's - and that script will be used only for server hostname - as a tool that will configure Exim4, dovecot and Vesta daemon (nginx on port 8083) to use proper SSL.

Tested on:
  • CentOS
  • Debian 8.5
... and should works fine on Ubuntu (not tested yet).

skamasle
Collaborator
Posts: 384
Joined: Mon Feb 29, 2016 6:36 pm

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby skamasle » Fri Sep 09, 2016 9:38 pm

Hi

Vestacp already support letsencrypt from cli

viewtopic.php?t=11927

Code: Select all

v-add-letsencrypt-domain USER DOMAIN [ALIASES] [RESTART]
v-add-letsencrypt-user USER [EMAIL]
v-check-letsencrypt-domain USER DOMAIN
v-list-letsencrypt-user USER [FORMAT]
v-sign-letsencrypt-csr USER DOMAIN CSR_DIR [FORMAT]
v-update-letsencrypt-ssl


Can you explain diference whit your script ?

dpeca
Collaborator
Posts: 239
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Fri Sep 09, 2016 11:02 pm

Firstly, I saw a lot of messages on forum that is saying it not works.
Should be fixed in v17.

Secondly, a script that I wrote will configure all daemons - dovecot, Exim4, and Vesta on 8083 port.
All five daemons.
Vesta's built-in scripts will only configure Apache and nginx.

And as I said in first message, when VestaCP start to support letsencrypt naturally (when bugs became fixed) - I'll just write a new script that will use already generated SSL's (Letsencrypt SSL's that Vesta generated) - and then that new script will be used only for server hostname - as a tool that will configure Exim4, dovecot and Vesta daemon (nginx on port 8083) to use proper SSL.

skamasle
Collaborator
Posts: 384
Joined: Mon Feb 29, 2016 6:36 pm

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby skamasle » Wed Sep 14, 2016 9:12 pm

Looks good .

If you want mirror for script I can host it :)

MrSoul
Posts: 6
Joined: Sun Sep 11, 2016 1:14 am

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby MrSoul » Fri Sep 16, 2016 9:46 pm

Code: Select all

[root@149 bin]# generate_ssl admin xXx.net
/usr/local/bin/generate_ssl: line 86: ./letsencrypt-auto: No such file or directory
ERROR: Something went wrong. Check output above.
[root@149 bin]# generate_ssl admin xXx.xXx.xXx.xXx
/usr/local/bin/generate_ssl: line 86: ./letsencrypt-auto: No such file or directory
ERROR: Something went wrong. Check output above.

what is the problem ?
the hostname you mean domain or server address ?
----
xx.net is my domain
xXx.xXx.Xxx = server ip

dpeca
Collaborator
Posts: 239
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Fri Sep 16, 2016 10:26 pm

Please run:
ls -l /root/letsencrypt/

and copy here output.

misak35
Posts: 60
Joined: Thu Jan 16, 2014 10:48 am

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby misak35 » Tue Sep 20, 2016 10:32 pm

dpeca wrote:Please run:
ls -l /root/letsencrypt/

and copy here output.

Code: Select all

total 0

dpeca
Collaborator
Posts: 239
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Tue Sep 20, 2016 11:11 pm

Try to run manually this (as root) :

Code: Select all

cd /root

git clone https://github.com/letsencrypt/letsencrypt


If everything went OK, then run:

Code: Select all

cd letsencrypt

./letsencrypt-auto --help


If everything went OK, then run:

Code: Select all

echo -e '#!/bin/bash\n' > /usr/local/bin/generate_all_ssls

chmod u+x /usr/local/bin/generate_all_ssls

crontab -l | { cat; echo "3 20 1 */2 * /usr/local/bin/generate_all_ssls > /var/log/generate_all_ssls.log"; } | crontab -

apachler
Posts: 6
Joined: Wed Sep 21, 2016 10:57 am

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby apachler » Wed Sep 21, 2016 10:59 am

It would be nice to get support for subdomains like "sub.domain.com"

Thanks!

dpeca
Collaborator
Posts: 239
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Wed Sep 21, 2016 4:30 pm

I think Vesta v17 will support letsencrypt completely.
My script is generally for server hostname (dovecot, Exim, Vesta) purpose :)


Return to “3rd Party Software”



Who is online

Users browsing this forum: No registered users and 1 guest