Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
I think I used this script, and now I have issue with LE GUI, Can someone help me.
Thanks
Code: Select all
Error: /tmp/tmp.krDopo9HWG/mydomainname.crt not found
Thanks
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
I think your DNS is not pointing to your server for that domain.Loc_rabbirt wrote:Hi,
Thank you so much for your script. I don't check it until now. I have problem here with the details below:
I'm followed your old reply: viewtopic.php?f=19&t=12617#p50574.Code: Select all
Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [z6rqH3NyOYBaRed8wlAx1i3T1nhI-m3xX8U-XHvkR_U.kjZFnssi88QbqQmqT5aoFZIHmGNQJRjma7_iA-xxx] != [z6rqH3NyOYBaRed8wlAx1i3T1nhI-m3xX8U-XHvkR_U.HroLKHp_NxjfUjx-2lFC61bb9nJ_wnjgluBRAxxx]
Maybe you can help me know what do to do now? I think the problem by I had using the let's encrypt gui in vestacp admin before run your script. Maybe it's the problem here.
Or you moved site to new server recently - and you need to wait 24h for DNS propagation.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Bug is not related with my script, I think bug is in Vesta LE scripts.misak35 wrote:I think I used this script, and now I have issue with LE GUI,Can someone help me.Code: Select all
Error: /tmp/tmp.krDopo9HWG/mydomainname.crt not found
Thanks
-
- Posts: 25
- Joined: Fri Nov 18, 2016 3:36 pm
- Os: CentOS 6x
- Web: apache + nginx
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Thank you, I got the problem fixed :)dpeca wrote: I think your DNS is not pointing to your server for that domain.
Or you moved site to new server recently - and you need to wait 24h for DNS propagation.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
any news here?dpeca wrote:I will check it... I saw one command that Serghey built before one month.apachler wrote:this script is needed in v17 also? No way to make Vesta using Lets Encrypt for all services by default?
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Thank you dpeca for this nice script!
You should put it on github.
I have a question though: how could I add aliases of the domain or other subdomains that I want the certificate to be valid with ?
This script only uses the domain without www, but normally one would at least need one with and without the www..
Secondly, it would be even better to be able to add other subdomains, such as those for the mail sever.
You should put it on github.
I have a question though: how could I add aliases of the domain or other subdomains that I want the certificate to be valid with ?
This script only uses the domain without www, but normally one would at least need one with and without the www..
Secondly, it would be even better to be able to add other subdomains, such as those for the mail sever.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
No way to do that.starter wrote:I have a question though: how could I add aliases of the domain or other subdomains that I want the certificate to be valid with ?
Use Vesta letsencrypt built-in functionality for that.
Are you sure about this?starter wrote:This script only uses the domain without www, but normally one would at least need one with and without the www..
Are we talking about server hostname or about another domain on server?
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
I talk about the host. Is there a reason you don't add the www on line 106 but do so for the non-host domains ?dpeca wrote:Are you sure about this?
Are we talking about server hostname or about another domain on server?
Here is a way for the smpt and/or imap domains to be referenced by the Let's Encrypt certificate:
Suppose that your smtp and imap servers are on the same email subdomain of your host domain and it already have its DNS A record.
First, you must add this subdomain as an alias of your web server. Let's Encrypt ACME validation uses the webport.
Then modify the script by adding your subdomain on line 106.
Example with also the www for the host domain (lines 105-109):
Code: Select all
if [[ $hostname == $domain ]]; then
./letsencrypt-auto certonly --renew-by-default --webroot -w /home/$user/web/$domain/public_html -d $domain -d www.$domain -d mail.$domain
else
./letsencrypt-auto certonly --renew-by-default --webroot -w /home/$user/web/$domain/public_html -d $domain -d www.$domain
fi
Note: If you already generated your certificates with this script, it is a bit trickier. Prior I had to delete the certificates in /home/admin/conf/web and modify the script so that it accepts a renewal altough the supposed validity of the current ones.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
The reason is that if your server hostname is server5.mycompany.com and your server is not hosting DNS for mycompany.com (let's say you are using Godaddy DNS), then, in most cases, people will not create A record for www.server5.mycompany.com - and generating SSL will fail :)starter wrote:I talk about the host. Is there a reason you don't add the www on line 106 but do so for the non-host domains ?
Since I see that you found that if line in my script, be free to remove it and add -d for other subdomains :)
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
https://github.com/serghey-rodin/vesta/ ... -vesta-sslapachler wrote:any news here?dpeca wrote:I will check it... I saw one command that Serghey built before one month.apachler wrote:this script is needed in v17 also? No way to make Vesta using Lets Encrypt for all services by default?