Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Tue Jul 24, 2018 4:42 pm
This script is obsolete now.
First uninstall instructions for people that used my old script:
In SSH, as root, run:
Now there is a new way that is built-in Vesta
Pre-required step: your server hostname must be full host address that is already pointing to IP of your server.
Check /etc/hostname to see what is your hostname.
If it's not real host address, change it to some domain that you are hosting, by typing:
v-change-sys-hostname somedomain.com
HOSTNAME='somedomain.com'
Now, first, lets install Letsencrypt SSL to domain that is your hostname.
In SSH, as root, run:(change 'admin' if your hostname domain is not under 'admin' account)
This step will install LetsEncrypt the same way you can install it via Vesta web panel (so avoid this step if you already installed LetsEncrypt to your domain).
Of course, you can install any other certificate, not only free LetsEncrypt... you can do it via Vesta web panel by editing that domain.
Now in SSH do the follwing:
(change 'admin' if your hostname domain is not under 'admin' account)
This will apply just installed SSL to Vesta, Exim and dovecot daemons.
And finally run:
This will tell Vesta to update SSL to Vesta, Exim and dovecot daemons every time when SSL is renewed.
This will happen automatically.
That's all.
LetsEncrypt SSL will be automatically renewed every 2 months and also automatically applied to dovecot, Exim and Vesta.
And this is completely built-in way, without additional scripts, Vesta itself do it.
=================================================================================================
Discussion can be continued in new forum thread - viewtopic.php?f=10&t=17353&p=72237
First uninstall instructions for people that used my old script:
In SSH, as root, run:
Code: Select all
sed -i "s/\/usr\/local\/vesta\/ssl\/fullchain.pem/\/usr\/local\/vesta\/ssl\/certificate.crt/g" /etc/exim4/exim4.conf.template
sed -i "s/\/usr\/local\/vesta\/ssl\/fullchain.pem/\/usr\/local\/vesta\/ssl\/certificate.crt/g" /etc/dovecot/conf.d/10-ssl.conf
service exim4 restart
service dovecot restart
rm /usr/local/bin/generate_all_ssls
rm /usr/local/bin/generatel_ssl
rm -rf /root/letsencrypt
crontab -e
# manually remove line with 'generate_all_ssls'
Now there is a new way that is built-in Vesta
Pre-required step: your server hostname must be full host address that is already pointing to IP of your server.
Check /etc/hostname to see what is your hostname.
If it's not real host address, change it to some domain that you are hosting, by typing:
v-change-sys-hostname somedomain.com
HOSTNAME='somedomain.com'
Now, first, lets install Letsencrypt SSL to domain that is your hostname.
In SSH, as root, run:
Code: Select all
v-add-letsencrypt-domain 'admin' $HOSTNAME '' 'yes'
This step will install LetsEncrypt the same way you can install it via Vesta web panel (so avoid this step if you already installed LetsEncrypt to your domain).
Of course, you can install any other certificate, not only free LetsEncrypt... you can do it via Vesta web panel by editing that domain.
Now in SSH do the follwing:
Code: Select all
v-update-host-certificate admin $HOSTNAME
This will apply just installed SSL to Vesta, Exim and dovecot daemons.
And finally run:
Code: Select all
echo "UPDATE_HOSTNAME_SSL='yes'" >> /usr/local/vesta/conf/vesta.conf
This will happen automatically.
That's all.
LetsEncrypt SSL will be automatically renewed every 2 months and also automatically applied to dovecot, Exim and Vesta.
And this is completely built-in way, without additional scripts, Vesta itself do it.
=================================================================================================
Discussion can be continued in new forum thread - viewtopic.php?f=10&t=17353&p=72237